A sweeping international crackdown has dismantled nine major cryptocurrency investment fraud centers, leading to the arrest of at least 276 suspects. This coordinated operation, involving U.S. and Chinese authorities, targeted schemes that defrauded Americans of millions of dollars through elaborate “pig butchering” scams. The raids, spearheaded by the Dubai Police under the UAE Ministry of Interior in partnership with the U.S. Federal Bureau of Investigation (FBI) and the Chinese Ministry of Public Security, underscore a global effort to combat borderless financial crime.
Among those apprehended are individuals from Burma and Indonesia, apprehended by authorities in Dubai and Thailand. The U.S. Department of Justice (DoJ) has unsealed indictments against several individuals, including Thet Min Nyi, 27, Wiliang Awang, 23, Andreas Chandra, 29, and Lisa Mariam, 29, who face federal fraud and money laundering charges. This action highlights a growing international resolve to pursue fraudsters operating remotely, with Assistant Attorney General A. Tysen Duva emphasizing that “fraudsters who target Americans from overseas cannot operate with impunity.”
International Authorities Dismantle Global Crypto Scam Operations
The indicted defendants are accused of managing, operating, and recruiting for three companies—Ko Thet Company, Sanduo Group, and Giant Company—that allegedly housed the scam centers. Thet Min Nyi is specifically identified as a manager and recruiter for Ko Thet Company. These operations specialized in “pig butchering” or “romance baiting” scams, where perpetrators build trust, often through simulated romantic relationships, before luring victims into investing in fraudulent cryptocurrency schemes. These illicit activities are frequently linked to human trafficking, with victims coerced into working under exploitative conditions after being recruited with false promises of employment.
According to the DoJ, scammers would promote cryptocurrency investments, assist victims in setting up fake accounts, and guide them in transferring funds to non-existent investment platforms. The perpetrators would then exaggerate their own investment successes to encourage victims to invest more, even urging them to take out loans or borrow money. Once funds were transferred, they were quickly laundered through various cryptocurrency accounts, including those controlled by the fraudsters.
The FBI’s “Operation Level Up,” initiated in January 2024, has proactively identified and alerted victims of such schemes. As of April 2026, this initiative has notified nearly 9,000 victims and recovered an estimated $562 million. This operation signifies a significant financial recovery and a crucial step in protecting unsuspecting individuals from these pervasive online threats.
Chinese Nationals Charged in Major Crypto Fraud Ring
In parallel actions, the DoJ has brought charges against two Chinese nationals, Jiang Wen Jie, also known as Jiang Nan, and Huang Xingshan, also known as Ah Zhe and Huang Xing Saan. They are accused of running the Shunda scam compound in Min Let Pan, Myanmar, and allegedly planning to establish a second center in Cambodia after Burmese authorities dismantled the initial one in November 2025. Huang Xingshan is reportedly a high-level manager within Shunda who participated in the physical punishment of trafficked workers, while Jiang Wen Jie allegedly led a team targeting American victims.
Thai authorities arrested both men in early 2026 while they were traveling from Cambodia to Burma. The Shunda compound utilized counterfeit investment platforms to defraud victims, including Americans. The DoJ stated that individuals trafficked to the compound were held against their will and forced to perpetrate scams under threats of violence and torture. The enforcement actions have also resulted in the seizure of a Telegram channel used for recruiting victims for scams in Cambodia and over 500 fake investment websites targeting U.S. victims. A U.S. government Scam Center Strike Force has also been instrumental in restraining over $701 million in cryptocurrency linked to money laundering from these scams.
Treasury Sanctions Cambodian Senator Linked to Scam Compounds
The U.S. Treasury Department has concurrently imposed sanctions on Cambodian Senator Kok An, his associates, and their business operations, including the K99 Group, due to their alleged involvement in a network of cyber scam compounds. The State Department has also announced rewards of up to $10 million for information leading to the seizure or recovery of proceeds related to the Tai Chang scam center in Burma. Kok An is believed to have fled Thailand, and an arrest warrant has been issued for him and his children.
The Office of Foreign Assets Control (OFAC) noted that Kok An and his affiliates’ scam centers, often operating out of retrofitted casinos and office parks, launder victim funds and serve as bases for targeting U.S. citizens and committing human rights abuses. This action follows sanctions against another Cambodian senator, Ly Yong Phat, in September 2024, for his alleged role in human trafficking for forced labor in online scam centers. In response to the proliferation of these operations, Cambodia’s parliament has passed legislation to combat scam centers, with penalties for convictions ranging from five to 10 years in prison and fines up to $250,000.
Sophisticated Malware Linked to Cambodian Scam Operations
Further complicating the landscape, an Android banking trojan has been identified, believed to be operating from multiple locations, including the K99 Triumph City compound in Cambodia. This malware is capable of real-time surveillance, credential theft, data exfiltration, and financial fraud, and has been in use since at least 2023. Researchers indicate that this sophisticated malware-as-a-service (MaaS) platform shares infrastructure and behavioral characteristics with threat actors previously tracked as Vigorish Viper and Vault Viper.
The illicit operation is continuously registering new domains—around 35 per month—that impersonate legitimate organizations and government services to distribute the malware. These domains are designed to mimic banks, pension funds, social security organizations, utility providers, and various government agencies. The scope of these scams has expanded geographically and contextually, now including lures targeting airlines, e-commerce platforms, and countries in Africa and Latin America. The attack chain typically involves malicious URLs distributed via SMS or email, leading victims to fake app stores or government websites, followed by the installation of malware that allows attackers to steal credentials and transfer funds.
Operation Atlantic Recovers Millions and Strengthens Digital Asset Security
These developments occur alongside “Operation Atlantic,” which has successfully frozen approximately $12 million from a cybercrime operation that used “approval phishing” to drain cryptocurrency wallets. Approval phishing deceives victims into signing transactions that grant scammers full control over their digital assets. According to TRM Labs, these attacks are frequently integrated into investment or romance scams. Over 20,000 victims across 30 countries have been identified, with authorities confiscating over 120 malicious domains and identifying an additional $33 million linked to global investment fraud schemes.
In early April, the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection launched a new information-sharing initiative to bolster cybersecurity within the digital asset industry. Eligible U.S. digital asset firms and industry organizations will now receive actionable cybersecurity information to enhance their defenses against cyber threats. This initiative aims to provide timely and practical intelligence, helping firms better identify, prevent, and respond to cyber threats targeting their networks and customer base.