Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

Summary

A coordinated international operation led by Dubai Police, FBI, and Chinese Ministry of Public Security arrested 276 suspects and dismantled nine cryptocurrency investment fraud scam centers targeting Americans. The scheme, known as 'pig butchering' or romance baiting, defrauded victims through fake investment platforms while exploiting human trafficking; the operation seized $701 million in cryptocurrency and notified nearly 9,000 victims through Operation Level Up. Additional enforcement actions included U.S. Treasury sanctions against Cambodian Senator Kok An and associates for operating a network of cyber scam compounds.

Full text

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M Ravie LakshmananMay 04, 2026Mobile Security / Financial Crime A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership with the U.S. Federal Bureau of Investigation (FBI) and the Chinese Ministry of Public Security. Among those arrested are individuals from Burma and Indonesia, who were apprehended by authorities from Dubai and Thailand. Thet Min Nyi, 27, Wiliang Awang, 23, Andreas Chandra, 29, Lisa Mariam, 29, and two fugitive co-conspirators have been charged with federal fraud and money laundering charges in the U.S. "Fraudsters who target Americans from overseas cannot operate with impunity, no matter where in the world they reside," Assistant Attorney General A. Tysen Duva of the Justice Department's (DoJ) Criminal Division said. "Scam center organizers and fraudsters who defraud Americans and others will face justice in American courts and in courts around the world. In contemporary society, fraud is borderless, and law enforcement activity to combat it and eliminate it is as well." According to the indictment, the defendants are alleged to have managed, worked for, and recruited others to work at three different companies named Ko Thet Company, Sanduo Group, and Giant Company that allegedly operated several scam centers. Thet Min Nyi is believed to be the manager and recruiter for the Ko Thet Company. The scams involved tricking users into parting with their money through bogus cryptocurrency investments after building trust over time, often by entering into friendly or romantic relationships, a long-running scheme known as pig butchering or romance baiting. The illicit operation is closely intertwined with human trafficking, where foreign nationals are coerced into running the scams under slave-like conditions after being recruited with false offers of high-paying jobs. "After that, the scammers promoted investments in cryptocurrencies and assisted victims in setting up accounts and transferring cryptocurrency to investment platforms that, unbeknownst to the victims, were false," the DoJ said. "The alleged scammers touted their own successes and returns in cryptocurrency investments and encouraged their victims to invest more. They also encouraged their victims to borrow money from friends and family and take out loans, to be able to 'invest' more." But as soon as the funds were transferred to the platforms, the assets were laundered to other cryptocurrency accounts, including some belonging to the fraudsters. The DoJ said the FBI has notified almost 9,000 victims and saved victims an estimated $562 million as of April 2026 following the launch of an initiative called Operation Level Up, which began in January 2024 as a way to proactively identify and alert victims of cryptocurrency investment fraud schemes. Two Chinese Nationals Charged for Crypto Scams News of the indictment comes days after the DoJ charged two Chinese nationals – Jiang Wen Jie (aka Jiang Nan) and Huang Xingshan (aka Ah Zhe and Huang Xing Saan) – for their role in a major cryptocurrency investment fraud operation and for allegedly running the Shunda scam compound in Min Let Pan, Myanmar. The defendants have also been accused of planning to open a second scam center in Cambodia after Burmese authorities seized the first in November 2025. Huang is assessed to have worked at Shunda as a high-level manager and personally participated in the physical punishment of trafficked compound workers, while Jiang served as a team leader overseeing workers who specifically targeted American victims in these schemes. They were arrested by Thai authorities in early 2026 while en route to Burma from Cambodia. "The compound used scam websites and mobile applications disguised as legitimate investment platforms to defraud victims, including Americans," the DoJ said. "Workers within the compound were trafficked individuals who were held against their will and forced to defraud victims under the threat of violence and torture." In addition, the crackdown has led to the seizure of a Telegram channel (@pogojobhiring2023) with more than 6,500 followers used to recruit human trafficking victims to a scam compound in Cambodia in order to work a law enforcement impersonation scam and a cluster of 503 fake investment websites used to defraud U.S. victims. The actions, led by a U.S. government Scam Center Strike Force, have also restrained more than $701 million in cryptocurrency alleged to be tied to money laundering from cryptocurrency scams.Treasury Sanctions Cambodian Senator Coinciding with these efforts, the U.S. Treasury Department has sanctioned a Cambodian senator behind a network of cyber scam compounds, and the State Department announced rewards of up to $10 million for information leading to the seizure or recovery of proceeds related to the Tai Chang scam center in Burma. The sanctions target Cambodian Senator Kok An, Cambodian businessman Rithy Raksmei, their associates, and respective business operations, including holding companies like K99 Group for scam center operations. Kok An is assumed to have fled Thailand, with authorities issuing an arrest warrant for him and his children last July. "Kok An and his affiliates' network of scam centers, operating out of casinos and office parks retrofitted for fraudulent activity, launder victims' funds and provide a base to target U.S. citizens and commit human rights abuses with impunity," the Office of Foreign Assets Control (OFAC) said. Kok An is the second Cambodian senator to be sanctioned by the U.S. Treasury after Ly Yong Phat, who was implicated in September 2024 for his alleged role in trafficking people into forced labor at online scam centers. The proliferating industrial-scale fraud operations have prompted Cambodia's parliament to pass the first law dedicated to targeting scam centres operating in the country. The law, which seeks to prevent scam centers from resurfacing after takedowns, will see those convicted of scams sentenced to anywhere between five and 10 years in prison and fined as much as $250,000.Cambodian Scam Compound Linked to Android MaaS What's more, an Android banking trojan has been uncovered, likely operating from multiple locations, including the K99 Triumph City compound owned by Cambodia's K99 Group, that's capable of facilitating real-time surveillance, credential theft, data exfiltration, as well as financial fraud. The banking trojan is said to have been used since at least 2023. The sophisticated malware-as-a-service (MaaS) platform shares infrastructure and behavioral overlaps with activity previously attributed to threat actors tracked as Vigorish Viper and Vault Viper, per a joint report from Infoblox and Vietnamese non-profit Chong Lua Dao. "The operation remains active, registering around 35 new domains per month -- both registered domain generation algorithm (RDGA) domains and lookalike domains -- that impersonate legitimate organizations and government services to distribute the malware," researchers said. "The domains are designed to spoof banks, pension funds, social security organizations, utility providers, and various revenue, immigration, telecom, and law enforcement agencies. More recently, the scope of the scam has expanded, both geographically and contextually, to include lures targeting airlines and e-commerce platforms, as well as countries in Africa and Latin America." In all, 400 targeted lure domains are said to have been registered in 2025 and used to deceive and infect victims as part of what's assessed to be a coordinated operation. The attack chain is as follows - Malicious URLs are distributed to

Indicators of Compromise

• malware — Fake investment websites (503 cluster)

Entities