How the US government confiscated 120,000 Bitcoins from a Cambodian pig-slaughtering scam lord

Author: Aki Wu on Blockchain

On October 14, 2025, an indictment unsealed in federal court in Brooklyn, New York, revealed that the US Department of Justice recently launched one of the largest cryptocurrency seizures in history, confiscating approximately 127,000 Bitcoins, valued at over $15 billion. The confiscated Bitcoin assets originated from fraudulent funds amassed by the Cambodian "Prince Group," whose mastermind was none other than Chen Zhi, known as the "pig-killing scam king." The founder of Cambodia's Prince Group was accused of using forced labor to perpetrate a crypto investment fraud, commonly known as a "pig-killing scam," generating tens of millions of dollars in illegal profits daily. The massive Bitcoin funds are currently in the custody of the US government. This article will examine the details behind this transnational crypto law enforcement saga, focusing on the prosecution background, asset sources, and enforcement efforts. A Fraud Empire Beneath a Gilded Cloak Chen Zhi is the founder and chairman of Cambodia's Prince Holding Group. The group claims to operate real estate, finance, and other businesses in over 30 countries, but in reality, it is accused of secretly developing into one of Southeast Asia's largest transnational criminal organizations. According to information disclosed by the US Department of Justice and the Treasury Department, Chen Zhi and others have operated at least 10 fraudulent industrial parks across Cambodia since 2015, luring victims worldwide into fraudulent cryptocurrency investments using the infamous "pig-killing" schemes of recent years. US prosecutors allege that Chen Zhi was the mastermind behind this "online fraud empire." He not only condoned the abuse of employees and provided protection for bribes to foreign officials, but also allowed his entire group to squander the proceeds of the fraud on lavish spending, including yachts, private jets, and even a Picasso painting sold at a New York auction house. Chen Zhi remains at large, but the US has issued a wanted and sanctions notice for him. His dual British and Cambodian citizenship and deep political and business connections complicate his extradition. Such a vast fraud empire naturally involves a systematic money laundering system. Therefore, OFAC imposed comprehensive sanctions on 146 targets, including the Prince Group transnational criminal organization, to disrupt the entire profit chain. Among them, Huione Group, a Cambodian financial and e-commerce ecosystem controlled by Chen Zhi and other criminal gangs, including HuionePay and the Telegram intermediary marketplace, was directly identified by the U.S. Financial Crimes Enforcement Network (FinCEN) as a core link in Prince Group's money laundering activities. According to the U.S. Treasury Department, at least $4 billion in illicit funds were laundered between August 2021 and January 2025 through the Huiwang network alone, including virtual assets from North Korean cyber theft, crypto investment scams, and other cybercrimes. In its simultaneous sanctions announcement against the Prince Group transnational criminal organization, the Treasury Department emphasized the complete severance of Huiwang Group's connection to the U.S. financial system. Regulated financial institutions are now prohibited from opening and maintaining correspondent accounts directly or on behalf of Huiwang Group, and must take reasonable measures to refrain from processing correspondent account transactions of U.S. foreign banking institutions in transactions involving Huiwang Group, in order to prevent Huiwang Group from indirectly accessing the U.S. financial system. In response, OKX CEO Star stated in a statement that the Huione Group has had a serious negative impact on the crypto asset sector. In light of its potential risks, OKX has implemented strict AML controls for transactions involving the group. All deposits and withdrawals of crypto assets related to Huione will be subject to a compliance investigation. Based on the results of the investigation, OKX may take measures such as freezing funds or terminating account services. Source of Assets: Scam Proceeds and Bitcoin Mining Farms Where did this staggering 127,000 Bitcoins (equivalent to approximately $15 billion) come from? According to the US Department of Justice, these funds were the proceeds and tools used by Chen Zhi to perpetrate a fraud and money laundering scheme. They were previously stored in non-custodial cryptocurrency wallets, for which he personally held the private keys. These vast sums of money, defrauded from victims, required meticulous laundering to evade regulatory scrutiny. The indictment reveals that Chen Zhi and his accomplices invested the proceeds of the fraud in a cryptocurrency mining operation they controlled, thereby "laundering" brand-new Bitcoins free of criminal taint. Through the seemingly legal mining process, the previously illicit funds were converted into newly mined "clean" Bitcoin assets, thereby attempting to sever the funds' connection to the crime. This money laundering strategy enabled the mining farms under the Prince Group to continuously produce Bitcoin, becoming one of the key channels for concealing the illicit funds. The indictment specifically names the Lubian Mining Pool, a mining company involved in Chen Zhi's money laundering scheme. Lubian was once a globally renowned Bitcoin mining pool, headquartered in China with operations in Iran. At its peak, it controlled approximately 6% of the world's Bitcoin computing power. As part of the Chen Zhi Group's money laundering network, the Lubian mining pool helped convert fraudulent funds into massive amounts of Bitcoin. However, a bizarre "theft" in late 2020 entangled Lubian in a mystery. In late December 2020, Lubian reported a hacker attack and the theft of a large amount of Bitcoin. On-chain data showed that 127,426 Bitcoins, valued at approximately $3.5 billion at the time, were stolen from Lubian in December 2020. The sheer volume of BTC stolen made the incident one of the "largest Bitcoin thefts in history." Lubian disappeared shortly after the attack, abruptly shutting down its mining pool operations in February 2021. The stolen over 120,000 BTC remained unaccounted for for a long time. On-chain analysis shows that the 127,426 stolen bitcoins were transferred to a cluster of major wallets. Whether Chen Zhi's illicit funds were stolen by an external hacker or Chen Zhi himself orchestrated the transfer out of Lubian remains unknown. However, these priceless bitcoins subsequently remained dormant on-chain, seemingly vanishing from the face of the earth. Their whereabouts were only revealed years later. For over three years, the stolen over 120,000 bitcoins remained dormant, with no apparent on-chain movement. On-chain analysis shows that from the theft in late 2020 until mid-2024, these BTC remained in dozens of wallets controlled by the hackers. In July 2024, approximately 127,000 BTC underwent a massive centralized transfer. Because these addresses had long been registered within the community, on-chain intelligence platforms like Arkham immediately identified this massive haul of Bitcoin as belonging to the 2020 Lubian mining pool theft. The timing of these BTC's movement from slumber is intriguing, occurring just as international law enforcement agencies were closing in on the case. When the US Department of Justice filed a civil forfeiture lawsuit in October 2025, the document listed 25 Bitcoin addresses, indicating that these were the locations of the BTC previously held in the case. These addresses exactly match the hacker addresses involved in the Lubian mining pool theft. This means that US officials have determined that the 127,000 BTC laundered through Lubian by Chen Zhi and his accomplices represent the same funds that were laundered in the fake "theft" in 2020. The indictment further alleges that the private keys to these BTCs were originally held by Chen Zhi himself but are now under US government custody. This means that the July Bitcoin collection was likely carried out by the US government. Could the US core technology be a simple brute force attack? Due to the publicity surrounding early Bitcoin transactions, the public has gradually come to interpret Bitcoin's pseudonymity as a strong form of anonymity, fostering the misconception that Bitcoin facilitates money laundering. In reality, the transparency of blockchain ledgers provides law enforcement with an unprecedented view of the flow of funds. Investigators can use specialized on-chain analysis tools to connect scattered transaction addresses into a network, identifying which wallets belong to the same entity and any unusual fund flows. For example, in this case, Arkham had long ago labeled the wallet addresses of the Lubian mining pool. When a large amount of BTC was stolen and relocated, the analysis system immediately linked the new addresses to the Lubian tags, pinpointing the whereabouts of the stolen Bitcoin. The blockchain's immutable record also ensures that even if the scammers attempt to transfer the assets years later, they will still be able to track them. However, obtaining an on-chain address does not guarantee control of the assets; control of the private key is even more crucial. There's currently no accurate information on how the US government obtained these private keys. According to an Arkham investigation, the Lubian mining pool failed to use a sufficiently secure randomization algorithm for wallet private key generation, resulting in a vulnerability that could be cracked by brute force. However, Cobo co-founder Shenyu stated that law enforcement agencies did not obtain the private keys through brute force or intrusion, but rather discovered a randomness flaw in the keys' generation. Preliminary statistics indicate that over 220,000 addresses are affected by the vulnerability, a complete list of which has been made public. The private keys for these wallets are generated using a flawed pseudo-random number generator (PRNG). Because the PRNG uses a fixed offset and pattern, the private keys are more predictable. Users are still transferring funds to the affected addresses, indicating that the vulnerability risk has not been completely eliminated. It is speculated that US law enforcement and cyber experts may also have similar techniques or leads. It's also possible that the US government, through social engineering and evidence searches, obtained offline memorandum or signature rights, infiltrated the fraud ring, and gradually gained control of the private keys. Regardless, even if Chen Zhi himself hasn't been apprehended, the "digital gold" that the fraud ring prided itself on has already been seized.

Implications for Us and Regulators

The fraudster who once eluded justice has now lost his hoard of digital gold. Crypto assets, once seen as a tool for money laundering, have now become a powerful tool for recovering illicit funds. The incident of "Bitcoin confiscation from a Cambodian pig-slaughtering scam tycoon" has left a profound lesson for both the industry and regulators. The inherent security of crypto assets relies on the strength of their cryptography. Any technical flaws could be exploited by hackers or law enforcement to determine the ultimate ownership of assets. If you use automated private key wallets like imtoken and Trust Wallet, you're likely at risk of being hacked. For this reason, more and more traditional legal authorities are introducing on-chain tracing and encryption cracking technologies, increasingly shattering the illusions of criminals using encryption to evade legal action.