Market Data 
Criminals are evolving from using exchanges like Binance and Kraken for money laundering to launching their own ‘crypto’ tokens, exchanges and blockchain networks, making them even harder to trace, a new report reveals.
Published by the United Nations Office on Drugs and Crime (UNODC), the report points out that criminals are using blockchain, digital assets, artificial intelligence (AI) and other emerging technologies to scam victims and launder the proceeds. This has made sanctions, license withdrawals, raids and crackdowns less effective, with most crime rings now having operations in multiple countries.
Most criminal enterprises are presented as legitimate operations, but most of their activities relate to crime.
A standout in this field is Huione Guarantee, a Southeast Asian digital asset operation that the UNODC says had laundered at least $24 billion by the end of 2024. Primarily doing business in the Chinese language, Huione is based in Cambodia but has subsidiaries in Hong Kong, Canada, Poland and Singapore.
A report by blockchain analysts at Elliptic in January revealed that Huione and all its related entities have received $89 billion in digital assets since 2021.
Source: Elliptic
While it started as a marketplace, Huione has expanded to other sectors recently, launching its own ‘crypto’ exchange, trading app and a blockchain network—Xone Chain. It has even launched its own USD-pegged stablecoin, which it touts to be “unrestricted by traditional regulatory agencies” and able to “avoid the common freezing and transfer restrictions” that its regulated rivals face. In February, it launched its own Visa (NASDAQ: V) card to give users more ways to cash out.
Blockchain sleuths have traced billions of dollars from hundreds of seemingly unrelated ‘crypto’ scams to Huione wallets. For instance, last August, the CEO of the Kansas-based Heartland Tri-State Bank was found to have sent $47 million to the exchange’s wallets. He had been duped into a sham investment scheme, which led him to embezzle funds from the bank; he was sentenced to 24 years behind bars for his crime.
Huione is also a haven for pig butchering scammers, a growing vice that is dominated by Southeast Asian nations. Reports indicate that victims from East and Southeast Asia lost $37 billion to pig butchering schemes in 2023 alone, while Americans lost $4.4 billion.
Authorities’ attempts to crack down on Huione have failed to dent its operations. For instance, its apps were removed from the Google Play Store (NASDAQ: GOOGL) and Apple App Store (NASDAQ: AAPL) in January, but blockchain data shows hardly any change in its volume. Last month, the Cambodian central bank withdrew its payment license, which also had little effect.
Beyond organized criminal rings in Southeast Asia, others have turned to underground BTC mining operations. In Libya, which has some of the cheapest electricity globally, authorities have busted a few operations and arrested dozens, including 50 Chinese nationals in one particular operation. According to the UNODC, such operations are harder to clamp down on as miners face lower regulatory scrutiny.
European watchdog: Blockchains must abide by data protection laws
In Europe, the region’s data protection agency has approved new guidelines for data protection targeting blockchain networks.
The European Data Protection Board (EDPB) aims to align decentralized technologies with the EU’s General Data Protection Regulation (GDPR) framework, which governs the collection, processing and storage of personal data in the region.
The watchdog acknowledges that while blockchains promise data integrity, transparency and availability, there’s no standardized consensus on the service quality level. This creates risks for the rights of Europeans when dealing with their data. For instance, their immutability means that once data is recorded, it can’t be deleted, even upon the request of the individual.
“Moreover, the use of decentralized technologies may trigger different compliance risks and risks to individuals’ rights and freedoms due to potential international transfers, multiple stakeholders, new processing operations for maintenance of blockchain systems, allocation of responsibilities, and governance and management issues,” the agency added.
The guidelines confer the responsibility to the system controller, who must analyze whether integrating blockchain will allow them to comply with GDPR. In particular, they must ensure they comply with “the application of the principles of minimization and storage limitation, and the effective exercise of rights like erasure and rectification.”
The agency has called for public feedback on the guidelines, with the deadline set for June 9.
