Cryptohack Roundup: DOJ Seizes Huione Cloud Account

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Cryptohack Roundup: DOJ Seizes Huione Cloud Account Also: Guilty Pleas in $8M Home Invasion, $1.8B HyperFund Fraud Rashmi Ramesh (rashmiramesh_) • June 25, 2026     Credit Eligible Get Permission Image: Shutterstock Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. Department of Justice seized a Huione Group cloud account, Aztec's $2 million exploit, CoinEx's alleged Iranian link and warnings from law enforcement groups on crypto bill. A fake crypto influencer sentenced, guilty pleas in $8 million home invasion and $1.8 billion HyperFund fraud cases. See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation DOJ Seizes Huione Cloud Account in Crackdown on Crypto Laundering Network The U.S. Department of Justice seized a cloud computing account used by subsidiaries of Huione Group, a Cambodian company notorious for laundering billions of dollars on behalf of North Korean and other cybercrime groups. Federal officials said the account helped Huione move funds linked to online fraud operations, including scam compounds across Southeast Asia. The action forms part of Operation Riptide, an FBI-led effort targeting cybercrime and large-scale fraud networks. The seizure follows a 2025 decision by the Department of the Treasury's Financial Crimes Enforcement Network to identify Huione Group as a major money laundering concern. Investigators have tied Huione Guarantee, also known as Haowang Guarantee, to online marketplaces that advertised illicit services, including stolen financial data and cryptocurrency laundering tools (see: S Readies Huione Group Ban Over Cybercrime Links). Elliptic had previously reported that Huione launched its own stablecoin and blockchain-related products, which could provide alternative payment channels for its broader ecosystem. Aztec Investigates Second $2M Exploit in Legacy Infrastructure Aztec Labs is investigating an exploit that drained roughly $2 million from a deprecated payments product tied to the privacy-focused ethereum scaling project Aztec. Blockchain security firm PeckShield estimated losses at about $2.17 million. The incident is the second attack on legacy Aztec infrastructure in less than a week. A separate exploit on the project's immutable Aztec Connect smart contract drained approximately $2.1 million days earlier. Security researchers at BlockSec said the latest attack appears related to the earlier exploit but targeted a different liquidity pool through a separate entry point. The attacker exploited a validation weakness that allowed withdrawals to pass on-chain verification checks despite being unauthorized. While the flaw resembles the one used in the previous attack, BlockSec said the underlying bug is different. The Aztec Foundation said that the affected product was retired four years ago and has no connection to the project's current network or Aztec token. Crypto Promoter Pleads Guilty in $1.8B HyperFund Fraud Case Rodney "Bitcoin Rodney" Burton, a Miami-based cryptocurrency promoter, pleaded guilty to his role in the $1.8 billion HyperFund fraud, which operated from 2020 to 2022. Under a plea agreement, Burton admitted to conspiring to provide unlicensed money-transmitting services while helping market the investment platform. Prosecutors said Burton directed investor funds through companies presented as consulting businesses but used primarily to move money connected to the scheme. The authorities estimate he received at least $7.85 million in proceeds from the operation. HyperFund attracted investors by selling memberships that promised daily passive returns of 0.5% to 1%, with participants told they could eventually earn two to three times their original investment. The company claimed the payouts were backed by revenue from large-scale cryptocurrency mining activities. But the prosecutors said those mining operations did not exist. As the scam unraveled, HyperFund began restricting investor withdrawals in 2021. Burton now faces a maximum sentence of five years in federal prison on the conspiracy charge. TRM Labs Flag CoinEx as Key Route for Iranian Crypto Flows Cryptocurrency exchange CoinEx has processed more than $3.84 billion in transactions linked to sanctioned Iranian entities since 2019, said blockchain intelligence firm TRM Labs. The Seychelles-based exchange handled flows involving over 60 Iranian organizations, with roughly $2.7 billion tied to Iranian crypto platform Nobitex, it said. TRM found that Nobitex sent significantly more funds to CoinEx than it received, suggesting that Iranian users relied on the exchange for liquidity and to access global markets despite sanctions. The firm also reported that major Iranian exchanges routinely routed a portion of their transaction volume through CoinEx, indicating deep integration between the platform and Iranian crypto platforms. The report also linked CoinEx and its affiliated mining pool ViaBTC to Iranian activity, including mining payouts and liquidity support for Nobitex after a 2025 cyberattack. TRM also traced transactions involving Iran’s central bank and noted interactions with other sanctioned actors. CoinEx disputed the allegations, saying it has no commercial ties to Iranian exchanges or government-linked entities and does not knowingly serve sanctioned parties. The company said it was blacklisted by Iran in 2021 and has since strengthened compliance controls, including restrictions on Iran-related accounts and transactions. Law Enforcement Groups Warn Crypto Bill Could Weaken Oversight Major U.S. law enforcement organizations are urging federal officials to reconsider a provision in the Clarity Act, saying that it could make it harder to investigate and prosecute cryptocurrency-related crime. The bill, already approved by the House of Representatives and cleared for a vote on the Senate floor, would divide jurisdiction over digital assets between the Commodity Futures Trading Commission and the Securities and Exchange Commission. Giving the CFTC jurisdiction over spot markets in digital commodities would ease tax obligations for traders. In a letter to the Department of Justice and the White House, four national law enforcement groups warned that Section 604 contains broad exemptions that may allow certain crypto market participants to avoid regulatory scrutiny. The organizations said they support technological innovation but oppose provisions that could reduce oversight of entities involved in moving digital assets. The signatories include the National District Attorneys Association, the National Association of Assistant United States Attorneys, the International Association of Chiefs of Police and the National Sheriffs' Association. They said that parts of the bill could weaken anti-money laundering safeguards by reducing transparency and accountability. Section 604, known as the Blockchain Regulatory Certainty Act, would clarify that non-custodial software developers are not considered money transmitters. Critics have said that the exemption could create enforcement blind spots, while supporters said it provides regulatory certainty for developers. Fake Crypto Influencer Sentenced for $1.4M Staking Fraud A New York man who impersonated cryptocurrency influencers on Telegram and used fake staking opportunities to defraud investors of more than $1.4 million received a sentence of 15 months in federal prison. Noman Saleem, 39, received the sentence from U.S. District for the District of Maryland Judge Deborah K. Chasanow and will also serve three years of supervised release. Saleem pleaded guilty to wire fraud in September 2025. Saleem created Telegram accounts that mimicked well-known crypto influencers and attracted thousands of followers. He also operated a paid VIP channel, where he promoted cryptocurrency staking and investment opportunities that promised guaranteed returns. Victims were persuaded to transfer cryptocurrency to digital wallets under Saleem's control with the expectation that he would stake the assets and generate profits. Instead, the prosecutors said he never staked the funds and simply kept the money. After receiving the cryptocurrency, he stopped communicating with investors and disappeared. The scam affected multiple victims, including at least one person in Maryland. Authorities said the U.S. government recovered most of the stolen funds. Texas Brothers Plead Guilty in $8M Crypto Home Invasion Two Texas brothers pleaded guilty to robbing a Minnesota family of more than $8 million in cryptocurrency during a violent home invasion in September 2025. Federal prosecutors said Isiah Angelo Garcia, 25, and Raymond Christian Garcia, 24, traveled to Minnesota and held a family at gunpoint in their home for more than eight hours. The brothers restrained the victims with zip ties and demanded access to their cryptocurrency accounts. Isiah Garcia later forced one victim to travel to the family's cabin in Northern Minnesota to retrieve additional cryptocurrency storage devices. The victim was then compelled to transfer more digital assets, bringing the total stolen to more than $8 million. The attack ended when the victim's son managed to call emergency services. The brothers fled, but investigators identified them using evidence left at the scene and arrested them near Houston. Both men admitted to using firearms to threaten the family and pleaded guilty to interference with commerce by robbery. They agreed to pay more than $8 million in restitution and each faces a maximum sentence of 20 years in federal prison. A sentencing date has not yet been set.