In a decisive move against transnational cybercrime, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has designated Cambodia-based Huione Group as a “primary money laundering concern.” This action, under Section 311 of the USA PATRIOT Act, aims to sever Huione‘s access to the U.S. financial system, citing its central role in laundering billions for North Korean hackers and Southeast Asian scam networks.
The Digital Laundromat: Huione’s $4 Billion Illicit Empire
Between August 2021 and January 2025, Huione Group allegedly laundered over $4 billion in illicit proceeds. This includes:
- $37 million linked to North Korean cyber heists.
- $36 million from cryptocurrency investment scams, notably “pig butchering” schemes.
- $300 million from various other cyber fraud operations.
Blockchain analytics firm Elliptic estimates that Huione‘s platforms have facilitated over $11 billion in scam transactions across Southeast Asia .
A Sophisticated Criminal Conglomerate
Huione Group’s operations encompass a network of entities:
- Huione Pay PLC: A payment services company.
- Huione Crypto: A virtual asset service provider.
- Haowang Guarantee: An online marketplace for illicit goods and services.
The group also launched its own stablecoin, the US Dollar Huione (USDH), described by FinCEN as “unfreezable” and tailored for laundering criminal proceeds.
Regulatory Failures: AML and KYC Deficiencies
FinCEN’s investigation highlights Huione‘s blatant disregard for anti-money laundering (AML) and know-your-customer (KYC) protocols. None of its core businesses had published AML/KYC policies, despite clear evidence of their platforms being exploited by criminal organizations. Huione itself acknowledged its KYC capabilities were “seriously insufficient” after failing to detect funds linked to a North Korean cyber heist flowing through its system .
North Korean Connections: Facilitating State-Sponsored Cybercrime
Huione‘s platforms have been instrumental for North Korea’s Lazarus Group, a state-sponsored hacking entity. Notably, Huione Pay received over $150,000 in cryptocurrency from a wallet associated with Lazarus, which has been implicated in numerous cyber heists to fund Pyongyang’s regime.
U.S. Treasury’s Countermeasures
The proposed FinCEN rule, currently under a 30-day consultation period, would prohibit U.S. financial institutions from opening or maintaining accounts for Huione Group or its affiliates. Treasury Secretary Scott Bessent stated, “Today’s proposed action will sever Huione Group’s access to correspondent banking, degrading these groups’ ability to launder their ill-gotten gains.”
Global Implications: A Wake-Up Call for the Crypto Underworld
This action serves as a stark warning to digital scammers and money launderers operating under the guise of legitimate crypto activities. The era of impunity is waning, and international financial watchdogs are intensifying their scrutiny of entities facilitating cybercrime.
Stay Informed with FinCrime Observer
We will continue to monitor developments in this case and provide updates on regulatory actions against transnational financial crimes.
