The 120,000 Bitcoins of the Pig-butchering scams pro in Cambodia: How were they confiscated by the US government?

Author | Aki Wu said Blockchain

On October 14, 2025, the Federal Court in Brooklyn, New York unsealed an indictment revealing that the U.S. Department of Justice recently conducted the largest cryptocurrency seizure operation in history, confiscating approximately 127,000 Bitcoins worth over $15 billion. The seized Bitcoin assets originated from the scam funds of the “Prince Group” in Cambodia, whose mastermind is known as the “King of Pig Butchering,” Chen Zhi. This founder of the Prince Group in Cambodia is accused of using forced labor to carry out cryptocurrency investment fraud, commonly referred to as “Pig Butchering” scams, earning illegal profits of up to tens of millions of dollars daily. Currently, this massive Bitcoin fund is held by the U.S. government. This article will outline the details behind this international cryptocurrency law enforcement saga from the perspectives of the indictment background, source of assets, and law enforcement efforts.

The Fraud Empire Beneath the Golden Coating

Chen Zhi is the founder and chairman of the “Prince Group” in Cambodia, which claims to operate real estate and financial businesses in over 30 countries, but is actually accused of secretly developing into one of the largest transnational criminal organizations in Southeast Asia. According to information disclosed by the U.S. Department of Justice and the Department of the Treasury, Chen Zhi and others have been operating at least 10 scam industrial parks across Cambodia since 2015, luring global victims into investing in false cryptocurrency schemes, using the notorious “pig butchering” tactics in recent years. U.S. prosecutors claim that Chen Zhi is the mastermind behind this “cyber scam empire,” who not only condones violence against employees and bribes foreign officials for protection, but also allows the group to lavishly squander the proceeds of their scams on luxury consumption, including the purchase of yachts, private jets, and even a Picasso painting auctioned at a New York auction house.

Currently, Chen Zhi himself has not yet been captured, and the U.S. has issued a wanted and sanction notice against him. His dual nationality of British and Cambodian, along with his strong political and business background, adds variables to the subsequent extradition. A colossal fraud empire like this will naturally have a systematic money laundering system behind it.

Therefore, in order to combat the entire chain of interests, OFAC has implemented comprehensive sanctions against 146 targets, including the Prince Group's transnational criminal organization. Among them, the Huione Group, controlled by criminal gangs like Chen Zhi, serves as a local financial and e-commerce ecosystem in Cambodia, including HuionePay and intermediary markets in Telegram, and has been directly identified by the U.S. Financial Crimes Enforcement Network (FinCEN) as one of the core links in the Prince Group's major money laundering activities.

According to disclosures from the U.S. Treasury, at least approximately $4 billion in illicit funds has been identified as having been laundered through the Huibang network between August 2021 and January 2025, which includes virtual assets flowing from North Korea-related network thefts, cryptocurrency investment scams, and other cybercrimes. In a synchronized sanction announcement against the Taizi Group transnational criminal organization, the Treasury emphasized the complete severing of connections between the Huibang Group and the U.S. financial system. Regulated financial institutions are now prohibited from directly or on behalf of the Huibang Group opening and maintaining agency accounts, and must take reasonable measures to ensure that transactions involving the Huibang Group do not process transactions of agency accounts of U.S. foreign banking institutions, in order to prevent indirect access to the U.S. financial system by the Huibang Group.

In response, OKX CEO Star stated that the Huione Group has caused serious negative impacts in the crypto asset field. Given its potential risks, OKX has implemented strict AML control measures for transactions involving the group. Any crypto asset deposit or withdrawal transactions related to Huione will undergo compliance investigations. Based on the investigation results, OKX may take measures such as freezing funds or terminating account services.

Source of assets: profits from scams and Bitcoin mining farms

Where does this astonishing figure of 127,000 Bitcoins (equivalent to about 15 billion USD) come from? According to allegations from the U.S. Department of Justice, these funds are the proceeds and tools of Chen Zhi's fraud and money laundering scheme, which were previously stored in an unmanaged cryptocurrency wallet, with him holding the private keys. This massive amount of money, obtained from victims, needs to be carefully laundered to evade regulatory scrutiny.

The indictment reveals that Chen Zhi and his accomplices invested the proceeds of their fraud into cryptocurrency mining operations under their control, in order to “launder” brand new Bitcoins without criminal stains. During the ostensibly legitimate mining process, the original dirty money was converted into newly mined “clean” Bitcoin assets, thereby attempting to sever the connection between funds and crime. This money laundering strategy allowed the mining sites under the Prince Group to continuously produce Bitcoins, becoming one of the important channels for concealing the illicit gains.

The lawsuit names a mining company “Lubian Mining Pool” related to Chen Zhi's money laundering plan. Lubian was once a globally renowned Bitcoin mining pool, headquartered in China, with operations extending to Iran, controlling about 6% of the global Bitcoin hash rate at its peak. As a part of Chen Zhi's money laundering network, Lubian Mining Pool helped convert fraudulent funds into massive amounts of Bitcoin. However, a bizarre “theft case” at the end of 2020 embroiled Lubian in a mystery. In late December 2020, Lubian reported being hacked, with a large amount of Bitcoin stolen. On-chain data shows that 127,426 Bitcoins were transferred away from Lubian by hackers in December 2020, worth approximately $3.5 billion at the time. The sheer amount of BTC stolen made this incident one of the “largest Bitcoin thefts in history.”

Lubian disappeared shortly after being affected, suddenly shutting down its mining pool business in February 2021, while the stolen over 120,000 BTC remained missing for a long time. On-chain analysis shows that the stolen 127,426 Bitcoins were transferred to a group of major wallet clusters. Therefore, it is still unknown whether an external hacker stole Chen Zhi's dirty money or if Chen Zhi staged the transfer of the stolen funds out of Lubian. However, this batch of priceless Bitcoins remained silent on the blockchain, as if they had evaporated from the world. It wasn't until many years later that their whereabouts were revealed.

More than 120,000 stolen bitcoins remained static for over three years, with no significant signs of movement on the blockchain. On-chain analysis shows that from the time of the theft at the end of 2020 until mid-2024, these BTC stayed in dozens of wallets controlled by hackers, until July 2024, when approximately 127,000 BTC completed a massive centralized transfer. Since these addresses had long been registered within the community, on-chain intelligence platforms like Arkham quickly identified that this large accumulation of bitcoins was indeed from the assets stolen in the 2020 Lubian mining pool heist. The timing of these BTC moving from dormancy to activity is particularly intriguing, coinciding with the gradual tightening of the net by international law enforcement agencies.

When the U.S. Department of Justice filed a civil forfeiture lawsuit in October 2025, the documents listed 25 Bitcoin addresses, indicating that this was where the BTC involved in the case was previously stored. These addresses match exactly with the hacker addresses from the Lubian mining pool theft case, meaning that U.S. officials believe that the 127,000 BTC was laundered by Chen Zhi and his accomplices through Lubian, originating from the same batch of funds that flowed out during the fake “theft” incident in 2020. The lawsuit further notes that the private keys for this batch of BTC were originally held by Chen Zhi himself, but are now under the control of the U.S. government. This suggests that the accumulation of Bitcoin in July was very likely conducted by the U.S. government.

Will America's core technology be simple brute force?

Due to the early publicity of anonymous transactions in Bitcoin cases, the public gradually interpreted Bitcoin's “pseudonymity” as strong anonymity, leading to the illusion that Bitcoin is easier to launder money. In fact, the public transparency of the Blockchain ledger provides law enforcement with an unprecedented “fund flow view.” Investigators can use professional on-chain analysis tools to link dispersed transaction addresses into a network, identifying which wallets belong to the same entity and which fund flows exhibit abnormal patterns. For example, in this case, Arkham had already labeled the wallet addresses of the Lubian mining pool early on. When a large amount of BTC was stolen and subsequently moved, the analysis system immediately established a connection between the new address and the Lubian label, thus pinpointing the whereabouts of the stolen Bitcoin. The immutable records of the Blockchain also mean that even if a scammer attempts to transfer assets years later, they cannot escape the watchful eyes of trackers.

However, obtaining an on-chain address does not equate to controlling the assets; what is more critical is the control of the private keys. Currently, there is no accurate information on how the U.S. government specifically obtains these private keys. According to an Arkham investigation, the Lubian mining pool did not use sufficiently secure random algorithms for wallet private key generation during its operations, and its key generation algorithm has vulnerabilities that can be brute-forced. However, Cobo co-founder Shen Yu stated that law enforcement agencies did not obtain the private keys through brute force or intrusion methods but discovered that there were random defects in the generation of these private keys. Incomplete statistics show that over 220,000 addresses are affected by this vulnerability, and a complete list has been made public.

The private keys of these wallets are generated by a flawed pseudo-random number generator (PRNG). Due to the use of a fixed offset and pattern by the PRNG, the predictability of the private keys has increased. There are still users continuously transferring funds to the related addresses, indicating that the vulnerability risk has not been completely eliminated. It is speculated that U.S. law enforcement and cybersecurity experts may also have similar technologies or clues. However, it is also possible that the U.S. government has obtained mnemonic phrases or signing rights through social engineering, evidence gathering, or offline means, gradually gaining control over the private keys by infiltrating the scam group. Nevertheless, even though Chen Zhi himself has not been apprehended, this scam group's pride, the “digital gold,” has already been completely captured.

Insights on our relationship with regulation

The once unpunished scam boss has now painfully lost the accumulated digital gold; what was once seen as a money laundering tool, cryptocurrency, has now turned into a tool for recovering stolen funds. The incident of “Cambodian pig-butchering boss's Bitcoin being confiscated” leaves a profound lesson for both the industry and regulators. The security of cryptocurrency itself relies on the strength of cryptography, and any technical oversight can be exploited by hackers or law enforcement, determining the final ownership of the assets. If there are readers using wallets that automatically generate private keys, such as imtoken or trust wallet, your wallet may be at risk of being hacked. Because of this, more and more traditional judicial forces are beginning to introduce on-chain tracking and cryptographic cracking technologies, making the fantasy of criminals using encryption technology to evade legal sanctions increasingly shattered.