The U.S. Department of Justice has seized a cloud computing account used by Huione Group subsidiaries, targeting backend infrastructure that allegedly supported crypto laundering services tied to investment fraud, cyber scams and Southeast Asian scam compounds.
The account helped operate Huione Guarantee, also known as Haowang Guarantee, a Telegram-linked marketplace used by vendors offering stolen data, malware-derived goods, money-laundering services and tools tied to romance and investment scams. The seized cloud account hosted backend systems for Huione subsidiaries that allegedly helped move criminal proceeds across blockchains and into the legitimate banking sector.
DOJ said Huione Guarantee provided escrow services for criminal transactions, including services used by money launderers moving cryptocurrency. Investigators have traced cyber-enabled fraud proceeds to cryptocurrency addresses attributed to Huione Group and Huione Guarantee, where funds were later laundered through additional routes.
The action marks a shift from wallet tracing alone to infrastructure seizure. Instead of only following crypto addresses after scams, U.S. authorities moved against a cloud account that allegedly formed part of the operational backbone behind the marketplace.
Huione Group has been one of the main names in enforcement actions tied to Southeast Asia’s scam economy. U.S. authorities have repeatedly tied the group to virtual currency investment fraud, cyber heists and laundering channels used by criminal networks operating across the region.
FinCEN already severed Huione Group from the U.S. financial system in October 2025 under Section 311 of the USA PATRIOT Act. That rule identified Huione as a financial institution of primary money laundering concern and barred covered U.S. financial institutions from opening or maintaining correspondent accounts for the group.
The new DOJ seizure follows earlier international pressure. China’s extradition of a Huione Group core member from Cambodia showed how the case has expanded beyond U.S. financial restrictions into a wider law-enforcement push against the group’s alleged role in regional scam operations.
The DOJ release also placed Huione activity beside a broader victim-loss backdrop. Crypto investment-fraud complaints to the FBI’s Internet Crime Complaint Center reached more than $7.2 billion in reported losses in 2025, while cybercrime losses across all categories exceeded $20 billion last year.
FinCEN also proposed amending its Huione rule to include H-Pay Service PLC and any successor entity, saying H-Pay is a component of Huione Group and a primary money laundering concern.
That proposal is designed to prevent Huione from restoring access to the U.S. financial system through renamed, restructured or successor entities. FinCEN said Huione served as a critical node for laundering cyber-heist proceeds and virtual currency investment-scam funds, then transferring and consolidating scam-derived assets.
The successor-entity language is the key enforcement move. A financial-network ban can lose force if the targeted business migrates users, payment flows and branding into a new corporate shell. FinCEN’s proposed H-Pay amendment would extend the same access restrictions to successor structures that officials say remain part of Huione’s laundering ecosystem.
Crypto tracing also remains central to the case. DOJ thanked Chainalysis, Elliptic and Google’s CyberCrime Investigation Team for information used in the investigation. Those private-sector leads can help investigators map addresses, identify off-ramp routes, connect scam proceeds to marketplaces and support cloud or domain seizures when digital infrastructure touches U.S.-reachable providers.
The seizure forms part of Operation Riptide, an FBI campaign targeting the criminal actors, infrastructure and financial networks behind cybercrime, cyber-enabled fraud and online scams against Americans.
The Huione action shows how that campaign can move across several layers at once: Telegram marketplaces, cloud infrastructure, crypto addresses, escrow services, laundering providers and financial-system access. Fraud networks often depend on all of those pieces rather than one wallet or one exchange account.
That approach also mirrors wider scrutiny of crypto laundering routes. Allegations around illicit crypto flows through Tokenlon and stablecoin routing show how investigators now focus on the full path from victim deposits to aggregation wallets, DEX routes, payment processors, exchanges and bank exits.
The DOJ seizure leaves Huione Guarantee without a cloud account that allegedly supported its backend marketplace infrastructure. FinCEN’s H-Pay proposal remains open as a rulemaking step, while the FBI San Francisco Field Office and IRS Criminal Investigation continue the case under Operation Riptide.
The post DOJ Seizes Huione Cloud Account Used In Crypto Laundering Marketplace appeared first on Crypto Adventure.
