The global financial crime community has been jolted by one of the most striking enforcement actions of 2025. The U.S. Financial Crimes Enforcement Network (FinCEN) has officially designated the Cambodia-based Huione Group as a foreign financial institution of primary money laundering concern. The decision, made under Section 311 of the USA PATRIOT Act, effectively cuts Huione off from the U.S. financial system and marks a new milestone in the regulation of cryptocurrency-driven laundering networks.

Behind this move lies a tangled web of crypto transactions, fraudulent stablecoins, and payment services built on opacity. The case exposes how a network blending fintech and criminal innovation managed to launder billions of dollars before being formally blacklisted — and why it poses a serious test for AML regimes worldwide.

Huione Group money laundering network and structure

Huione Group’s operation was anything but straightforward. Officially, it appeared as a financial services conglomerate operating across several jurisdictions. In reality, it acted as a tightly coordinated laundering ecosystem that combined fiat and virtual assets, crypto exchanges, and an online marketplace used by cybercriminals.

The network consisted of four main pillars:

• Huione Pay PLC, a licensed Cambodian payment services provider, handling fiat and digital transfers.
• Huione Crypto, a virtual asset exchange operating under the group’s control, issuing its own stablecoin, USDH.
• Haowang Guarantee (formerly Huione Guarantee), an online marketplace facilitating peer-to-peer transactions of “virtual products” and digital tools that frequently included illicit items.
• Huione Group Limited, the umbrella entity connecting them all, allegedly based in Hong Kong but largely operating from Phnom Penh, Cambodia.

Each component served a role in the laundering process. Huione Pay connected fiat corridors. Huione Crypto handled virtual asset conversions and offered customers privacy-enhanced stablecoin transfers. Haowang Guarantee provided the infrastructure for scammers and organized cybercriminal groups to monetize or recycle illicit proceeds. Together, they created an unregulated financial web worth billions.

Investigators from blockchain analytics firms traced Huione-linked wallets that moved or held over USD 4 billion between August 2021 and January 2025. Of this amount, at least USD 37 million originated from cyber-heists linked to the North Korean Lazarus Group. Another USD 300 million was tied to online investment scams known as “pig-butchering,” while hundreds of millions more came from transnational cyber fraud and darknet-linked payments.

Huione’s design was deliberately opaque. Each affiliate claimed to operate independently, yet all shared customer data, transaction infrastructure, and internal settlement systems. Such integration blurred lines of accountability and made compliance oversight nearly impossible.

Anatomy of the laundering scheme

1. Exploiting regulatory fragmentation
Huione Group played regulatory arbitrage at a global scale. Registered in multiple jurisdictions — Cambodia, Poland, and Hong Kong — the group leveraged the absence of harmonized crypto oversight. While the National Bank of Cambodia had banned crypto dealings since 2018, enforcement remained weak. This vacuum allowed Huione’s entities to continue operating openly, even after public reports exposed their role in laundering scam proceeds.

2. Laundering through convertible virtual currencies (CVCs)
The group’s exchange platform, Huione Crypto, functioned as both marketplace and transmission hub. It issued USDH, a stablecoin marketed as “unfreezable”, allowing users to store and move value without fear of law-enforcement freezes. For criminals, this was a feature, not a flaw.
Unlike legitimate stablecoins that cooperate with authorities, Huione’s design ensured that illicit proceeds could move unimpeded across blockchains. This “freedom from freezing” effectively nullified traditional AML countermeasures, transforming Huione into a sanctuary for tainted funds.

3. Integration of illicit marketplaces and payment rails
The Haowang Guarantee platform mimicked legitimate e-commerce sites but enabled trade in digital identities, SIM cards, scam scripts, and surveillance or “detention” equipment. Such marketplaces created demand and liquidity for illicit proceeds, while Huione Pay and Huione Crypto provided the payment backbone.
By merging payment processing and illicit trading into one ecosystem, Huione allowed cybercrime groups to operate end-to-end within its infrastructure — from purchasing scam tools to cashing out profits.

4. Obfuscation through nested correspondent channels
Although based in Asia, Huione’s reach extended to U.S. dollar clearing through nested correspondent accounts. The group’s entities registered as Money Services Businesses (MSBs) with FinCEN and provided U.S. mail-forwarding addresses in Denver. These registrations allowed indirect access to dollar-denominated transactions via foreign intermediaries.
This arrangement exemplifies how correspondent banking vulnerabilities can still be exploited even when an institution has no physical presence in the United States.

5. Rebranding to evade scrutiny
Following critical media and blockchain-analytics reports in 2024, Huione Guarantee quietly renamed itself Haowang Guarantee. The rebrand, accompanied by cosmetic website changes, coincided with the removal of corporate records from public databases. Regulators interpret such rebranding as a classic obfuscation tactic, allowing the same illicit activities to persist under new names.

The regulatory response and Section 311 designation

The U.S. Treasury’s response demonstrates how Section 311 of the USA PATRIOT Act remains one of the most potent AML enforcement tools.
Under 31 U.S.C. § 5318A, FinCEN can designate a foreign financial institution, class of transactions, or jurisdiction as being of primary money-laundering concern. Once such a finding is made, the agency can impose “special measures” ranging from enhanced recordkeeping to full prohibition of correspondent accounts.

FinCEN determined that Huione Group met the legal criteria:

• It was a foreign financial institution under the BSA definition (including money transmitters and VASPs).
• It was operating outside the U.S. with significant exposure to money-laundering networks.
• It had systemic AML/KYC deficiencies, openly acknowledged by its own representatives.
• It facilitated laundering tied to both state-sponsored cybercrime (DPRK’s Lazarus Group) and transnational organized crime.

After consultation with the State Department, Department of Justice, Federal Reserve, and other regulators, FinCEN imposed Special Measure Five, the harshest option. This measure:

• Prohibits U.S. financial institutions from opening or maintaining correspondent or payable-through accounts for Huione Group.
• Requires institutions to apply enhanced due diligence to foreign correspondents to ensure Huione does not indirectly gain access.
• Mandates notifications to all correspondent account holders warning them not to process transactions for Huione.
• Obliges institutions to retain documentation of compliance with the special measure.

Effectively, Huione has been cut off from the U.S. financial system. Any bank that knowingly facilitates its access risks civil and criminal penalties under 31 U.S.C. § 5321 and § 5322.

FinCEN’s final rule highlighted that Huione’s risk profile was aggravated by its issuance of an “unfreezable” stablecoin and the laundering of proceeds from DPRK cyber operations that fund weapons programs. The regulator concluded that lesser measures, such as additional reporting or beneficial-ownership checks, would be ineffective due to Huione’s use of shell entities, opaque ownership, and nested accounts.

The decision also underscores FinCEN’s growing willingness to target crypto intermediaries that serve as infrastructure for state-sponsored or transnational crime. By prohibiting access to U.S. correspondent banking, the U.S. aims to sever Huione’s global liquidity lifelines.

Global AML implications and compliance lessons

The Huione Group case sets a precedent that reverberates far beyond Cambodia or Southeast Asia. It sends several messages to the global compliance community.

1. Crypto-fiat hybrids are now central to laundering ecosystems
Traditional AML frameworks were built for banks and money transmitters. Huione blurred those boundaries by merging crypto exchange, stablecoin issuance, and payment processing. Compliance teams must therefore treat hybrid entities as financial institutions under the same risk lens as banks, regardless of licensing labels.

2. “Unfreezable” assets undermine global sanctions architecture
Stablecoins promising immunity from freezes directly threaten the integrity of AML enforcement. Financial institutions should treat such coins as high-risk products and implement screening rules to identify transfers involving them.

3. Nested correspondent risk requires renewed vigilance
Even when a foreign financial institution lacks a U.S. footprint, it may access the system through another bank’s correspondent account. The Huione case demonstrates why banks must monitor nested relationships and ensure their correspondents do not process transactions on behalf of prohibited entities.

4. Rebranding is not remediation
Rebranding, name changes, or shifting domains are red flags, not corrective actions. Regulators increasingly view them as attempts to circumvent enforcement, as seen in Huione’s transformation from “Huione Guarantee” to “Haowang Guarantee.”

5. AML/KYC transparency remains the core defense
The lack of basic KYC at Huione made it a magnet for illicit users. Institutions must ensure real identity verification, source-of-funds checks, and continuous transaction monitoring — including blockchain analytics integration — to detect similar risks early.

6. Collaboration between crypto-analytics firms and regulators is critical
The enforcement action relied heavily on blockchain data from analytics providers that mapped wallet networks, stablecoin issuances, and cross-chain movements. Future AML regimes will depend on such partnerships to convert on-chain transparency into actionable intelligence.

7. Expect broader use of Section 311 in crypto
FinCEN’s use of Section 311 against a crypto-based network signals an expansion of this authority beyond traditional banks. More designations could follow, targeting exchanges, payment platforms, or even decentralized protocols that knowingly facilitate laundering.

Lessons for financial institutions

For global banks, fintechs, and virtual-asset service providers, the message is simple: proactive compliance or enforced isolation. Institutions should:

• Conduct continuous risk assessments of counterparties offering crypto services.
• Expand sanctions-screening lists to include Section 311 entities alongside OFAC lists.
• Verify the legitimacy of foreign payment partners and require transparency on their AML frameworks.
• Monitor for marketing language such as “unfreezable,” “anonymous,” or “privacy guaranteed,” as these indicate deliberate non-compliance.
• Establish cross-functional teams combining AML, cyber-risk, and blockchain-analytics expertise to track evolving typologies.

The Huione case also raises questions about jurisdictions where enforcement remains weak. While the U.S. acted decisively, the group’s continued presence in Cambodia and parts of Southeast Asia highlights the uneven global implementation of FATF standards.

A turning point for AML enforcement

Huione’s designation as a primary money-laundering concern is more than an isolated crackdown. It symbolizes a shift toward targeting infrastructure rather than individual transactions.
By cutting off entire ecosystems that enable laundering — stablecoins, exchanges, and payment processors — regulators aim to choke criminal liquidity at the source.

For compliance professionals, the lesson is structural: the next frontier of AML enforcement is ecosystem accountability. FinCEN’s action shows that opacity, rebranding, and hybridization of financial services no longer offer protection. If a network facilitates the flow of illicit funds, it can be globally isolated through financial sanctions and special measures.

---

Related Links

• FinCEN resources – Section 311 special measures
• U.S. Treasury – National Proliferation Financing Risk Assessment 2024
• United Nations – Panel of Experts on DPRK Cyber Heists Report 2024

Other FinCrime Central News About Crypto Crackdowns in Asia

• India Cracks Down on 25 Offshore Crypto Exchanges for Money Laundering
• Philippines SEC Launches Major Crackdown on Illegal Crypto Platforms
• Inside Huione Group’s $4B Financial Crime Marketplace Exposed by FinCEN

Source: FinCEN

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.