Global Crackdown on Cryptocurrency Scam Centers Yields 276 Arrests, $700M in Seized Funds
A sweeping international operation led by Dubai Police, in collaboration with the FBI and China’s Ministry of Public Security, has dismantled nine cryptocurrency scam centers and arrested 276 suspects linked to fraud schemes targeting Americans. The coordinated effort, part of Operation Level Up, has prevented an estimated $562 million in losses since its launch in January 2024, with authorities notifying nearly 9,000 victims as of April 2026.
Among those charged are six individuals including Thet Min Nyi (27), Wiliang Awang (23), and Andreas Chandra (29) accused of running fraudulent companies (Ko Thet Company, Sanduo Group, and Giant Company) that orchestrated "pig butchering" scams. These schemes involved building trust through fake romantic or friendly relationships before luring victims into fraudulent cryptocurrency investments. Once funds were transferred, assets were laundered into accounts controlled by the fraudsters. The operation also exposed ties to human trafficking, with foreign nationals coerced into running scams under slave-like conditions after being deceived by false job offers.
In a separate case, two Chinese nationals Jiang Wen Jie and Huang Xingshan were charged for their roles in the Shunda scam compound in Myanmar, where trafficked workers were forced to defraud victims under threats of violence. Huang, a high-level manager, allegedly participated in physically punishing workers, while Jiang oversaw teams targeting Americans. Both were arrested in Thailand in early 2026 while traveling from Cambodia to Burma.
The crackdown extended to digital infrastructure, with authorities seizing a Telegram channel (@pogojobhiring2023) used to recruit trafficking victims and 503 fake investment websites. Over $701 million in cryptocurrency tied to money laundering was restrained, while the U.S. Treasury sanctioned Cambodian Senator Kok An and his associates for operating scam centers under the K99 Group. Kok An, linked to cyber fraud and human rights abuses, remains at large after fleeing Thailand.
Cambodia has responded by passing its first law targeting scam centers, imposing 5–10-year prison sentences and fines up to $250,000 for convicted operators. Meanwhile, researchers uncovered an Android banking trojan likely originating from the K99 Triumph City compound used since 2023 to steal credentials and drain bank accounts. The malware, distributed via fake government and banking domains, has expanded to target victims in Africa and Latin America, with 400 new lure domains registered in 2025 alone.
In parallel, Operation Atlantic froze $12 million from a cybercrime ring using "approval phishing" to hijack cryptocurrency wallets, affecting over 20,000 victims across 30 countries. The U.S. Treasury also launched a cybersecurity initiative to share threat intelligence with digital asset firms, aiming to bolster defenses against evolving fraud tactics.
Source: https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html
Star San Duo cybersecurity rating report: https://www.rankiteo.com/company/star-san-duo
HackRead Media cybersecurity rating report: https://www.rankiteo.com/company/hackread
"id": "STAHAC1777905270",
"linkid": "star-san-duo, hackread",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Unknown (part of pig butchering '
'scams)',
'industry': 'Cryptocurrency',
'location': 'Southeast Asia',
'name': 'Ko Thet Company',
'type': 'Fraudulent Investment Company'},
{'customers_affected': 'Unknown (part of pig butchering '
'scams)',
'industry': 'Cryptocurrency',
'location': 'Southeast Asia',
'name': 'Sanduo Group',
'type': 'Fraudulent Investment Company'},
{'customers_affected': 'Unknown (part of pig butchering '
'scams)',
'industry': 'Cryptocurrency',
'location': 'Southeast Asia',
'name': 'Giant Company',
'type': 'Fraudulent Investment Company'},
{'customers_affected': 'Americans and other victims',
'industry': 'Cybercrime',
'location': 'Myanmar',
'name': 'Shunda Scam Compound',
'type': 'Scam Center'},
{'customers_affected': 'Unknown',
'industry': 'Cybercrime',
'location': 'Cambodia',
'name': 'K99 Group',
'type': 'Scam Center Network'},
{'customers_affected': '20,000+',
'industry': 'Various',
'location': '30 countries (global)',
'name': 'Victims of Approval Phishing (Operation '
'Atlantic)',
'size': '20,000+ victims',
'type': 'Individuals/Entities'}],
'attack_vector': ['Social Engineering (Pig Butchering)',
'Fake Investment Websites',
'Android Banking Trojan',
'Approval Phishing'],
'customer_advisories': 'Nearly 9,000 victims notified; public warnings about '
"'pig butchering' scams and fake investment schemes",
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '20,000+ (Operation Atlantic)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (financial and personal data)',
'type_of_data_compromised': ['Banking Credentials',
'Cryptocurrency Wallet Access',
'Personal Identifiable '
'Information (PII)']},
'date_detected': '2024-01-01',
'date_publicly_disclosed': '2026-04-01',
'description': 'A sweeping international operation led by Dubai Police, in '
'collaboration with the FBI and China’s Ministry of Public '
'Security, dismantled nine cryptocurrency scam centers, '
'arrested 276 suspects, and seized $701 million in funds '
'linked to fraud schemes targeting Americans. The operation '
"exposed 'pig butchering' scams, human trafficking, and money "
'laundering networks, with ties to fake investment companies '
'and coerced labor.',
'impact': {'brand_reputation_impact': ['Negative publicity for cryptocurrency '
'platforms',
'Erosion of trust in digital '
'investments'],
'customer_complaints': 'Nearly 9,000 victims notified',
'data_compromised': ['Banking Credentials',
'Cryptocurrency Wallet Access',
'Personal Identifiable Information (PII)'],
'financial_loss': '$562 million (prevented losses)',
'identity_theft_risk': 'High (PII and banking credentials '
'compromised)',
'legal_liabilities': ['Fines up to $250,000 (Cambodia)',
'U.S. Treasury Sanctions'],
'operational_impact': ['Disruption of Scam Operations',
'Seizure of Digital Infrastructure'],
'payment_information_risk': 'High (Cryptocurrency and bank account '
'hijacking)',
'revenue_loss': '$701 million (seized funds)',
'systems_affected': ['Cryptocurrency Wallets',
'Banking Systems',
'Mobile Devices (Android)']},
'initial_access_broker': {'backdoors_established': ['Android Banking Trojan',
'Approval Phishing'],
'entry_point': ['Fake Job Offers',
'Romantic/Social Engineering Scams',
'Phishing Domains'],
'high_value_targets': ['Americans',
'Cryptocurrency Investors',
'Banking Customers']},
'investigation_status': 'Ongoing (Kok An at large, additional scam centers '
'may exist)',
'lessons_learned': ['Need for international collaboration to combat '
'cross-border cybercrime',
"Rise of 'pig butchering' scams and human trafficking in "
'cyber fraud',
'Expansion of Android banking trojans targeting global '
'victims',
'Importance of proactive victim notifications and asset '
'recovery'],
'motivation': ['Financial Gain', 'Human Trafficking', 'Cyber Fraud'],
'post_incident_analysis': {'corrective_actions': ['International law '
'enforcement collaboration '
'(Operation Level Up, '
'Operation Atlantic)',
'New anti-scam laws (e.g., '
'Cambodia)',
'U.S. Treasury sanctions '
'and cybersecurity '
'initiatives',
'Public awareness campaigns '
'against social engineering '
'scams'],
'root_causes': ['Lack of international regulatory '
'coordination',
'Exploitation of trust in digital '
'investments',
'Human trafficking and coerced '
'labor in scam centers',
'Proliferation of fake investment '
'websites and phishing domains']},
'recommendations': ['Enhance cross-border law enforcement cooperation',
'Implement stricter regulations for cryptocurrency '
'platforms',
'Improve public awareness of social engineering scams',
'Strengthen cybersecurity defenses for digital asset '
'firms',
'Monitor and dismantle fake investment websites and '
'recruitment channels'],
'references': [{'date_accessed': '2026-04-01',
'source': 'Dubai Police/FBI/China’s Ministry of Public '
'Security'},
{'date_accessed': '2026-04-01',
'source': 'U.S. Treasury Sanctions Announcement'},
{'date_accessed': '2026-04-01',
'source': 'Cambodia’s Anti-Scam Law'}],
'regulatory_compliance': {'fines_imposed': '$250,000 (potential under '
'Cambodia’s law)',
'legal_actions': ['U.S. Treasury Sanctions',
'Arrests and charges in multiple '
'countries'],
'regulations_violated': ['Anti-Money Laundering '
'(AML) Laws',
'Human Trafficking Laws',
'Cybercrime Laws',
'Cambodia’s New Anti-Scam '
'Law']},
'response': {'containment_measures': ['Arrests of 276 suspects',
'Seizure of 503 fake investment '
'websites',
'Freezing of $701 million in '
'cryptocurrency'],
'enhanced_monitoring': ['U.S. Treasury’s cybersecurity '
'initiative for digital asset firms'],
'incident_response_plan_activated': 'International law '
'enforcement collaboration '
'(Operation Level Up, '
'Operation Atlantic)',
'law_enforcement_notified': True,
'recovery_measures': ['Victim notifications (9,000+)',
'Asset recovery efforts'],
'remediation_measures': ['Shutdown of Telegram recruitment '
'channel (@pogojobhiring2023)',
'Sanctions against Kok An and '
'associates',
'Cambodia’s new anti-scam law'],
'third_party_assistance': ['FBI',
'China’s Ministry of Public Security',
'Dubai Police',
'U.S. Treasury']},
'stakeholder_advisories': 'U.S. Treasury’s cybersecurity initiative for '
'digital asset firms to share threat intelligence',
'threat_actor': ['Thet Min Nyi',
'Wiliang Awang',
'Andreas Chandra',
'Jiang Wen Jie',
'Huang Xingshan',
'Kok An (K99 Group)',
'Trafficked Workers (Coerced)'],
'title': 'Global Crackdown on Cryptocurrency Scam Centers (Operation Level '
'Up)',
'type': ['Cryptocurrency Scam',
'Fraud',
'Human Trafficking',
'Money Laundering',
'Phishing'],
'vulnerability_exploited': ['Trust Exploitation',
'Fake Job Offers',
'Malicious APKs',
'Phishing Domains']}