Cryptohack Roundup: DOJ Seizes Huione Cloud Account, Aztec Hit by Second $2M Exploit, HyperFund Promoter Pleads Guilty
The U.S. DOJ seized a Huione Group cloud account linked to cybercrime; Aztec suffered a second $2M exploit; and a HyperFund promoter pleaded guilty in a $1.8B fraud case.
The U.S. Department of Justice seized a cloud computing account used by subsidiaries of Huione Group, a Cambodian company accused of laundering billions of dollars for North Korean and other cybercrime groups. The action, part of the FBI-led Operation Riptide, targets online fraud operations including scam compounds across Southeast Asia. This follows a 2025 FinCEN designation of Huione as a major money laundering concern, and previous reports by Elliptic that Huione launched its own stablecoin and blockchain products to facilitate illicit payments.
In a separate incident, Aztec Labs is investigating a second exploit that drained roughly $2 million from a deprecated payments product tied to the privacy-focused Ethereum scaling project. Blockchain security firm PeckShield estimated losses at about $2.17 million. This attack comes less than a week after a separate exploit on Aztec's immutable Aztec Connect smart contract drained approximately $2.1 million. Security researchers at BlockSec noted that while the latest attack appears related to the earlier one, it targeted a different liquidity pool through a separate entry point, exploiting a validation weakness that allowed unauthorized withdrawals. The Aztec Foundation stated the affected product was retired four years ago and has no connection to the current network or Aztec token.
Meanwhile, Miami-based cryptocurrency promoter Rodney "Bitcoin Rodney" Burton pleaded guilty to his role in the $1.8 billion HyperFund fraud, which operated from 2020 to 2022. Under a plea agreement, Burton admitted to conspiring to provide unlicensed money-transmitting services while helping market the investment platform. Prosecutors said he directed investor funds through companies presented as consulting businesses but used primarily to move money connected to the scheme, receiving at least $7.85 million in proceeds. HyperFund attracted investors by selling memberships that promised daily passive returns of 0.5% to 1%, claiming payouts were backed by revenue from large-scale cryptocurrency mining operations that did not exist. Burton now faces a maximum sentence of five years in federal prison.
Blockchain intelligence firm TRM Labs reported that cryptocurrency exchange CoinEx has processed more than $3.84 billion in transactions linked to sanctioned Iranian entities since 2019. The Seychelles-based exchange handled flows involving over 60 Iranian organizations, with roughly $2.7 billion tied to Iranian crypto platform Nobitex. TRM found that major Iranian exchanges routinely routed a portion of their transaction volume through CoinEx, indicating deep integration between the platform and Iranian crypto platforms. CoinEx disputed the allegations, stating it has no commercial ties to Iranian exchanges or government-linked entities and does not knowingly serve sanctioned parties.
These developments highlight ongoing efforts by U.S. authorities to crack down on cryptocurrency-related crime, from money laundering networks to fraudulent investment schemes. The seizure of Huione's cloud infrastructure and the guilty plea in the HyperFund case demonstrate the government's reach, while the Aztec exploits and CoinEx allegations underscore persistent vulnerabilities and regulatory challenges in the crypto ecosystem.