Key Takeaways
- The move designates Huione as a “primary money laundering concern” under Section 311 of the Patriot Act
- The agency’s data suggests that between August 2021 and January 2025, Huione handled around $4 billion in suspect transactions.
The United States has formally moved to block Cambodia-based Huione Group from accessing the American financial system, citing its alleged role in laundering billions of dollars through crypto for North Korean hackers and transnational scam networks.
The move, announced Thursday by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), designates Huione as a “primary money laundering concern” under Section 311 of the Patriot Act—a rarely invoked classification that allows for sweeping financial restrictions.
According to FinCEN, Huione Group’s network of affiliates—including Huione Pay PLC, Huione Crypto, and the online platform Haowang Guarantee—functioned as a critical hub for processing illicit funds tied to cybercrime syndicates and state-sponsored actors, particularly from North Korea.
The agency’s data suggests that between August 2021 and January 2025, Huione handled around $4 billion in suspect transactions. This figure includes at least $37 million in crypto allegedly stolen by North Korean groups, $36 million from digital asset investment scams, and over $300 million from broader online fraud operations.
Treasury Secretary Scott Bessent said Huione served as “the marketplace of choice” for threat actors who have “stolen billions of dollars from everyday Americans.” The proposed restrictions aim to dismantle that access, Bessent added, calling the move “a direct strike against the laundering infrastructure that supports hostile cyber operations.”
The proposed rule would prohibit U.S. banks from maintaining correspondent accounts with Huione or its subsidiaries, effectively cutting the company off from the dollar-based global financial network. The public comment period for the rule will remain open for 30 days following its Federal Register publication.
This marks the first action under the Trump administration specifically targeting enablers of North Korea’s global cyber operations. While previous enforcement efforts focused primarily on entities in China and Russia, the new approach expands scrutiny to actors in Southeast Asia. Earlier this year, Cambodia’s central bank revoked Huione Pay’s license, and Google removed its Telegram-based app, Huione Guarantee, following an investigation linking it to illicit activities.
FinCEN’s notice outlined how blockchain analysis revealed direct ties between Huione and known cyberattacks. For instance, in June 2023, funds from breaches of Atomic Wallet, Coinspaid, and Alphapo were traced to the conglomerate. The platform also reportedly received $35 million linked to a 2024 heist of Japanese exchange DMM—funds tied by the FBI to North Korea’s Lazarus Group.
Investigators say the firm either lacked or failed to enforce anti-money laundering protocols. In one case, a North Korean operative affiliated with Pyongyang’s Reconnaissance General Bureau allegedly worked directly with Huione officials to move funds and convert cryptocurrency to fiat currency.
FinCEN believes that the operative transferred tens of thousands of dollars in digital assets to a Huione Pay executive and attempted to send U.S. dollars to Hong Kong via the platform.
Huione’s recent launch of an unregulated dollar-pegged stablecoin, USDH, further intensified concerns. Promoted as a censorship-resistant alternative to mainstream digital currencies, USDH was marketed by the company as immune to freezes and regulatory interference. FinCEN warned that this product offered “a virtually risk-free ecosystem” for laundering virtual assets.
