DOJ Scam Center Strike Force Seizes $702M in Crypto: What Pig-Butchering Means for Your AML Program

TL;DR

• The DOJ’s Scam Center Strike Force restrained $701.9 million in cryptocurrency tied to pig-butchering scams — one of the largest crypto seizures in DOJ history
• OFAC sanctioned 29 entities, including Cambodian Senator Kok An’s network and Heng Feng Cambodia Bank, creating immediate screening obligations for US financial institutions
• 503 fake investment websites and a Telegram recruitment channel were seized; two Chinese nationals were charged with wire fraud conspiracy for running the Myanmar Shunda compound
• US compliance teams must update SDN screening, SAR typologies, and transaction monitoring rules immediately — the Chainalysis and TRM Labs guidance is already out

On April 23, 2026, the Justice Department’s Scam Center Strike Force announced it had restrained over $701.9 million in cryptocurrency linked to Southeast Asian pig-butchering operations — and alongside that, Treasury’s OFAC sanctioned a Cambodian senator and 28 entities including a foreign bank that funneled fraud proceeds.

For US financial institutions, this isn’t background noise. A foreign bank just hit the Specially Designated Nationals list. That creates real blocking and reporting obligations right now.

What the DOJ Strike Force Actually Did

The Scam Center Strike Force — launched in November 2025 — exists for one purpose: dismantling the criminal infrastructure of Southeast Asian scam centers that have stolen billions from Americans.

The April 23 announcement was the Strike Force’s largest action to date:

• $701.9 million in cryptocurrency restrained from wallets tied to money laundering from pig-butchering victims
• 503 fake cryptocurrency investment websites and mobile apps seized and taken offline
• One Telegram channel shut down — it had been used to recruit human trafficking victims to the Cambodia scam compound
• Two Chinese nationals criminally charged with wire fraud conspiracy

The two charged individuals — Huang Xingshan (also known as “Ah Zhe”) and Jiang Wen Jie (also known as “Jiang Nan”) — allegedly managed the Shunda compound in Min Let Pan, Burma (Myanmar). The Shunda compound operated roughly from early 2025 through November 2025, when it was seized. Trafficked workers at Shunda were coerced into running pig-butchering scams: building fake romantic or investment relationships with US victims, then steering them into fraudulent crypto platforms.

Both men were arrested in Thailand on immigration charges and US prosecutors are seeking extradition to Washington. They face charges of wire fraud conspiracy under 18 U.S.C. § 1349.

US Attorney Jeanine Ferris Pirro described the scope: “These networks have stolen billions from Americans.” That’s not an exaggeration. The FBI’s Internet Crime Complaint Center reported $7.2 billion in US victim losses from pig-butchering and crypto investment scams in 2025 alone — making it one of the fastest-growing categories of financial crime in IC3 history.

The OFAC Piece Is What Actually Requires Action Today

Criminal charges against overseas nationals make news. OFAC designations require immediate compliance action.

Treasury’s OFAC simultaneously designated 29 individuals and entities connected to Cambodian Senator Kok An, who OFAC identified as controlling scam compounds throughout Cambodia.

The designations hit across multiple sectors:

The Heng Feng Bank designation is the most operationally significant piece for US financial compliance teams. A bank is now on the SDN list. That creates blocking requirements, not just screening requirements.

Any US financial institution — bank, broker-dealer, money services business, crypto exchange — that has a correspondent relationship with Heng Feng Cambodia Bank, processes transactions for Heng Feng customers, or holds any assets in which Heng Feng has an interest must:

1. Immediately block those transactions and assets
2. File a report with OFAC within 10 business days (for blocked transactions)
3. Review any prior transactions for OFAC exposure

Beyond the bank, the 28 additional designations span casinos, real estate, and construction in the Sihanoukville area — meaning any US firm with Cambodian business counterparties in those sectors should run enhanced screening now.

Treasury’s press release on the sanctions is at home.treasury.gov/news/press-releases/sb0469.

Pig-Butchering: What the Fraud Pattern Looks Like at the Account Level

The reason pig-butchering is so hard for traditional AML programs to catch: the fraud doesn’t look like fraud at the bank. It looks like a customer voluntarily wiring money.

Here’s the pattern compliance programs need to detect:

Phase 1 — Victim cultivation (invisible to the bank) The scammer makes contact via dating apps, social media, or wrong-number texts. Weeks or months of relationship-building happen before any money moves. The bank sees nothing.

Phase 2 — “Investment” begins Victim makes a small initial “investment” — often $1,000–$10,000 — wired or sent via crypto to what looks like a legitimate exchange. Early “returns” are shown on the fake platform to build confidence.

Phase 3 — Escalation The victim begins moving significantly larger amounts — often draining savings, liquidating retirement accounts, or taking out loans. The bank sees large outgoing wires or ACH to crypto on-ramps.

Phase 4 — Exit When the victim tries to withdraw, the platform demands “taxes” or “fees.” Then it disappears entirely. Funds have already flowed through multiple wallets into the broader pig-butchering laundering network — some of which is now represented in the $701.9M restrained.

What Your SAR Program Is Probably Missing

The FBI and FinCEN have issued pig-butchering SAR guidance, but most financial institution transaction monitoring systems weren’t built with this typology in mind. Here’s what the pattern actually looks like in monitoring alerts:

High-value, out-of-pattern crypto transfers — A customer with a standard retail profile begins sending $10,000–$50,000 to crypto exchanges. Each transfer just under CTR threshold. Multiple over 30–60 days.

Liquidation before transfer — Customer closes long-term savings accounts or sells securities to fund crypto purchases. The sequence of liquidation → crypto on-ramp is a red flag.

Transfer to unknown or high-risk VASPs — Funds going to virtual asset service providers that lack robust KYC, or to wallet addresses flagged by blockchain analytics tools as connected to known scam clusters.

Customer statements inconsistent with behavior — When asked, the customer describes “investment opportunities” from an online contact. They may be resistant or dismissive when branch staff raises concerns.

Inbound “profit” returns followed by larger outflows — This is the “showing the fish the bait” phase. Small inflows hit the account, which the customer withdraws and reinvests in larger amounts. This sequence should trigger enhanced review.

FinCEN has previously published advisory FIN-2023-A008 on virtual currency investment scams (pig-butchering) with specific SAR filing guidance. If your transaction monitoring rules haven’t been updated to incorporate that advisory’s typologies, this enforcement action is the prompt to do it now.

Control Failure Analysis: Where AML Programs Break Down on Pig-Butchering

Five Things to Do Monday Morning

1. Run the new designations against your SDN screening system. Pull the OFAC SDN list update from April 23, 2026. Confirm Heng Feng Cambodia Bank plc and the 28 other entities from press release sb0469 are loaded. Check for any existing customer or counterparty matches.

2. Review correspondent banking relationships for Cambodia exposure. If your institution has correspondent banking relationships that touch Cambodian financial institutions, flag them for enhanced review. The Heng Feng designations signal that Treasury views Cambodian financial infrastructure as compromised in the Sihanoukville area.

3. Add pig-butchering transaction monitoring rules if you haven’t already. Two specific rules: (a) account liquidation events (CD early withdrawal, securities sale, HELOC draw) followed by first-time crypto transfer within 30 days; (b) inbound small crypto transfer followed by larger outbound crypto transfer within 14 days (the “showing profits” pattern).

4. File a 30-day SAR lookback if you have customers who sent funds to any of the 503 seized domains. The DOJ press release will eventually include a list. TRM Labs and Chainalysis are already publishing blockchain analytics on the seized wallets — your BSA team should pull those reports.

5. Update your front-line training scenario library. Add: “Customer age 50+ with no prior crypto history suddenly liquidating retirement savings to wire to crypto exchange, describing an ‘investment opportunity’ from a friend they’ve never met in person.” That’s your pig-butchering victim profile. Branch staff intervention at this stage can prevent six-figure losses.

The Compliance Signal This Enforcement Sends

The DOJ launched the Scam Center Strike Force in November 2025. By April 2026 — five months in — it has restrained $702M and coordinated with OFAC to sanction a foreign bank.

That operational tempo tells you something: this is not a one-off press release. The Strike Force is actively building cases and will continue to generate intelligence, seizures, and SDN additions tied to this network. Your screening and SAR programs are now on notice.

For crypto exchanges specifically, the seizure of 503 fake investment websites means the government has a list of digital infrastructure tied to pig-butchering. Blockchain analytics firms will be publishing wallet addresses and transaction flow maps. That’s actionable data for transaction monitoring updates.

For banks, the Heng Feng designation means correspondent banking risk has a new data point. Any Cambodian-connected correspondent should get a fresh risk review.

If you’re tracking enforcement actions and building the documentation trail your regulators want to see — which enforcement actions you reviewed, what you changed in your program as a result, who signed off — the Issues Management Tracker makes that process systematic instead of ad hoc.

Related reading:

• FinCEN’s Record $80M BSA Fine Against Canaccord Genuity: What Every Broker-Dealer Needs to Fix
• DOJ Extradites Ivorian National for $14M BEC Credential Phishing Scheme
• DOJ National Fraud Enforcement Division: Compliance Implications

Sources:

• DOJ Press Release: Scam Center Strike Force Takes Major Actions Against Southeast Asian Scam Centers
• Treasury OFAC Press Release: Sanctions Against Cambodian Senator Kok An and Network (sb0469)
• Chainalysis: US Crackdown on Southeast Asian Crypto Scam Centers
• TRM Labs: OFAC Sanctions Cambodian Senator and Scam Center Network
• FBI IC3: 2025 Internet Crime Report