U.S. toy robots sent data to China + Shwe Kokko sanctions + Polish Ponzi raids
Scamurai weekly newsletter #9. Sept. 12, 2025.
- Scamurai -
Weekly newsletter #9. Sept. 12, 2025.
Scamurai has decided to time-travel back to the early noughties and now has a Facebook page! As always, get in touch at callan@scamurai.io.
// Sanctions Special
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has finally taken action to sanction a sprawling network of scam enablers in Myanmar and Cambodia.
In Myanmar, the sanctions focus on and around Shwe Kokko in Karen (Kayin) State — a notorious hub for virtual currency investment scams protected by the OFAC-designated Karen National Army (KNA) — where She Zhijiang and his partners built the development Yatai New City into a base for cyber scams, gambling and human trafficking. The other individuals sanctioned in Myanmar are Saw Min Min Oo and Tin Win, both tied to networks that profit from online fraud and the sale of utilities supporting scam operations.
In Cambodia, OFAC targeted casinos and financial fronts in Sihanoukville and the border town of Bavet, including T C Capital, K B Hotel, Heng He Casino and HH Bank, where Chinese fraudsters like Dong Lecheng, Xu Aimin, Chen Al Len and Su Liangsheng run scam and gambling compounds.
Full details here.
// Headlines
Polish authorities arrested nine people tied to the Ponzi scheme Coinplex at the start of this month, the Central Office for Combating Cybercrime said on Sept. 10. Coinplex, which claimed to be based in Colorado, lured investors through false promises of AI-driven trading strategies and multi-level marketing tactics before disappearing in August, citing EU crypto regulations as cover for winding down its current website. Nearly PLN 1.5 million (USD $375,000) in assets, IT equipment and promotional materials was seized in raids.
FinCEN Director Andrea Gacki told the House Financial Services Subcommittee on Sept. 9 that she is seeking to modernise the U.S. AML and CFT system. She outlined plans to streamline reporting requirements, ease beneficial ownership rules for domestic companies and implement the GENIUS Act to regulate digital assets.
Taika Waititi and Rita Ora will produce Fyre Festival The Musical, a stage show satirising the disastrous 2017 luxury music festival that collapsed within 24 hours and led to fraud charges and imprisonment for organiser Billy McFarland. McFarland, who recently sold the brand on eBay, has since launched a crypto project.
Get this newsletter delivered fresh and ironed to your email each week, with the latest news on scams, fraud and tech, as well as Scamurai’s latest investigations — all in one place! Every Friday morning at 8am GMT.
// Scam sheet
The Bank of Ireland is urging the government to introduce SMS scam filters, already in use in countries like the U.S. and UK. At a fraud prevention conference, BOI’s Retail Ireland CEO Susan Russell warned that scams via texts, apps, calls, and fake ads have become “omnipresent,” and criticised the EU’s Digital Services Act as ineffective. She called for stricter ad verification requirements, swift legislation to block scam messages and measures to prevent fraudulent financial adverts from reaching the public.
On Sept. 5, the SEC announced the creation of a Cross-Border Task Force aimed at combating fraud that harms U.S. investors, particularly that which involves foreign-based companies. The task force will target potential securities law violations, including “pump-and-dump” schemes, and scrutinise gatekeepers such as auditors and underwriters who facilitate access to U.S. markets.
California resident Shengsheng He was sentenced on Sept. 8 to 51 months in federal prison for his role in an international digital asset investment scam that stole over $36.9 million from U.S. victims through scam centres in Cambodia. He, a former co-owner of Axis Digital Limited, pleaded guilty to conspiracy to operate an unlicensed money transmitting business. He and his co-conspirators laundered pig butchering funds via U.S. shell companies, international accounts and digital wallets.
South Korean police have identified 71 people tied to a massive telecom fraud ring that used over 11,000 “ghost SIM cards” registered with stolen foreign passport copies, causing an estimated 96 billion won (about USD 72 million) in damages. Nine suspects, including a Seoul phone shop owner believed to be the ringleader, have been arrested for supplying anonymous SIMs to criminal groups engaged in fraud, drug trafficking, and illegal lending. Investigators say the scheme exploited loopholes in ID checks for smaller mobile carriers, with passport scans obtained via Telegram between February 2023 and May 2025.
// Podcasts & shows
Scamurai: Ep. #4 Freezing scam proceeds with Jackie Burns Koven from Chainalysis
How public and private agencies are trying to combat cyber scams. Plus, Callan and Jackie discuss the sophistication of scams, challenges in law enforcement coordination and the need for better reporting mechanisms. (Spotify // iTunes)
// Hacks & dark markets
The European Union has added Ukrainian national Volodymyr Viktorovych Tymoshchuk to its Most Wanted list, citing his role as a key figure in a global cybercrime network behind the 2019 LockerGoga ransomware attacks. Europol said an investigation into the group’s activities has already led to several arrests in Ukraine and mapped a network of malware developers and money launderers.
// Number crunch
Scammers are increasingly shifting from traditional payment methods like checks, cash, and cards toward bank transfers, cryptocurrencies and payment apps, driven by factors such as Bitcoin ATMs and the popularity of digital payments, according to a report from the Federal Reserve Bank of Kansas City citing U.S.-wide data. In 2024, bank transfers accounted for the highest or second-highest share of losses across all top five scam categories, with average losses per report highest for bank transfers ($44,000) and cryptocurrencies ($30,000).
While check, cash and card payments have declined in both use and share of losses, crypto and app-based payments are rising, particularly in investment, business imposter and romance scams.
// Scam factories
A Hong Kong police officer who took leave to visit mainland China and somehow ended up in a scam compound in Cambodia has resigned. Local media previously reported he was “tricked into working at a scam farm” and contacted a Hong Kong police station for help after fleeing the site. The case is now being handled by the Organised Crime and Triad Bureau.
An Australian Strategic Policy Institute report warned on Monday that as scam centres move deeper into Myanmar, militias continue to profit with tacit junta approval, turning fraud into both a financial lifeline and a tool of political control. “As long as the Burmese junta is in an existential fight, it will be unwilling and unable to take decisive action to dismantle the extensive network of scam centres in areas under its effective control,” the report noted.
Singaporean and Cambodian police have targeted a cross-border syndicate behind government official impersonation scams that cheated victims in Singapore of more than S$40 million (US$30 million). Twelve suspects — including eight Singaporean men, a Singaporean woman, two Malaysians and a Filipino woman — were arrested in the city state after joint raids in both countries uncovered scam scripts, victims’ records and over S$2.5 million (US$1.95 million) in seized assets. Authorities say the group operated out of a Phnom Penh scam centre, and more members remain at large.
A UN report has flagged East Timor’s new free trade zone as a possible base for scam call operations after police raided a suspected centre in Oecusse in August and detained more than 30 foreigners. The discovery highlights how criminal networks are shifting into new territories as crackdowns intensify in Southeast Asia. The UNODC warned the development is especially concerning as Timor-Leste prepares to join ASEAN next month, with improved connectivity likely to make the country more vulnerable to exploitation.
// Machines behaving strangely
California lawmakers have approved the nation’s first bill to restrict AI companions for minors, citing rising concerns over chatbots that lure teens into sexualised or harmful interactions. Assembly Bill 1064 passed the state senate with bipartisan support and now heads to Governor Gavin Newsom’s desk. If signed, it would strictly limit AI companions for users under 18 and impose tough penalties for violations. However, some child rights advocates have refused to back it, arguing the bill is poorly defined. The FTC has also announced an inquiry into AI chatbot use by children.
A U.S. judge has criticised a proposed $1.5 billion settlement over Anthropic’s use of pirated books to train AI, calling the deal incomplete and potentially unfair to millions of authors. Judge William Alsup accused lawyers of rushing an agreement that covers only about 500,000 works — far fewer than the 7 million initially certified — and warned it risked being forced “down the throat of authors” without clear rules for payouts or disputes. He ordered both sides to fix major gaps, saying any settlement must shield Anthropic from future claims while ensuring authors aren’t shortchanged.
OpenAI is backing a planned feature film that will rely heavily on generative AI to bring a woodland-creature adventure to the big screen. While the script for Critterz is reportedly human-written, AI tools will be used to generate much of the footage, with artists feeding in images to guide the process.
Warner Bros. Discovery has filed a lawsuit against Midjourney, accusing the AI startup of mass copyright infringement by generating unauthorised images and videos of characters like Superman, Bugs Bunny and Scooby-Doo. The suit claims Midjourney’s tools churn out “countless” infringing works and alleges the company knowingly exploits Warner Bros.’ IP to attract subscribers. The company is seeking damages and a court order to block Midjourney from distributing its tools without copyright safeguards.
// Law & disorder
D.C. Attorney General Brian Schwalb has sued Athena Bitcoin, one of the U.S.’s largest crypto ATM operators, accusing it of exploiting vulnerable residents by profiting from scams and charging hidden fees of up to 26% per transaction. An investigation found that 93% of deposits to Athena machines in the District were linked to fraud, with elderly victims losing thousands of dollars, including one losing nearly $100,000. The lawsuit seeks restitution for victims, penalties and stronger protections to stop “illegal, predatory conduct.”
Alphabet’s Google is facing a new lawsuit from ad exchange PubMatic, which is seeking billions in damages over claims that the company has illegally monopolised the ad technology market. The suit follows an April ruling that Google maintained unlawful monopolies in ad exchanges and ad servers, and comes as a separate trial this month determines whether the company must sell parts of its advertising business. PubMatic’s CEO said the case aims not just for compensation, but to ensure fair competition in online advertising.
Floyd Mayweather Jr. is facing a legal battle after being sued by businessman Jayson Winer, who alleges he was defrauded out of $4 million and luxury watches in a scheme promising access to Elon Musk. The lawsuit claims Mayweather and his partner Jona Rechnitz used Musk’s name to lend credibility, but no meetings or calls ever occurred. This latest case adds to Mayweather’s history of legal troubles, including previous lawsuits related to cryptocurrency promotions.
// Digital rights
The FTC has filed a complaint against Apitor Technology, alleging its robot toy app allowed a third party in China to collect geolocation data from children under 13 without parental consent. The proposed settlement requires Apitor to ensure any third-party software complies with COPPA, notify parents, obtain consent, delete improperly collected data and restrict data retention, with a $500,000 penalty suspended due to the company’s inability to pay.
As part of the UK government’s ongoing push to tighten the Online Safety Act, new regulations announced on 8 September will make content encouraging or assisting serious self-harm a priority offence for all users. Platforms will now face legally binding obligations to actively detect and remove such material using advanced technology, rather than responding only after users have been exposed. The measures, set to take effect following parliamentary approval, aim to protect both adults and children from harmful online content. Over 500,000 people in the UK have signed a petition to repeal the Online Safety Act, however, due to fears of censorship and government overreach. The legislation has prevented access to many seemingly innocuous websites unless users upload images of their ID.
// In other news
The huge growth of Myanmar scam centres that may hold 100,000 trafficked people. Operated by crime syndicates and fostered by the country’s military junta, the number of vast complexes such as KK Park on the Thai-Myanmar border has doubled since 2021. (Rebecca Ratcliffe/The Guardian)
// From the archives
WikiFX and its related brands have been the bane of the forex industry for years, accused of pressured brokers for payment to boost ratings and promoting sketchy platforms, including some tied to pig butchering scams.
I first started writing about them several years ago. Then earlier this year, I went to try and dig up an old article. But it had disappeared from Google Search.
No matter what I googled, I couldn’t find it. It still existed on the publisher DL News’ website, but as far as Google was concerned, it had vanished.
I later discovered the article had been delisted from Google Search results under the Digital Millennium Copyright Act (DMCA), a U.S. law from the late '90s that lets copyright holders request removal of infringing content from platforms like Google.
The complaints system for copyright infringement is ridiculously easy to exploit. No proof is required upfront, and once a complaint is filed, the content is often taken off Search automatically. It’s a convenient weapon for companies looking to silence critics under the guise of copyright protection.
The complaint, filed by a Hong Kong-based company called OptiEdge Dynamics, alleged that the article used its copyrighted images without permission. Yet, the only image included in the piece was a licensed Shutterstock photo.
The more I investigated, the weirder it got. OptiEdge Dynamics doesn’t exist. It doesn’t appear in Hong Kong’s business registry, nor does it have any online presence.
Then I found other phantom companies like VectorEdge Labs and SynergyNext Ventures filing similar DMCA complaints around the same time.
All the takedown requests had one thing in common: they targeted criticism of WikiFX.
Get this newsletter straight to your inbox every week by subscribing. If you can, consider supporting Scamurai with a paid subscription. All the money goes back into upkeep costs and building out the business.
Tips, vitriol and all other messages should be directed to Callan Quinn at callan@scamurai.io. Or get in touch below.