The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has labeled Cambodia-based Huione Group as a financial institution of significant money laundering concern. This declaration, made under Section 311 of the USA PATRIOT Act, includes a proposal that could block Huione Group's access to the U.S. financial system.
Huione Group has been identified as a major hub for laundering funds from cyber heists conducted by the Democratic People’s Republic of Korea (DPRK) and from transnational criminal organizations engaged in convertible virtual currency (CVC) scams, notably "pig butchering" scams, across Southeast Asia. In response to the identified risks, FinCEN suggests a prohibition on U.S. financial institutions from engaging in financial operations with Huione Group.
"Huione Group has established itself as the marketplace of choice for malicious cyber actors like the DPRK and criminal syndicates, who have stolen billions of dollars from everyday Americans," stated Secretary Scott Bessent. He emphasized that the proposed actions aim to hinder these groups' ability to obscure their illegally obtained funds.
The notice of proposed rulemaking (NPRM) details that Huione Group has been involved in laundering CVC scam proceeds and associated heists for several years. The group's network includes businesses such as Huione Pay PLC, Huione Crypto, and Haowang Guarantee, which facilitate the laundering of illicit profits through services like online marketplaces, payment services in fiat currency and CVC, and a newly introduced stablecoin. FinCEN's investigation revealed that Huione Group laundered at least $4 billion in illicit funds from August 2021 to January 2025. This includes $37 million from DPRK cyber heists, $36 million from CVC investment scams, and $300 million from other cyber scams.
Additionally, the group lacks effective anti-money laundering (AML) and know your customer (KYC) policies, exacerbating the risks associated with its operations. Despite public information linking Huione Group to TCO scam activity, the organization's components have not implemented adequate AML/KYC guidelines. Huione Group acknowledged this shortcoming upon realizing the inadequate KYC measures during an incident where one component received funds from a DPRK heist.
The NPRM is accessible for public review, and comments can be submitted within 30 days following its publication in the Federal Register.
