How the 120,000 Bitcoins of the Pig-butchering scams pro in Cambodia were confiscated by the US government

Author: Aki Wu said Blockchain

On October 14, 2025, the Federal Court in Brooklyn, New York unsealed an indictment revealing that the U.S. Department of Justice recently conducted the largest cryptocurrency seizure in history, confiscating approximately 127,000 Bitcoins valued at over $15 billion. The seized Bitcoin assets originated from the fraudulent funds of the “Prince Group” in Cambodia, with its mastermind being Chen Zhi, who is known as the “King of Pig Butchering”. This founder of the Cambodian Prince Group is accused of implementing cryptocurrency investment fraud through forced labor, commonly known as “Pig Butchering” scams, making illegal profits of up to tens of millions of dollars every day. Currently, this massive amount of Bitcoin funds is held by the U.S. government. This article will detail the background of the indictment, sources of the assets, and the law enforcement efforts that led to this international cryptocurrency enforcement saga.

The Fraud Empire Beneath the Golden Coating

Chen Zhi is the founder and chairman of Cambodia's Prince Holding Group, which claims to operate real estate, finance and other businesses in more than 30 countries, but is actually accused of secretly developing into one of the largest transnational criminal organizations in Southeast Asia. According to information disclosed by the U.S. Department of Justice and the Treasury Department, Chen Zhi and others have operated at least 10 fraud industrial parks across Cambodia since 2015 to lure victims around the world into making fake crypto investments in what has become infamous in recent years. U.S. prosecutors allege that Chen Zhi is the mastermind behind this “online fraud empire”, not only acquiescing in violence against employees, bribing officials in other countries to provide protective umbrellas, but also conniving at the entire group to squander the proceeds of fraud through lavish spending, including the purchase of yachts, private jets, and even Picasso's famous paintings auctioned at auction houses in New York.

Currently, Chen Zhi himself has not yet been captured, and the US has issued a wanted and sanctions notice against him. His dual nationality of British and Cambodian, along with his strong political and business background, adds variables to the subsequent extradition. Behind such a large-scale fraud empire, there will naturally be a systematic money laundering system.

Therefore, OFAC has implemented comprehensive sanctions against 146 targets, including the Prince Group's transnational criminal organization, to combat the entire利益链条. Among them, Huione Group, controlled by criminal gangs such as Chen Zhi, is a local financial and e-commerce ecosystem in Cambodia, which includes HuionePay, intermediary markets on Telegram, etc. It has been directly identified by the U.S. Financial Crimes Enforcement Network (FinCEN) as one of the core chains of money laundering activities of the Prince Group.

According to disclosures from the U.S. Department of the Treasury, at least approximately $4 billion in illicit funds was identified being laundered through the Huifang Network between August 2021 and January 2025, which includes virtual assets inflows from North Korea-related network thefts, crypto investment scams, and other cyber crimes. In a synchronized sanctions announcement against the Prince Group transnational crime organization, the Treasury emphasized the complete severing of Huifang Group's connections to the U.S. financial system. Regulated financial institutions are now prohibited from directly or on behalf of Huifang Group opening and maintaining agency accounts, and must take reasonable measures to ensure that transactions involving the Huifang Group do not process transactions through the agency accounts of U.S. foreign banking institutions to prevent Huifang Group's indirect access to the U.S. financial system.

In response, OKX CEO Star stated that the Huione Group has caused serious adverse effects in the cryptocurrency space. Given the potential risks, OKX has implemented strict AML control measures for transactions involving this group. Any deposit or withdrawal transactions related to Huione will undergo compliance investigations. Based on the results of the investigation, OKX may take measures such as freezing funds or terminating account services.

Source of Assets: Scam Profits and Bitcoin Mining Farms

Where does the astonishing figure of 127,000 Bitcoins (equivalent to about 15 billion USD) come from? According to the U.S. Department of Justice, these funds are the proceeds and tools of a fraud and money laundering scheme conducted by Chen Zhi. Previously stored in a non-custodial cryptocurrency wallet, he personally held the private keys. These massive amounts of money, defrauded from victims, require careful laundering to evade regulatory scrutiny.

The indictment reveals that Chen Zhi and his accomplices directed the proceeds of their fraud into a cryptocurrency mining business they controlled, in order to “wash out” new Bitcoins free of criminal stains. During the seemingly legitimate mining process, the original dirty money was converted into newly mined “clean” Bitcoin assets, attempting to sever the connection between the funds and the crime. This money laundering strategy allowed the mining operations under the Prince Group to continuously produce Bitcoins, becoming one of the important channels for concealing the embezzled funds.

The indictment names a mining company related to Chen Zhi's money laundering scheme, “Lubian Mining Pool.” Lubian was once a globally renowned Bitcoin mining pool headquartered in China, with operations extending to Iran, controlling about 6% of the world's Bitcoin hash rate at its peak. As part of Chen Zhi's money laundering network, Lubian Mining Pool facilitated the conversion of fraudulently obtained funds into massive amounts of Bitcoin. However, a bizarre “theft case” at the end of 2020 embroiled Lubian in mystery. In late December 2020, Lubian reported a hacking attack, resulting in a large amount of Bitcoin being stolen. On-chain data shows that 127,426 Bitcoins were transferred out of Lubian by hackers in December 2020, worth about $3.5 billion at the time. The sheer amount of BTC stolen made this incident one of the “largest Bitcoin thefts in history.”

Lubian vanished shortly after being affected, suddenly shutting down its mining pool business in February 2021, while over 120,000 stolen BTC disappeared without a trace for a long time. On-chain analysis shows that the stolen 127,426 bitcoins were transferred to a group of major wallet clusters. Therefore, it remains unknown whether an external hacker stole Chen Zhi's illicit funds or if Chen Zhi staged the theft to move the laundered money out of Lubian. However, this batch of priceless bitcoins lay silent on the blockchain afterward, as if they had evaporated from the world. It wasn't until many years later that their whereabouts were uncovered.

More than 120,000 stolen Bitcoins remained static for over three years, showing no significant signs of movement on the blockchain. On-chain analysis indicates that from the end of 2020, when they were stolen, until mid-2024, these BTC stayed in dozens of wallets controlled by hackers, until July 2024, when approximately 127,000 BTC completed a massive concentration transfer. Since these addresses had long been registered within the community, on-chain intelligence platforms like Arkham quickly identified that the substantial Bitcoins being aggregated came from the 2020 Lubian mining pool theft. The timing of these BTC moving from dormancy to activity is quite intriguing, coinciding perfectly with the eve of multinational law enforcement agencies tightening their net.

When the U.S. Department of Justice filed a civil forfeiture lawsuit in October 2025, the documents listed 25 Bitcoin addresses, indicating that this was where the BTC involved in the case was previously stored. These addresses completely match the hacker addresses from the Lubian mining pool theft case, which means that U.S. officials believe that these 127,000 BTC are the proceeds of money laundering by Chen Zhi and his accomplices through Lubian, originating from the same batch of funds that flowed out during the fake “theft” incident in 2020. The complaint further states that the private keys for this batch of BTC were originally held by Chen Zhi himself but are now under the supervision of the U.S. government. This implies that the accumulation of Bitcoin in July was most likely conducted by the U.S. government.

Will American core technology be simply brute-forced?

Due to the promotion of anonymous transactions in early Bitcoin cases, the public gradually interpreted Bitcoin's “pseudonymity” as strong anonymity, leading to the illusion that Bitcoin is easier for money laundering. In reality, the public and transparent nature of the blockchain ledger provides law enforcement agencies with an unprecedented “fund flow view.” Investigators can use specialized on-chain analysis tools to connect scattered transaction addresses into a network, identifying which wallets belong to the same entity and which fund flows exhibit abnormal patterns. For example, in this case, Arkham had labeled the wallet addresses of the Lubian mining pool early on. When a large amount of BTC was stolen and moved again, the analysis system immediately established a connection between the new address and the Lubian label, thus pinpointing the destination of the stolen Bitcoin. The immutable records of the blockchain also mean that even if fraudsters attempt to transfer assets years later, they cannot escape the keen eyes of the trackers.

However, obtaining an on-chain address does not equate to controlling assets; what is even more critical is the control of the private keys. Currently, there is no accurate information on how the U.S. government specifically obtains these private keys. According to an investigation by Arkham, the Lubian mining pool did not use sufficiently secure random algorithms for wallet private key generation during its operations, and its key generation algorithm has vulnerabilities that can be brute-forced. However, Cobo co-founder Shen Yu stated that law enforcement agencies did not obtain the private keys through brute force or hacking methods, but rather discovered that there were defects in randomness when these private keys were generated. Incomplete statistics show that over 220,000 addresses are affected by this vulnerability, and a complete list has been made public.

The private keys of these wallets are generated by a flawed pseudorandom number generator (PRNG). Due to the use of a fixed offset and pattern by the PRNG, the predictability of the private keys has increased. Users are still continuously transferring funds to the related addresses, indicating that the vulnerability risk has not been completely eliminated. It is speculated that U.S. law enforcement and cybersecurity experts may also possess similar technology or clues. However, it is also possible that the U.S. government obtained the mnemonic phrases or signing rights through social engineering, search and evidence collection, or by infiltrating the scam group to gradually control the private keys. Nevertheless, even if Chen Zhi himself has not yet been captured, the “digital gold” that this scam group takes pride in has already been completely apprehended.

Insights on Our Relationship with Regulators

The once untouchable scam kingpins have now lost their hoarded digital gold; cryptocurrencies, once seen as money laundering tools, have reversed roles and become instruments for recovering stolen funds. The incident of “Cambodian pig-butchering kingpin's Bitcoin seized” has left profound insights for both the industry and regulators. The security of crypto assets relies on the strength of cryptography, and any technical loophole can be exploited by hackers or law enforcement, determining the final ownership of the assets. Readers using automatically generated private key wallets like imtoken and trust wallet may have wallets at risk of being hacked. For this reason, more and more traditional judicial powers are beginning to adopt on-chain tracking and cryptographic cracking technologies, making the fantasy of criminals escaping legal sanctions through encryption increasingly shattered.