127,000 BTC, $15 billion: The US "harvests" the Prince Group

Written by: 0xjs@Golden Finance

The mantis stalks the cicada, unaware of the oriole behind.

Southeast Asia's largest telecom fraud ring has finally been "taken down" by the US government.

On the evening of October 14th, Beijing time, the US Department of Justice indicted Chen Zhi, founder and chairman of the Cambodia-based transnational fraud ring "Prince Group," and other accomplices on charges of wire fraud and money laundering. If convicted of both counts, the US government will forfeit all property or proceeds directly or indirectly derived from the crimes, including, but not limited to, 127,271 Bitcoins (approximately $15 billion).

These approximately 127,000 BTC, the proceeds and instruments of Prince Group's fraud and money laundering scheme, were previously stored in a non-custodial cryptocurrency wallet to which Chen Zhi held the private keys and are now under US government control. The crypto community is concerned about whether the 127,000 Bitcoins currently controlled by the US government are related to the 127,000 BTC stolen from Lubian Pool, once the sixth-largest Bitcoin mining pool, in 2020. Golden Finance has reviewed the US Department of Justice indictment and compiled key information as follows: 1. 25 Bitcoin Wallets, 127,000 BTC US Department of Justice documents reveal that these 127,000 BTC were once stored in encrypted addresses in 25 non-custodial wallets controlled by Chen Zhi. Furthermore, Chen Zhi had already accumulated this significant amount of BTC through massive fraud and money laundering as early as 2020. Chen Zhi personally kept records of each wallet address and the mnemonic phrases associated with the private keys. The 25 addresses are shown in the table below: 2. Two key dates: December 29, 2020, and June 22, 2024.

Tracking the addresses in the above table, it was found that taking the first address 3Pja5FPK1wFB9LkWWJai8XYL1qjbqqT9Ye as an example, on December 29, 2020, 20,452 bitcoins at this address were transferred in batches. It is split into dozens to hundreds of BTC and transferred to multiple BTC addresses: alt="4o4zsK7NADbfn9DFYD2oBHaFyU1gIQXE6e3t0wGy.png">

The BTC in these addresses (taking the first address bc1qut988zlc9uhmczj4yz3d8c4xn8qdh2g7rymdzy in the picture above as an example, 105.7 pieces) were transferred to a new address (34x7umj1KZRH94F1nvyF6MtXQoLgQ3swRd) on June 22, 2024, and have not been transferred since then. The last address, 339khCuymVi4FKbW9hCHkH3CQwdopXiTvA, follows the same pattern. However, on December 29, 2020, 1,500 BTC were transferred to a new address at once. III. How did the US government control the 127,000 BTC “stolen” from the Lubian mining pool? The BTC addresses mentioned in the previous section are all marked as Lubian hackers on Arkham. December 29, 2020, was the day 127,000 BTC was stolen from the Lubian mining pool. According to Arkham Research, the Lubian mining pool was one of the world's largest Bitcoin mining pools in 2020. In May 2020, its computing power accounted for nearly 6% of the total Bitcoin network computing power. On December 29, 2020, it was hacked. How can we determine whether the Lubian mining pool was stolen? Arkham Research found that each hacker address received a transaction with an OP_RETURN message, in which LuBian requested the hacker to return the stolen funds. To send these messages, LuBian initiated 1,516 transactions, consuming approximately 1.4 bitcoins. See Jinse Finance's previous report, "BTC Heist: Shocking $14.5 Billion Exposed: 120,000 Bitcoins, On-Chain Information Reveals the Truth." According to the US government's announcement, Prince Group's 127,000 bitcoins are currently under US government control. This means that the US government already controlled these 127,000 BTC by June 22, 2024 at the latest.

On-chain intelligence agencies also mistakenly labeled the US government as the Lubian hacker. So, how did the 127,000 BTC once controlled by Prince Group founder Chen Zhi end up in the hands of the US government? We can boldly speculate, and the possibilities include but are not limited to the following four: 1. The US government obtained Chen Zhi's mnemonic before December 29, 2020, transferred the Lubian mining pool BTC on December 29, 2020, and the US government sorted out the BTC on June 22, 2024; 2. Chen Zhi wrote and directed the "Lubian mining pool theft" case on December 29, 2020. After the "theft", his new address mnemonic was obtained by the US government, and the BTC was transferred by the US government on June 20, 2024. The new question is, how did the US government obtain the mnemonic? 3. An insider around Chen Zhi attacked the Lubian mining pool. This person was subsequently captured by the US government. On June 22, 2024, Bitcoin was controlled by the US government, and the US government brought down the whole thing. 4. A real hacker attacked the Lubian mining pool. The hacker was captured by the US government. Same as 3. More details of the case require further disclosure from the US government.

IV. Individuals and Entities Related to the “Prince Group Case”

Prince Group Senior Management Organization Chart

According to the U.S. Department of Justice indictment, the relevant individuals and entities are as follows:
a. Chen Zhi: holds citizenship of China, Cambodia, Vanuatu, Saint Lucia, and Cyprus, and has resided in Cambodia, Singapore, Taiwan, China, and the United Kingdom.
b. Co-conspirator 1: holds citizenship of Cambodia, Vanuatu, Cyprus, and Saint Kitts, and has resided in Cambodia, Singapore, and the United Kingdom.
c. Conspirator 2: A citizen of Cambodia and Cyprus, who previously resided in Singapore and the United States.
d. Conspirator 3: A citizen of China and Cambodia, who previously resided in the United States and elsewhere.
e. Conspirator 4: A citizen and resident of Cambodia.
f. Conspirator 5: A citizen and resident of Hong Kong, China.
g. Conspirator 6: A citizen and resident of Hong Kong, China.
h. Conspirator 7: A citizen and resident of Singapore.
i. Exchange-1: A cryptocurrency exchange based in China.
j. Exchange-2: A cryptocurrency exchange based in the Seychelles.
k. Exchange-3: A cryptocurrency exchange based in the United States.
l. Exchange-4: A cryptocurrency exchange based in the United States.
m. Trading Platform-1: An online trading platform. n. Financial Institution-1: A U.S.-based financial institution whose deposits are insured by the Federal Deposit Insurance Corporation (FDIC). o. Prince Group: A Cambodian-registered holding company operating over 100 business entities in over 30 countries worldwide. Chen Zhi is its founder and chairman. p. Yun Ki Estate Intermediary Co., Ltd.: A subsidiary of Prince Group, primarily engaged in real estate development. From approximately 2020 to the present, Co-conspirator 1 served as its chairman. q. Awesome Global Investment Group: A subsidiary of Prince Group, primarily engaged in entertainment, hospitality, and real estate development. From approximately 2017 to 2022, Co-conspirator 2 served as its chairman. r. Prince Real Estate Group and Prince Huan Yu Real Estate Group: Subsidiaries of Prince Group, both primarily engaged in real estate development. From approximately 2018 to at least 2024, Co-conspirator 3 served as Chairman of Prince Huan Yu Real Estate Group. s. Prince Bank: Subsidiary of Prince Group, primarily engaged in financial services. From approximately 2015 to at least 2023, Co-conspirator 4 served as Vice Chairman of Prince Bank. t. Warp Data Technology Lao Sole Co., Ltd.: A Laos-registered entity that operated Bitcoin mining facilities. u. Lubian: A Chinese Bitcoin mining organization with Bitcoin mining facilities in various locations across Asia, including China and Iran. v. Future Technology Investment (“FTI”): a Cayman Islands-registered entity of which Co-conspirator 6 served as a director and a signatory on its bank accounts. w. Amber Hill Ventures Limited (“Amber Hill”): a British Virgin Islands-registered entity of which Co-conspirator 6 served as a director and a signatory on its bank accounts. x. Lateral Bridge Global Limited (“LBG”): a British Virgin Islands-registered entity of which Co-conspirator 7, who was associated with FTI and Amber Hill, served as a director. y. Hing Seng Limited (“Hing Seng Company”): an entity registered in Hong Kong, China.

Prince Group Criminal Network

It is reported that Southeast Asian fraud syndicates lure unsuspecting job seekers from more than 70 countries, forcing them to work with active criminals to carry out large-scale and complex fraud in almost every jurisdiction around the world.

In Cambodia, Laos, and Myanmar alone, the workforce engaged in cybercrime is believed to exceed 350,000 people. Estimates suggest that the annual revenue of Southeast Asian fraud syndicates ranges from US$50 billion to US$75 billion. This makes transnational fraud arguably the most significant economic activity in the entire Mekong Subregion of Southeast Asia—its scale even equal to nearly half the combined GDP of its major host countries. Cambodia's fraud industry is particularly lucrative, with estimated annual illicit revenues ranging from $12.5 billion to $19 billion. Since approximately 2015, Chen Zhi and Prince Group executives have engaged in cryptocurrency investment scams and other fraudulent schemes, defrauding victims worldwide and embezzling billions of dollars. To implement these schemes, Chen Zhi and his co-conspirators directed Prince Group to establish and operate "forced labor fraud parks" throughout Cambodia, forcing personnel within these parks to commit large-scale fraud. Chen Zhi and his co-conspirators leveraged political influence in multiple countries to protect their criminal activities and bribed foreign public officials to evade law enforcement. They then laundered the proceeds of the fraud through professional money laundering institutions and Prince Group's own "ostensibly legitimate" business network, including online gambling and cryptocurrency mining.

V. How the Telecom Fraud Group Carries Out Scams

The US Department of Justice's indictment contains extensive information, detailing how the Southeast Asian telecom fraud group operates.

Chen Zhi is the founder and chairman of the Prince Group. According to the group's official website, its "core business units" in Cambodia include "Prince Real Estate Group, Prince Huanyu Real Estate Group, Prince Bank, and Aoshi Global Investment Group." These units and other entities affiliated with the Prince Group are involved in a number of publicly disclosed business areas, including "real estate development, banking, finance, tourism, logistics, technology, catering, and lifestyle." Prince Group's greatest profits derive from illegal fraudulent activities led by Chen Zhi and facilitated by his core executives and accomplices (including Co-conspirators 1 through 7). These activities primarily include: 1. Fraud Campuses. Prince Group holds a dominant position in the aforementioned online fraud industry. Within this illicit industry, thousands of migrant workers seeking employment in Cambodia and other locations are trafficked to fraud campuses, where they are coerced into engaging in cryptocurrency investment scams and other fraudulent activities under threat of violence. These fraud campuses contain large dormitories surrounded by high walls and barbed wire, effectively functioning as "forced labor camps." At Chen Zhi’s direction, Prince Group established and operated at least 10 scam parks across Cambodia dedicated to cryptocurrency investment scams and other fraudulent schemes, including: (i) the Jinbei Compound in Sihanoukville, Cambodia, associated with Prince Group’s Jinbei Hotel Casino; (ii) the Jinfu Technology Park (also known as the Jinyun Compound) in Chirettom, Cambodia; and (iii) the Mango Park (also known as the Jinhong Park) in Kampong Speu Province, Cambodia. Chen Zhi directly participated in the management of the scam parks and maintained relevant records for each park, including profit tracking records clearly marked as “pig-killing” scams. A ledger maintained by Chen Zhi detailed the various fraud schemes operated at the Prince Group's Jinhong Park, along with the specific schemes assigned to each building and floor within the park. These schemes included "Vietnam Order Scam," "Russian Order Scam," "European and American Talk" (fraudulent conversations), "Vietnam Talk," "China Talk," "Taiwan Talk," and "China Brushing" (online retail scams). Chen Zhi and his co-conspirators designed the fraudulent park to maximize profits and personally ensured it had the necessary infrastructure to "reach as many victims as possible." For example, around 2018, Co-conspirator 1 obtained millions of mobile phone numbers and account passwords from illegal online marketplaces; around 2019, Co-conspirator 3 helped oversee the construction of the Jinfu Park. Chen Zhi himself also left documents describing and displaying "phone farms"—automated call centers used to perpetrate cryptocurrency investment scams and other cybercrimes. The documents detailed the construction of two "phone farm" facilities: each equipped with 1,250 mobile phones capable of controlling 76,000 accounts on a popular social media platform.

In addition, internal documents of the Prince Group also contain instructions on "how to build trust with victims" and operational instructions on "how to register social media accounts in bulk" (including explicit instructions to "use 'less beautiful' female profile pictures to ensure that the accounts look authentic").

In the summer of 2022, co-conspirator 2 boasted that in 2018, the Prince Group had made an average daily profit of more than US$30 million through fraudulent pig-killing schemes and related illegal activities. 2. Advancing the Criminal Scheme Through Bribery and Violence Chen Zhi and his co-conspirators exploited their political influence to shield fraudulent activities from law enforcement in multiple countries. For example, senior executives of Prince Group bribed to obtain advance warning of law enforcement raids on fraud parks. Furthermore, Chen Zhi assigned Co-conspirator 2 to oversee Prince Group's "risk control" functions, overseeing the progress of related investigations and safeguarding Prince Group's interests through "corrupt transactions" with foreign law enforcement officials. Chen Zhi maintained ledgers for bribes to public officials, one of which recorded "reimbursements of hundreds of millions of dollars in bribes and luxury goods to individuals associated with Prince Group." For example, the ledgers show that in 2019, Co-conspirator 2 purchased a yacht worth over $3 million for a senior foreign government official. Chen Zhi also purchased luxury watches worth millions of dollars for another senior foreign government official. In 2020, the official assisted Chen Zhi in obtaining a diplomatic passport, which Chen Zhi used to travel to the United States in April 2023.

As part of his “risk control” duties, Co-conspirator 2 served as an “enforcer” for the Prince Group, maintaining its dominance in the fraud industry through corruption and violence. For example, around July 2024, conspirator 3 communicated with Chen Zhi about "personnel associated with the Prince Group stealing the group's illegal profits," stating that "a financial staff member absconded with the funds and attempted to hide," and told Chen Zhi that "measures are being taken to recover the stolen money," and promised that "no matter what, we will conduct a thorough investigation. I wonder if the boss (referring to Chen Zhi) and the group have any suggestions or methods to share... The mafia and the government are ready to take action and make an example of someone. Boss, does the group have relevant experience or resources?" Chen Zhi then replied: "You should communicate with conspirator 2 about this matter first. Get all the information first and then decide how to deal with it. Find out this person's current whereabouts."

Under Chen Zhi's instructions, personnel associated with the Prince Group frequently used violence and coercion to achieve "business goals" and advance their criminal plans. For example, a person associated with the Prince Group discussed with Chen Zhi about “beating people who ‘caused trouble’ in the park.” Chen Zhi approved the beating plan but instructed “not to beat them to death” and added: “We must keep an eye on them and don’t let them run away.” Another example is that Chen Zhi discussed with co-conspirator 4 about “two missing persons being found by the police in the Jinfu Park.” Co-conspirator 4 assured Chen Zhi that he would handle the matter but suggested that Chen Zhi use his “police connections.” (3) The Brooklyn Network The Prince Group’s investment fraud scheme targets victims worldwide (including victims in the United States) and is implemented with the help of a local network working for it. Among them, a network called the Brooklyn Network operates in the Eastern District of New York and assists scammers in the Jinbei Park of the Prince Group to commit investment fraud: the scammers (“introducers”) contact strangers through various instant messaging applications, falsely claiming to “profit by investing in cryptocurrency, foreign exchange and other markets”, luring victims to invest and introducing them to so-called “account managers” to handle transactions. The account managers then provided victims with "bank account information to transfer investment funds" and created fake investment accounts and portfolios for them on mobile online trading platforms, including "Online Trading Platform 1." However, the bank accounts provided to victims by the account managers were not investment accounts, but rather accounts controlled by the Brooklyn network and opened in the names of shell companies in Brooklyn and Queens, New York (with offices located in Brooklyn, Queens, and other parts of New York). Instead of investing the victims' funds as promised, the victims' funds were embezzled and laundered through these and other accounts. Furthermore, the "investment accounts" created for victims by the account managers were manipulated to appear to be "continuously increasing in investment value," even though in reality, they were not. Initially, the "appearance value" of the victims' portfolios would rise, misleading victims into believing their investments were profitable and thus enticing them to continue investing. Furthermore, the account managers would cooperate with victims' initial requests to withdraw small amounts of their investment funds. However, when victims requested to withdraw larger amounts from the trading platforms, they encountered numerous obstacles—for example, the account managers would deny withdrawals due to "transaction fees, taxes, or legal fees." Eventually, the account manager and introducer stopped responding to the victims' messages, leaving them unable to withdraw most of the funds they had transferred as instructed by the account manager. The Brooklyn Network ultimately transferred the funds back to the fraudsters at Prince Group's Jinbei Park and other locations through a series of accounts, where they were further laundered and transferred to Prince Group and its executives. Money laundering methods included transferring the proceeds of the fraud through shell company bank accounts, converting them into USDT and then transferring them to a complex network of non-custodial virtual currency addresses, or withdrawing them in cash to cut off the audit trail (the cash was then used to purchase cryptocurrencies and transferred in the same manner). Between approximately May 2021 and August 2022, the Brooklyn Network facilitated Prince Group's fraudulent transfer and laundering of over $18 million from over 250 victims in the Eastern District of New York and other locations across the United States. Chen Zhi also personally monitored the virtual currency addresses that received the proceeds of the fraud, including funds from victims in the United States. For example, records kept by Chen Zhi show that around June 2021, 100,000 USDT were transferred to a virtual currency address beginning with "0x77" (hereinafter referred to as the "0x77 Address"). In the summer of the same year, this address also directly received funds traceable to a victim in California ("Victim 1"). Specifically, between July and August 2021, Victim 1 transferred over $400,000 in cryptocurrency from an account on a popular cryptocurrency exchange to an address beginning with "0x1e" (hereinafter referred to as the "0x1e Address"). This amount was subsequently transferred via an address beginning with "0x83" (hereinafter referred to as the "0x83 Address") to an address beginning with "0x34" (hereinafter referred to as the "0x34 Address"). Between July and September 2021, the 0x34 Address transferred over $350,000 in USDT to the 0x77 Address monitored by Chen Zhi.

VI. How were the 127,000 BTC laundered?

Chen Zhi and his accomplices laundered Prince Group's illicit profits (including cryptocurrencies) through a complex money laundering network. These methods included using professional money laundering agencies and leveraging Prince Group's own businesses (including online gambling and cryptocurrency mining) to launder the funds. The funds were then used for luxury travel, entertainment, and the purchase of luxury watches, yachts, private jets, vacation villas, high-end collectibles, and rare artworks (including a Picasso painting purchased through a New York auction house).

Professional money laundering agencies: Sometimes called "money laundering houses," "money houses," or "water houses," these agencies received fraudulent proceeds embezzled from victims of Prince Group's fraudulent activities and then returned the funds to Prince Group. A common method of operation involved receiving fraudulent proceeds in the form of Bitcoin or stablecoins like USDT and USDC, exchanging them for fiat currency, and then using the cash to purchase "clean" Bitcoin or other cryptocurrencies. Chen Zhi directly coordinated this money laundering activity and discussed with his co-conspirators the use of "illegal banks" and "underground banks." Chen Zhi also maintained documents explicitly mentioning "BTC washing" and "BTC money laundering personnel." Money laundering through "shell companies": Chen Zhi and his co-conspirators also laundered funds through "shell companies" (companies whose sole purpose is to launder money). These companies were controlled by Chen Zhi, Co-conspirators 1, 5, 6, and 7, and other individuals associated with Prince Group. These included dozens of companies, including FTI, Amber Hill, and LBG. FTI was used to launder illicit funds (including through WopData, the Prince Group's mining arm, as described below). In the account opening records for FTI opened at Financial Institution 1 in January 2019, Co-conspirator 6 stated that FTI's business activities included "mining and digital asset trading with its own funds," but falsely declared FTI's source of income as "personal wealth." Furthermore, Co-conspirator 6 significantly underestimated FTI's monthly trading volume in the same account opening documents, declaring "estimated monthly deposits and withdrawals of approximately $2 million each." However, account statements showed that FTI's account at Financial Institution 1 actually had approximately $28 million in deposits and $27 million in withdrawals in February 2019. Amber Hill used similar methods, also opening an account at Financial Institution 1. In the March 2019 account opening records, Co-conspirator 6 described Amber Hill's business activities as "proprietary trading and investment," falsely claiming the source of income as "personal wealth," and similarly significantly understated its monthly trading volume (reporting estimated monthly deposits and withdrawals of approximately $2 million each). However, account statements showed that Amber Hill's account at Financial Institution 1 actually had approximately $22.5 million in deposits and $21.8 million in withdrawals in February 2020. Money Laundering Through Prince Group's Business Units: Chen Zhi and his co-conspirators also laundered funds through Prince Group's functional business units, particularly its extensive online gambling operations—which continued to operate in multiple countries even after Cambodia banned online gambling in 2020. To evade law enforcement, Prince Group operated its gambling operations through "mirror websites" (copying website content on different domain names and servers). Chen Zhi directly oversaw Prince Group's online gambling operations and discussed with others the laundering of cryptocurrency fraud proceeds through this operation. Co-conspirator 1 was responsible for managing payroll for the online gambling operation, maintaining employee payroll records from 2018 to 2024 clearly labeled "Employee Salaries — Please Pay with Clean Funds." Money Laundering Through Bitcoin Mining: Chen Zhi and his co-conspirators also laundered funds by using illicit proceeds to fund large-scale cryptocurrency mining operations involving Wopu Data in Laos, its Texas subsidiary, and Lubian in China. These operations generated large quantities of "clean Bitcoin" unrelated to criminal proceeds. At one point in its operation, the Lubian mining pool became the sixth-largest Bitcoin mining operation in the world. Chen Zhi boasted to others that Prince Group's mining operations were "highly profitable because they had no costs," after all, these operations were funded entirely by funds stolen from victims. For example, between November 2022 and March 2023, Wopu Data received over $60 million from the shell company Hanson, which was also used to pay the spouse of a senior executive at Aoshi Global and purchase millions of dollars worth of luxury goods (including a Rolex watch and the aforementioned Picasso painting). Chen Zhi and his co-conspirators also systematically mixed "illegal funds" with "newly mined cryptocurrency" in wallets associated with the mining operations to conceal the source of the funds. Multi-layered money laundering: Chen Zhi and his co-conspirators frequently employed "multi-layered money laundering" to further conceal the illicit origins of Chen Zhi and Prince Group's profits. At Chen Zhi's direction, individuals associated with Prince Group (including Co-conspirators 5 and 6, who served as Chen Zhi's personal wealth managers) employed sophisticated cryptocurrency money laundering techniques, including "spraying" and "funneling." These techniques involved repeatedly splitting large amounts of cryptocurrency into dozens of wallets and then re-centralizing them into a handful of wallets, with no commercial purpose other than to conceal the source of the funds (see the example below for the specific process). Some of these funds were ultimately stored in wallets on cryptocurrency exchanges, such as Trading Platform 1 and Trading Platform 2, or converted into fiat currency and deposited into traditional bank accounts. Other funds, including those laundered through Prince Group's mining operations, were stored in non-custodial cryptocurrency wallets controlled by Chen Zhi personally.