Southeast Asian “Pig Butchering” Scam Compounds and a US Money-Laundering Sentencing
US authorities sentenced Chinese national Jingliang Su to 46 months in federal prison for laundering proceeds from a Cambodia-based “pig butchering” fraud operation that stole ~$36.9M from 174 US victims, according to reporting on the Justice Department case. Court filings described a three-stage playbook—social engineering outreach via social media/dating/texts, steering victims to fraudulent crypto investment platforms, and then blocking withdrawals or demanding additional “fees”—with Su acting as a financial conduit; the court also ordered ~$26.9M in restitution.
Separate reporting detailed the operational reality behind similar “pig butchering” scam centers in the Golden Triangle region of northern Laos, including the Boshang compound, where leaked internal chats and a whistleblower account described industrialized fraud run like a sales organization with quotas and scripted victim engagement. The material also described forced labor and debt bondage conditions—confiscated passports, coercion, and violence for rule-breaking or escape attempts—highlighting that many scam operators are themselves trafficking victims compelled to conduct online romance/crypto-investment scams at scale.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Chinese national Jingliang Su is sentenced to 46 months
A U.S. federal judge sentenced Jingliang Su to 46 months in prison for laundering millions linked to a Cambodian crypto scam ring and ordered nearly $26.9 million in restitution. The DOJ said the case was part of a broader crackdown in which eight co-conspirators had also pleaded guilty.
WIRED publishes Red Bull leaks on Laos scam compound
WIRED published reporting based on documents and WhatsApp chats provided by whistleblower Mohammad Muzahir, exposing the daily operations, forced labor conditions, and financial performance of the Boshang scam compound in Laos. The reporting detailed debt bondage, confiscated passports, and threats used to keep workers trapped.
Jingliang Su pleads guilty in U.S. crypto scam laundering case
Jingliang Su pleaded guilty to conspiracy to operate an illegal money transmitting business tied to a Cambodia-based pig-butchering syndicate. Prosecutors said the network stole more than $36.9 million from 174 U.S. victims and laundered proceeds through U.S. accounts, Deltec Bank, and USDT wallets.
Internal chats document coercion and millions stolen at Boshang
Over an 11-week period captured in leaked internal WhatsApp chats, managers at the Boshang compound used threats, fines, and motivational messaging to control workers while more than 30 workers successfully defrauded victims. WIRED’s review found the logs reflected about $2.2 million in stolen funds during the three-month window.
Muzahir is put to work inside the Boshang scam compound
At the Boshang compound in Laos, Muzahir was trained to create fake profiles and send large volumes of messages to lure victims into romance and crypto-investment scams. The operation imposed revenue quotas, fines, and incentives while using social media, AI tools, and cryptocurrency to run the fraud.
Muzahir is trafficked from Thailand into Laos scam network
Mohammad Muzahir, later nicknamed “Red Bull,” was moved from Bangkok through northern Thailand to the Laos border and handed across the Mekong into the Golden Triangle region through a bribery-facilitated transfer. After arrival in northern Laos, he realized the promised IT job was actually forced scam work and that his passport had been taken.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
46 Months for $37 Million: Chinese National Sentenced for Role in Cambodian Crypto Scam Ring
securityonline.info
Open sourceHe Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED
wired.com
Open sourceRevealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce | WIRED
wired.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DOJ-led crackdown disrupted Southeast Asia pig butchering networks
The U.S. Department of Justice said a coordinated **"Disruption Week"** operation under its Scam Center Strike Force disrupted cyber-enabled fraud and cryptocurrency investment scam networks targeting Americans, including so-called **pig butchering** operations tied to compounds in Cambodia, Laos, and Burma near the Thailand border. Working with U.S. agencies, foreign law enforcement, major technology firms, and blockchain companies, the effort disrupted more than **1.4 million** social media and email accounts, interrupted malicious network activity, decommissioned scam infrastructure, and froze more than **$3.8 million** in cryptocurrency allegedly used to launder victim funds. Authorities said the networks are linked to transnational organized crime, including Chinese syndicates, and often rely on trafficked workers forced to run fraud schemes under threat of violence. The operation also led to the arrest of **seven** suspected scammers in Thailand, additional cases opened by the Royal Thai Police Anti Cyber Scam Center, and referrals for further U.S. investigation. DOJ said reported U.S. losses from cryptocurrency investment fraud continued to surge, rising from **$3.96 billion** in 2023 to **$5.8 billion** in 2024 and more than **$7.2 billion** in 2025.
Jun 5, 2026
Daren Li Sentenced in Absentia for $73M Pig-Butchering Crypto Laundering Scheme
A U.S. federal court sentenced **Daren Li** (42), a dual citizen of **China** and **St. Kitts and Nevis**, to **20 years in prison in absentia** for conspiring to launder proceeds from an international **“pig butchering”** cryptocurrency investment/romance-baiting fraud that stole more than **$73 million** from victims. Li pleaded guilty in **November 2024** and admitted that at least **$73.6 million** in victim funds was deposited into accounts controlled by his group, with a significant portion routed through **U.S.-based shell companies**; the operation was tied to scam centers in **Cambodia** and relied on a network of money launderers to move funds through U.S. bank accounts and onward to domestic/international accounts and crypto platforms to obscure origins. Li was arrested in **April 2024** at **Hartsfield-Jackson Atlanta International Airport**, but fled before sentencing in **December 2025** after cutting off his ankle monitor; U.S. authorities have not publicly confirmed his current whereabouts and indicated they will work with international partners to return him to serve the sentence. The court also imposed **three years of supervised release** following imprisonment, and reporting noted that multiple co-conspirators have pleaded guilty, with Li described as the first sentenced defendant directly involved in receiving victim funds.
Mar 21, 2026
Cambodia-Linked 'Sour Grapes' Pig-Butchering Ring Stole Over $3 Million
Sophos detailed a Cambodia-linked cryptocurrency fraud operation dubbed **Sour Grapes** that used misdirected SMS messages and long-running Telegram chats to lure victims into a classic pig-butchering scam. Operators posed as a fabricated woman named **"Harley"** and directed targets to fake crypto trading and liquidity-mining platforms that impersonated legitimate financial and cryptocurrency brands, steering deposits through **Crypto.com**-funded transactions before moving funds across rapidly changing wallets and domains. Investigators tied the infrastructure to Chinese-speaking operators and identified evidence pointing to **Phnom Penh** and **Sihanoukville**, alongside more than **500 related domains** built from nearly identical scam kits. Blockchain analysis found the operation collected more than **$3 million** in cryptocurrency over roughly five months, with some funds traced to **Tokenlon** according to Chainalysis, underscoring how industrialized scam compounds in Southeast Asia continue to scale social-engineering fraud through reusable infrastructure and fast-moving payment channels.
Jan 1, 2026