In a sweeping move that underscores the reach of US financial authorities in combating cybercrime, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has designated Cambodia-based Huione Group as a “primary money laundering concern” under Section 311 of the USA PATRIOT Act. The designation was accompanied by a Notice of Proposed Rulemaking (NPRM), which, if finalized, would prohibit US financial institutions from maintaining correspondent or payable-through accounts for Huione or its affiliates—severing the group’s access to the US financial system.
The action highlights Huione Group’s role as a central financial conduit for a broad range of cyber-enabled criminal activity, including pig butchering scams, transnational fraud networks, and cyber heists attributed to North Korea.
FinCEN found that between August 2021 and January 2025, Huione laundered over USD 4 billion in illicit proceeds, including more than USD 37 million linked to DPRK-affiliated cyberattacks and at least USD 36 million stemming from online romance scams and investment fraud schemes. The breadth of laundering activity facilitated through Huione’s platforms speaks to the group’s role not simply as a passive financial intermediary, but as a core enabler of cybercrime at a global scale.
In 2024, TRM found at least USD 120 million in exposure to Huione from scams, close to 80% of which TRM has evidence are funds from pig butchering scams. The true value of Huione's exposure to fraud is certainly higher, though exact estimates are difficult to conclusively estimate due to how the fraudsters move funds.
The Huione Group operates across a network of interlinked businesses, including Huione Pay, a fiat-based payment platform with no meaningful AML controls; Huione Crypto, a virtual asset service provider that facilitates crypto-based laundering; and Haowang Guarantee, a shadowy online marketplace offering tools for scammers such as fake identities, phishing kits, and even a proprietary stablecoin. Despite public reporting and open-source intelligence indicating Huione’s use by illicit actors, FinCEN noted that its subsidiaries appear to operate without implementing basic know-your-customer or anti-money laundering protocols.
In its NPRM, FinCEN specifically invoked Special Measure 5, the most severe available under Section 311, which would block Huione from accessing the US financial system entirely. This type of designation functions as a financial quarantine, cutting off an institution’s access not only to direct banking relationships in the United States but also indirectly through nested correspondent accounts. The ripple effect extends far beyond US borders, as financial institutions around the world must now reconsider their exposure to Huione or risk losing access to US dollar markets.
TRM Labs has applied a “Special Measures” label to Huione Group and its affiliated entities within its platform to assist financial institutions in identifying and preventing transactions involving designated parties. This measure ensures TRM customers stay aligned with Treasury guidance and maintain visibility into exposure risks.
The move also reflects an increasingly aggressive posture by the Treasury Department in targeting cybercrime and fraud enablers operating in jurisdictions with lax regulatory oversight. Past Section 311 actions have included designations against North Korea’s Foreign Trade Bank, Cyprus-based FBME Bank, and crypto exchange BTC-e. Each of those actions severed the designated entity’s access to US dollar markets, disrupting their operations and sending a signal to the broader financial ecosystem about the consequences of noncompliance.
Similarly, in January 2023, Treasury announced the designation against non-compliant Hong Kong-registered cryptocurrency exchange Bitzlato. The action, pursuant to section 9714(a), designated Bitzlato as a “primary money laundering concern” in connection with Russian illicit finance, and prohibited certain transmittals of funds involving Bitzlato by any covered financial institution.
In a statement, Treasury Secretary Scott Bessent called Huione “the marketplace of choice for malicious cyber actors like the DPRK and criminal syndicates.” He noted that the designation and proposed rulemaking will degrade these groups’ ability to launder illicit proceeds and protect U.S. financial institutions from being exploited in the process.
The case against Huione demonstrates the complex interplay between fiat and crypto financial networks and the increasing convergence of state-sponsored cybercrime, social engineering scams, and opaque regional payment infrastructures. It also shows how public-private partnerships and cross-border intelligence sharing are central to identifying and disrupting those networks.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.
