Huione Group
Huione Group has been named in 3 documented digital harm incidents, including 1 involving minor. The most common harm domain is Fraud & Financial.
Documented Incidents
3Kenyan government worker loses $16,000 to CryptoBridge Exchange Ponzi scheme via Telegram promises
A Kenyan government worker named Edwin lost approximately $16,000 to the CryptoBridge Exchange (CBEX), a crypto-trading platform that operated as an AI-hyped Ponzi scheme. He was lured through Telegram with promises of guaranteed returns and referral bonuses, and the funds were largely sourced from a bank loan he now struggles to repay. CBEX collapsed in April 2024, affecting investors mainly in Kenya and Nigeria, with victims reporting significant financial losses. The platform used tactics such as brandjacking and false claims of legitimacy, including an anti-money laundering certificate from Nigeria’s EFCC, which clarified it was only for consultancy services. CBEX continued operations after its collapse and attempted to recover funds by charging users a "verification" fee, a known scam tactic. Nigerian authorities have arrested two individuals and issued warrants for eight others, while Kenya’s Capital Markets Authority issued an investor alert and is considering virtual asset regulation.
American woman loses $26,000 to romance scammer on Tinder via bitcoin ATMs
A Cambodia-based gang linked to North Korea, known as the Huione Group, has been involved in romance scams and cyber-heists targeting Americans since August 2021, stealing at least $4 billion through schemes like "pig butchering." The group facilitated these scams through social media, dating sites, and cryptocurrency investments, with $37 million directly supporting North Korean cyber activities and $336 million from romance and investment fraud. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) announced a crackdown, proposing a federal rule to cut off the group’s access to the U.S. financial system. One victim, Beth Hyland, lost $26,000 to a scammer on Tinder who manipulated her into sending money via bitcoin ATMs. In response, lawmakers introduced the Romance Scam Prevention Act to require dating apps to notify users of potential fraud. The Treasury designated Huione Group under Section 311 of the PATRIOT Act due to its failure to implement proper anti-money laundering policies.
Chinese-language Telegram marketplace users lose millions to financial fraud and money laundering via Xinbi Guarantee platform leading to $220,000 in WazirX crypto theft laundering in November 2024
Xinbi Guarantee is a Chinese-language, Telegram-based marketplace that facilitates financial fraud and money laundering, with over $8.4 billion in USDT transactions since 2022. It is operated through Xinbi Co. Ltd, a company incorporated in Colorado in August 2022 but marked as delinquent in January 2025. The marketplace serves fraudsters, including those involved in "pig butchering" scams, and offers services such as money laundering, stolen personal data, and fake IDs. In November 2024, Xinbi Guarantee was used to launder $220,000 in USDT stolen from the WazirX crypto exchange by North Korean hackers. In July 2024, Elliptic identified Huione Guarantee, a similar marketplace with $27 billion in transactions, which was later designated by the U.S. Treasury in May 2025 as a money-laundering operation. In response to Elliptic's research, Telegram closed thousands of channels linked to Xinbi and Huione, disrupting their operations.