The U.S. Treasury Department is seeking to cut off Cambodia-based Huione Group from the American financial system, alleging the company played a central role in laundering billions of dollars tied to cybercrime and online scams, including operations linked to North Korea’s Lazarus Group.
The Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed designating Huione as a “primary money laundering concern” and banning U.S. financial institutions from maintaining correspondent accounts for the group.
According to FinCEN, the notorious Chinese-language marketplace laundered more than $4 billion in illicit funds between August 2021 and January 2025. This includes $37 million in cryptocurrency traced to North Korean cyberattacks and another $36 million tied to so-called “pig butchering” scams, a type of online fraud that targets individuals with fake romantic or investment schemes.
Treasury Secretary Scott Bessent called Huione “the marketplace of choice for malicious cyber actors,” including sanctioned North Korean entities and global criminal syndicates.
The action initiates a 30-day public comment period before a final rule can be adopted. If finalized, the measure would bar Huione from accessing U.S. dollar-clearing services — effectively cutting it off from much of the global banking system.
FinCEN cited previous Reuters reporting which showed that Huione Pay, a payments unit of the group, received over $150,000 in crypto from a wallet tied to North Korea’s Lazarus hackers between June 2023 and February 2024. In response to the 2024 report, Huione Pay claimed it was unaware of the wallet’s links to Lazarus and denied managing it.
Crypto-based fund transfers have become a key tool for North Korea to skirt international sanctions, allowing purchases of restricted goods and services, according to U.N. reports.
In January, Huione launched its own stablecoin, USDH, and an independent chat service in a bid to reduce reliance on third-party platforms like Telegram and Tether.
Previously, Huione users relied heavily on Tether (USDT) for transactions. However, Tether froze one of Huione Pay’s accounts in July 2024 after it was linked to funds stolen by North Korea’s Lazarus Group. Of that amount, at least $14 million is tied to the infamous hack of the Japanese crypto exchange DMM Bitcoin, which lost $300 million in an “unauthorized outflow of funds” in early June.
As such, the marketplace’s new stablecoin sidesteps such risks, providing an unregulated avenue for transactions.
Elliptic’s report highlights the marketplace’s extensive offerings, including money laundering services, stolen personal data, and tools for large-scale online fraud. Vendors allegedly operate from facilities like Cambodia’s Golden Fortune Science and Technology Park, which has been reported as a labor camp forcing individuals from Vietnam, Malaysia, and China to execute cyber scams.
The introduction of a proprietary chat service further insulates Huione from external scrutiny, moving away from Telegram and similar platforms.
In addition to fraud and money laundering, Elliptic researchers uncovered vendors selling electric shackles, reportedly used in human trafficking operations.
Since its inception in 2021, crypto wallets linked to Huione and its independent merchants received at least $11 billion, a figure that Elliptic considers a conservative estimate. While not all these transactions can be definitively tied to fraud or other illegal activities, Elliptic suggests that the majority of these payments are related to such activities.