Feds Yank Plug On Huione Cloud Hub In Bay Area ‘Riptide’ Bust

Federal agents just reached into the cloud and pulled the plug on what they say was a core piece of infrastructure for a sprawling crypto scam ecosystem tied to Cambodia-based Huione Group.

The Justice Department on Tuesday said it seized a cloud computing account used by subsidiaries of the Huione Group, a network U.S. officials say helped launder proceeds from crypto investment scams and other cyber frauds. Prosecutors cast the move as a precision hit on the backend systems that kept the group’s Telegram-linked marketplace running, describing it as part of a wider push to choke off the technical backbone that lets fraud rings scale up.

In a press release, the Justice Department said the seized account hosted backend infrastructure for Huione Guarantee, also known as Haowang Guarantee. The agency said the FBI’s San Francisco Field Office and IRS Criminal Investigation are leading the probe, and quoted Assistant Attorney General A. Tysen Duva calling the action “a blow against one of the world’s most prolific criminal marketplaces.”

How Investigators Say The Cloud Account Powered Huione Guarantee

U.S. regulators and blockchain sleuths have been tracking Huione’s role in the global fraud economy for some time. The Treasury’s FinCEN designated the Huione Group a “primary money laundering concern,” finding it had laundered at least $4 billion in illicit proceeds.

Analysts at Elliptic have described Huione Guarantee as a Telegram-based escrow marketplace where services for laundering and moving scam money were offered. According to that analysis, vendors on the platform openly advertised everything from converting stolen crypto into fiat currency to selling stolen data and other tools that help scams run more smoothly.

Part Of Operation Riptide

The cloud seizure folds into Operation Riptide, the FBI campaign aimed at dismantling the infrastructure and financial networks that prop up large-scale cyber fraud. Security reporting indicates Riptide has featured technical takedowns of domains, servers and other assets tied to phishing schemes and AI-assisted scams, with private-sector partners helping flag high-value targets.

BleepingComputer recently detailed one such hit on an AI-powered phishing service that relied on a massive web of malicious URLs, a case officials point to as part of the broader enforcement sweep.

What It Means For Victims And Scam Markets

From an investigator’s perspective, seizing a backend cloud account is not just a symbolic move. It can interrupt escrow functions and disrupt the workflows criminals use to move funds quickly and under the radar. That, in turn, can slow down or derail active scams that depend on trusted middlemen and payment processors.

FinCEN had already moved to sever parts of Huione from U.S. banking channels, targeting the group’s payment rails. Separate investigative reporting has tied Huione-linked services to scam centers and allegations of forced labor in the region, adding a human-rights dimension to what might otherwise look like a purely financial crime story. FinCEN materials and reporting on regional scam compounds highlight both the massive money flows and the human toll behind them.

Legal Context And What Comes Next

The latest DOJ action fits alongside existing civil and regulatory tools. FinCEN’s Section 311 finding restricts Huione’s correspondent banking relationships, while federal prosecutors retain the ability to pursue civil forfeiture, subpoenas and criminal charges where the evidence supports them.

The Justice Department said the U.S. Attorney’s Office for the Northern District of California and federal cyber units, working with blockchain intelligence providers, will continue to analyze data from the seized systems. That forensic work could set up additional enforcement actions that build on Tuesday’s cloud takedown.

Officials urged potential victims of related fraud to file reports with the FBI’s Internet Crime Complaint Center so investigators can trace funds and connect cases. The Huione action underscores how regulators and prosecutors are increasingly blending regulatory designations, private-sector blockchain forensics and targeted infrastructure seizures to hit the backbone of large-scale crypto fraud operations, not just the scammers at the edges.