Prince Group
Prince Group is a Southeast Asia-based transnational criminal organization, also referred to as the Prince Group Transnational Criminal Organization (TCO), led by Cambodian national Chen Zhi (aka Vincent). The group has been accused by U.S. and U.K. authorities of running industrial-scale cyberfraud and large-scale online scam operations, including cryptocurrency investment fraud, romance baiting, and pig-butchering scams, while laundering billions of dollars in illicit proceeds, much of it through cryptoassets. Reporting in the provided content states the organization has operated since approximately 2015, controlled scam compounds across Cambodia, and used trafficked workers and forced labor under brutal conditions, including compounds described as reliant on human trafficking, torture, and modern-day slavery. The content also states the group operated over 100 shell and holding companies across more than 30 countries and used bribery and complex laundering methods to evade law enforcement. Prince Group-linked entities mentioned in the content include Jin Bei Group, Byex Exchange Co Ltd, Tian Xu International Technology Plc, Warp Data Technology Lao Sole Co., and Cambodia Airways. U.S. Treasury OFAC and the U.K. sanctioned the Prince Group and 146 associated targets in October 2025, and the U.S. Department of Justice charged Chen Zhi and the Prince Group with wire fraud and money laundering conspiracy related to forced-labor scam compounds. The content also states DOJ seized approximately 127,271 bitcoin, valued at about $15 billion, from wallets allegedly controlled by Chen Zhi.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Financial Services
Where they target
Geographies tied to known operations.
- 🇺🇸 United States
- 🇬🇧 United Kingdom
Where they're from
Attributed origin per open-source reporting.
- KH
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
12 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A sanctioned transnational criminal organization accused of operating industrial-scale cyberfraud/scam compounds staffed by trafficked workers and supported by affiliated financial and cryptocurrency entities.
カンボジアの強制労働型詐欺拠点を背景に、ロマンス詐欺や投資詐欺を大規模運用し、暗号資産で国際的に資金洗浄を行ったとされる組織犯罪グループ。人身売買・現代奴隷労働に依存した詐欺拠点運営が言及され、制裁・資産差押えの対象となった。
Criminal organization linked (by law enforcement seizures) to large-scale cryptocurrency-related illicit activity; referenced in the context of major asset seizures tied to fraud/scam ecosystems.
Transnational criminal organization operating forced-labor scam compounds in Cambodia tied to pig-butchering investment and romance fraud, with large-scale crypto laundering and global victim targeting; subject to major DOJ/OFAC/FCDO actions and asset seizures.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.