US Crypto Bust: A Breakthrough in the Fight Against Cybercrime

A massive seizure by the US government of cryptocurrency from a sprawling Southeast Asia cybercrime syndicate has raised hopes that coordinated actions against cybercriminal groups can help undermine their profits.

On Oct. 14, the US Department of Justice — along with the Drug Enforcement Agency, the Department of State, and other agencies — announced the seizure of 127,271 bitcoin kept in “unhosted wallets” and the indictment of Chen Zhi, the founder and chairman of the Prince Holding Group, on charges of conspiracy to commit wire fraud and money laundering. The seized bitcoin, stored in 25 wallets, are worth more than $14 billion, and were valued at nearly $15 billion on the day of the announcement.

Calling the Prince Group umbrella of companies “a criminal enterprise built on human suffering,” US officials positioned the indictment and forfeiture one of the most significant strikes against cyber-enabled financial fraud and human trafficking.

“This investigation exposes a staggering level of fraud, corruption, and criminal greed that allowed billions of dollars in illicit funds to flow through global financial systems, leaving behind a trail of victims,” Frank A. Tarentino III, Special Agent in Charge of the Drug Enforcement Administration’s New York Division, said in a statement regarding the seizure. “It also highlights how transnational criminal organizations continue to evolve, leveraging cryptocurrency and other digital assets to move their money and mask their crimes.”

Related:Lazarus Group Hunts European Drone Manufacturing Data

The seizure could create significant ripples in the cybercrime economy in Southeast Asia. Blockchain watchers have estimated that illicit entities presently hold about $15 billion in wallets, mainly due to stolen funds being funneled into cryptocurrency. Another $60 billion is held by a variety of services that sell illicit goods and services, such as Dark Web markets, online pharmacies, fraud shops, and terrorist financing, according to data from Chainalysis.

Cybercriminal syndicates in Burma, Cambodia, Laos, and Thailand stole more than $10 billion from US citizens in 2024 and likely harvest tens of billions of dollars every year from victims, according to estimates.

The seizure, which represents only 0.6% of the 19.9 million existing bitcoins, is a positive development both for law enforcement and for the cryptocurrency industry, says Ari Redbord, a former senior US Treasury official and now global head of policy and government affairs for TRM Labs, a blockchain intelligence platform.

“While it’s a record-breaking forfeiture, the direct market impact will be limited,” he says. “The real significance is what it signals: that even large, static hoards held in unhosted wallets can ultimately be traced and recovered. For criminals, that’s a chilling precedent. For the ecosystem, it’s proof that transparency and persistence work.”

Related:MuddyWater Targets 100+ Gov Entities in MEA With Phoenix Backdoor

Money Laundering at Scale

The Prince Group is a major organization running cybercriminal enterprises in Southeast Asia, with its central operations in Cambodia and hubs and shell companies in British Virgin Islands, Cayman Islands, Hong Kong, Laos, Palau, and Singapore, according to the US Treasury Department. Using a front as a real estate and investment conglomerate, the Prince Group and its associated organizations operated bitcoin mining operations and 10 forced-labor camps across Cambodia, which ran investment and romance scams. The workers in those camps were imprisoned, often tortured, and trafficked amongst compounds.

Map of cybercrime hubs connected to the Prince Group. Source: US Treasury Department

The Prince Group and its associates used complicated cryptocurrency laundering techniques to repeatedly split apart transactions — called “spraying” or “fragmentation” — and then consolidated the funds into a small number of wallets — known as “funneling” and “integration” — under the control of the chairman, Chen Zhi, and his lieutenants, according to the US Department of Justice indictment.

Related:Asian Nations Ramp Up Pressure on Cybercrime ‘Scam Factories’

Many cybercriminal groups have moved away from cryptocurrencies — such as stable coins, which can be frozen by centralized issuers — and into bitcoin because of its attribute of “self custody,” which allows the cryptographic keys that represent the funds to be moved into offline storage or “cold wallets.”

According to the DOJ filing, the 127,271 bitcoins were held in unhosted cryptocurrency wallets whose private keys were personally held by the Chen. The US government ability to investigate the cybercriminal groups and seize a significant amount of bitcoin is a significant win, according to blockchain intelligence firm Elliptic.

“While the transnational organized crime groups behind these scams often appear to operate with impunity, the actions taken show this is clearly not the case,” Elliptic stated in response to questions from Dark Reading. “The detailed indictment and information released highlight that governments have been closely tracking the issue for some time. Continued action like this would be widely welcomed and represents an important step in addressing this significant and growing global threat.”

Long Game Is ‘Hard to Pull Off’

Repeating the win will be difficult, however.

While the US Department of Justice and government officials announced the seizure and indictment on Oct. 14, the actual investigation and enforcement actions occurred last year and the investigation took much longer. The seizure of the funds likely took place in June and July of 2024, when the wallets holding the bitcoin “suddenly lit up … suggesting coordinate[d] enforcement activity,” says TRM Labs’ Redboard.

“These operations are exceptionally hard to pull off,” he says. “They require cooperation across agencies and borders, and — critically — access to private keys. Investigators can map transactions forever, but they can’t move assets without those keys. The fact that the US was able to gain control here means that digital and physical evidence aligned, resulting in a great outcome.”

The successful seizure may also reverse a trend that blockchain experts have noted: Cybercriminals’ increasing dependency on bitcoin. While other cryptocurrencies exist — and stable coin has become popular among some investors — bitcoin’s self-custody attribute has been seen as a significant benefit, says Eric Jardine, cybercrimes research manager at Chainalysis, a crypto intelligence firm.

“There’s a growing amount of evidence to suggest that illicit actors are just outright comfortable storing value in bitcoin,” he says. “Unlike stable coins, which could be frozen for example, you can basically sit on [bitcoin] for however long you like and then send it wherever you want, and no one’s going to be able to stop you.”

Yet, as the Prince Group found, such attributes have a downside as well. Whether the seizure by the US government results in a movement away from bitcoin remains to be seen.