Crypto
Questions swirl around US plans for record $15B Prince Group crypto seizure – ICIJ
The U.S. Justice Department last October announced the largest asset seizure in American history: a cache of bitcoin then valued at $15 billion tied to the Cambodia-based Prince Group that prosecutors alleged oversaw an empire of human trafficking and industrial-scale scamming.
The news offered a rare glimmer of hope for victims of sophisticated cryptocurrency scams. In part due to the ease of laundering cryptocurrencies, these victims have had a notoriously difficult time recovering their lost life savings or even getting law enforcement to begin tracing such funds.
“By dismantling a criminal empire built on forced labor and deception, we are sending a clear message that the United States will use every tool at its disposal to defend victims, recover stolen assets, and bring to justice those who exploit the vulnerable for profit,” U.S. Attorney General Pam Bondi said in a joint statement.
But in the five months since the announcement, questions and frustrations have begun to swirl around the Justice Department’s handling of the historic cache of seized funds. The Justice Department has given little indication of what it plans to do with the 127,271 seized bitcoins, currently worth around $9 billion, as it has swiftly rejected claims on the funds made by attorneys representing hundreds of alleged victims.
Daniel Thornburgh and other attorneys representing hundreds of alleged victims of crypto scams say the government is not providing a viable path for returning seized funds to rightful owners.
Victims’ advocates and attorneys fear the agency may use the funds to capitalize President Trump’s national Strategic Bitcoin Reserve, a government crypto stockpile advocated by the cryptocurrency industry.
“This would lead to victims being revictimized by their own government,” said Thornburgh.
He is part of a growing number of attorneys and victim advocates who are calling for a special victim fund to take over responsibility for the historic sum of seized assets. They argue that this alternative offers a clearer path to victims receiving restitution.
The Department of Justice declined to comment on the case.
In November, the International Consortium of Investigative Journalists and 36 partner publications released The Coin Laundry investigation that showed how cryptocurrency scam victims face immense difficulty recovering funds due to the rapidly expanding illicit crypto economy. In interviews, dozens of victims told ICIJ and its media partners that they faced financial ruin as criminals rapidly laundered their stolen funds through secretive crypto wallets. In many cases, reports to law enforcement yielded no response at all.
The U.S. seizure of billions in bitcoin from the Prince Group’s founder Chen Zhi stemmed from allegations that he operated a transnational criminal organization that used forced labor in scam compounds to defraud victims worldwide. After the group was hit with U.S. and U.K. sanctions, Chen was taken into custody in Cambodia and sent to China in January 2026.
Even as victim attorneys strategize how to get their clients’ money back, fundamental questions hang over the case, including how and when U.S. authorities obtained the funds in the first place. Attorneys say that more information could help victims make stronger claims on the assets, while the Prince Group argues the lack of detail points to a flimsy case for the government holding the crypto at all. Although the Justice Department declined to comment on how it obtained the Bitcoin, the Chinese government recently accused the U.S. of stealing it through sophisticated hacking.
The government’s indictment of Chen contains apparent irregularities that are especially striking given the case’s significance. Prosecutors’ evidence against Chen relied in part on photographs alleged to illustrate the Prince Group’s violent methods.
ICIJ confirmed that one disturbing photo included in the indictment showing a man bound to an overturned chair appears to have nothing to do with the Prince Group. The exact photo was part of a light-hearted post published on a Mongolian-language website in April of 2020, describing an unusual medical incident. In another case, a man portrayed in the indictment as a victim of the Prince Group told ICIJ in an interview he had never been the victim of organized crime.
Victim claims have been swiftly rejected
When government authorities seize assets, they can keep those assets for public sector use, distribute the assets to victims who lost money to the crime in question, or do a combination of both. The process of determining if and how assets should be returned to victims is complicated and can take years.
In the wake of the Prince Group seizure, one U.S. senator said the assets could be used in part to strengthen Donald Trump’s national strategic bitcoin reserve, a U.S. government stockpile of cryptocurrency that industry proponents say will help boost the prominence of bitcoin. At the same time an array of alleged scam victims and their lawyers flooded the Justice Department with claims on the seized assets.
The department rapidly rejected many of them, asserting a wide variety of reasons why the victims had no legitimate claims, including that victims had not put forth specific evidence linking their cases to the seized funds and that they had no legal basis to credibly claim the funds in the first place.
Victims and their attorneys told ICIJ that a troubling picture is emerging of a Justice Department that appears set on rejecting claims.
Without more information about the seizure, scam victims are at a disadvantage because the alleged laundering was highly complex, making it difficult to directly link any specific scam to the cache of digital currency, according to lawyers.
“What’s happening here is not normal at all,” said Marc Fitapelli, a New York-based attorney who represents victims of cryptocurrency scams. “There should be an independent person appointed by the court to have control over these assets.”
Thornburgh told ICIJ that recent conversations with Justice Department lawyers convinced him that the government was committed to denying victim claims, so he booked a trip to Cambodia on a long-shot mission to collect additional evidence linking his cases to the Prince Group. Thornburg said he spent a grueling week in early March interviewing dozens of former workers at the country’s notorious scam compounds, but had little luck finding the documentation to connect his client’s cases to the DOJ’s seized funds.
“It was an incredible amount of work to demonstrate what I probably already knew, which was: this was going to be impossible,” Thornburgh said. “Even if I was successful, victims or their lawyers should not have to travel all the way across the world to recover their assets.”
Thornburgh expressed concern about the Justice Department’s tactics in a separate high-profile crypto forfeiture action announced in June. Last month, government attorneys argued that victims did not deserve to recover funds from this seizure because the victims had freely given it away to scammers. “Although their voluntary transfers may have been induced through misrepresentations, those transfers were made voluntarily nonetheless,” the Justice Department said in a filing.
Several experts pointed to legislation as the most promising path to recovering victim funds. Erin West, the founder of Operation Shamrock, an advocacy group for victims of cyber scams, told ICIJ the organization would be working with partners to push for legislation that allocates the seized funds to victims. “We have an amazing opportunity to put found assets back into the hands of those who deserve it most,” West said.
Fitapelli said that a call with Justice Department lawyers last month yielded little in direct answers. “I was told that victims will be contacted by the government if/when the DOJ determines it is appropriate,” he said. “So victims should hope that some lawyer at the Justice department stumbles on their file and contacts them? This is so unfair.”
Deeper questions about the money
Scam victims aren’t the only ones seeking more information from the Justice Department about the case.
Almost immediately after the government’s announcement of the historic seizure, cryptocurrency experts began to ask basic questions about the origin of the enormous pile of bitcoin. According to the U.S. officials, the Prince Group’s alleged laundering methods diverted proceeds of fraud to fund a bitcoin mining company called LuBian that created new, “clean” bitcoins. Attorneys representing thousands of alleged victims of Iranian terrorism say that this bitcoin mining operation had extensive ties to Iran and are also making claims on the seized bitcoin.
But there is a twist in the history of these coins: On the blockchain, the publicly available ledger of most cryptocurrency transactions, experts could see that the huge sum of seized bitcoin, which was reportedly stolen by an unknown hacker in 2020 and then sat dormant in crypto wallets of unknown ownership for years. This crypto remained untouched between late 2020 and mid-2024, when the cache of bitcoin moved to a new set of wallets where it has remained since, crypto analyst Yury Serov told ICIJ.
A blockchain is a digital ledger that stores information across a worldwide computer network. Cryptocurrency transaction data is stored in files known as “blocks,” which are saved chronologically to create a digital “chain.”
Each block has a unique identifier, or hash, which is generated by a cryptographic algorithm that also includes data from the previous blocks in the chain. Blockchains are distributed, which means copies are saved across multiple computers and must match across the network to be valid, rather than relying on a centralized third party, like a bank.
Blockchain technology is not exclusive to cryptocurrency. It can also be used to store other kinds of data, such as medical information or property records.
The U.S. government filings that ICIJ reviewed do not provide details on how it came into possession of the bitcoin. This lack of an official explanation has created an opening for speculation among experts, interested parties and a rival superpower. A Chinese cybercrimes agency recently suggested that the U.S. government originally stole the bitcoin through sophisticated hacking in 2020.
Last week, lawyers representing Chen demanded that the Justice Department explain how it seized the funds.
The Justice Department’s asset forfeiture filing, which describes the government’s rationale for taking the $15 billion, has also created some confusion about which victims may be entitled to the funds.
After the government announced its seizure in 2025, analysts quickly pointed out that the $15 billion in bitcoin had sat dormant in crypto wallets for years after their reported theft in 2020. Chen’s defense attorneys have argued these dormant assets have had no opportunity to commingle with any money taken from scam victims after 2020. But, in its asset forfeiture filing, some of the government’s most specific descriptions of the Prince Group’s alleged scams involve frauds that took place in 2021 and 2022 — after the seized bitcoin went dormant.
Attorneys for Chen last week criticized the asset forfeiture complaint’s use of these alleged crimes to justify seizing money that had been out of circulation since 2020.
The Prince Group argues that the U.S. government somehow took the coins and then created a story to justify keeping them. “This indictment is simply air cover for a giant cash grab — one that both does a disservice to the victims of these crypto scams and injustice to an innocent man,” a spokesperson for the Prince Group told ICIJ in a statement.
“Prosecutors used exaggerations, deceit, and outright impossibilities to convince a court to retroactively approve their theft of Bitcoin and to convince a grand jury of everyday Americans to indict an innocent man, Chen Zhi,” the spokesperson said. “Not only did prosecutors use salacious rumors and innuendo to make wild accusations completely unconnected to Chen, they made serious errors, generated falsehoods out of whole cloth, and acted with egregious negligence all in an effort to justify their desperate, unfounded allegations.”
In court filings last week, Prince Group lawyers highlighted another possibly problematic part of U.S. authorities’ case against Chen. Several photos that the indictment claimed as evidence of wrongdoing appear to have no ostensible relationship to the Prince Group or its alleged crimes.
One of these photos, offered up by U.S. prosecutors as an example of the Prince Group’s violence, shows a man bound to an overturned plastic lawnchair. But ICIJ was able to confirm that the same photo was featured on a Mongolian-language website six years ago in a post about a man whose testicles became stuck in a lawn chair and had to be extricated from the chair by medical workers. This article contains no mention of the Prince Group or any wrongdoing.
Another photo in the indictment shows a purported victim of the Prince Group with blood flowing from a head wound. However, on a Zoom call arranged by representatives for the Prince Group, the man, who requested anonymity, told ICIJ that the photo depicted injuries he sustained in a drunken fight in 2015, and that he has never been the victim of violence by an organized crime group.
Hany Farid, a visual forensics expert at the University of California at Berkeley, confirmed that the man ICIJ spoke with via Zoom is the same person pictured in the indictment.
The Department of Justice declined to comment on the photographs.
Crypto
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency – Help Net Security
A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency from US victims.
Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.
In November 2024, US authorities unsealed criminal charges against Buchanan and four other alleged members of the Scattered Spider group, accusing them of using phishing text messages to steal employee credentials, breach company systems and steal cryptocurrency.
According to court documents, Buchanan and his co-conspirators conducted cyber intrusions and virtual currency thefts between September 2021 and April 2023.
The victims included interactive entertainment, telecommunications and technology companies, as well as business process outsourcing (BPO) and IT service providers, cloud communications firms, virtual currency companies and individual victims.
“As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company’s employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company,” the Justice Department said.
“The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords.”
In April 2023, police found on a digital device at Buchanan’s residence in Scotland the names and addresses of numerous victims, including a text file containing cryptocurrency seed phrases and login credentials for one account.
Buchanan has been in federal custody since April 2025 and faces up to 22 years in federal prison.
Co-conspirator Noah Michael Urban is serving a 10-year federal prison sentence and was ordered to pay $13 million in restitution after pleading guilty in April 2025 to fraud-related charges. Three other defendants charged alongside Buchanan, including Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans, still face criminal charges in the case.
Scattered Spider is a cybercrime collective, also known as UNC3944, Muddled Libra and Octo Tempest, made up largely of young, native English-speaking hackers who use social engineering, including impersonating IT and help-desk staff, to gain initial access, bypass MFA, and compromise enterprise networks.
The group gained notoriety for its role in high-profile hacking and extortion attacks against Caesars Entertainment and MGM Resorts International, two of the largest casino operators in the US.
Although authorities have increased pressure on the group and arrested several members, including four they consider responsible for ransomware attacks targeting UK-based retailers last year, the group continues to operate, with new members replacing those arrested.
Key Takeaways:
- Ripple outlines a phased roadmap to prepare XRPL for quantum-era cryptography risks.
- Industry momentum grows as XRPL testing highlights performance and security tradeoffs.
- Developers at Ripple will expand testing to balance innovation with network stability.
Ripple Maps Quantum Security Strategy
Ripple’s post-quantum strategy reflects a growing shift in blockchain security as quantum computing risks gain credibility. The company’s latest Insight, published April 20 by Senior Director of Engineering Ayo Akinyele, outlined a structured roadmap to prepare the XRP Ledger for future cryptographic disruption while preserving network performance.
The Insight stated:
“Ripple is introducing a multi-phase roadmap to prepare the XRP Ledger (XRPL) for a post-quantum future, with a target for full readiness by 2028.”
It also detailed collaboration efforts: “Ripple is working with Project Eleven to accelerate development, including validator testing and early custody prototypes.”
Akinyele explained that quantum security is becoming more relevant because blockchain networks rely on cryptographic systems that could eventually be broken by sufficiently advanced quantum computers. On XRPL, each signed transaction reveals a public key on-chain, which could weaken long-term wallet security in a post-quantum environment.
He also pointed to the “harvest now, decrypt later” threat, where attackers collect cryptographic data today and wait for future quantum capabilities to exploit it. While this does not indicate an immediate failure of current protections, it increases the urgency of preparing systems that secure long-duration value. These risks reinforce the need for early testing of quantum-resistant cryptographic systems and structured migration planning.
XRPL Testing Targets Long-Term Stability
Ripple’s roadmap consists of four phases, starting with contingency planning for a potential failure of existing cryptographic standards. This includes a “Quantum-Day” framework designed to enable secure migration to post-quantum accounts if vulnerabilities emerge. Additional phases focus on evaluating National Institute of Standards and Technology (NIST)-recommended algorithms under real network conditions, measuring impacts on throughput, storage, and verification efficiency. XRPL’s native features, including key rotation and deterministic key generation, provide a technical advantage by enabling gradual migration without forcing users to abandon existing accounts. Parallel testing on development networks will allow developers to assess performance tradeoffs before broader implementation.
The senior director of engineering emphasized long-term execution and coordination, stating:
“We should not view addressing the quantum threat on XRPL as a single upgrade, but rather a multi-phased strategy of carefully migrating a live, global financial infrastructure without compromising the value of digital assets protected by the XRPL.”
Akinyele indicated that achieving post-quantum readiness requires balancing cryptographic innovation with operational stability, ensuring the network remains efficient while adapting to future security challenges.
Central bank officials are warning of potential threats from the increasing use of U.S. stablecoins for international payments.
-
Georgia4 minutes ago2026 NFL Draft Scouting Report — Christen Miller, DT, Georgia
-
Hawaii10 minutes ago
Iran War Puts a Pause on Hawaii’s Housing Market Recovery
-
Idaho16 minutes agoIdaho Fish and Game reminds humans not to touch wild baby animals
-
Illinois22 minutes ago‘Millionaires tax’ would hike rate 61% on 22K Illinois small businesses
-
Indiana28 minutes agoWhy Sophie Cunningham turned down multi-year contract offers to return to Indiana Fever
-
Iowa34 minutes agoIowa DOT plans overnight I‑80 closure at northeast mixmaster
-
Kansas40 minutes agoFinal 7-Round Kansas City Chiefs 2026 NFL Mock Draft: Putting my skills to the test against an AI trained to think like Brett Veach
-
Kentucky46 minutes agoAsia Boone will return to Kentucky for senior year
