A Chinese court has sentenced a hacker identified as Zhou to four years and four months in prison for seizing control of 157 government and enterprise websites and laundering the proceeds through cryptocurrency wallets holding over 42 million RMB, approximately $5.8 million.
The Qujiang District People’s Court in Quzhou City, Zhejiang Province, delivered the verdict on April 23 following prosecution by the district procuratorate. Zhou pleaded guilty, and the sentence is now in effect. Other individuals connected to the scheme remain under investigation.
How the Scheme Worked
Between August 2023 and June 2025, Zhou exploited security vulnerabilities to gain unauthorised control of more than 150 servers across government platforms, corporate websites, and widely used applications.
Once inside the infrastructure, he deployed malicious files that silently redirected users:
- Users clicking donation links on a charity platform were sent to overseas pornographic websites
- People opening news applications were forcibly redirected to pornographic live streaming services
- Normal government website links redirected visitors to adult content without warning
Zhou then resold this redirected traffic to overseas operators, monetising the government and enterprise infrastructure as a commercial distribution network for illegal content without the knowledge of the affected organisations.
The Cryptocurrency Trail
Every payment in the scheme flowed through digital assets. Zhou settled all transactions in $USDT and TRX, deliberately dispersing proceeds across multiple encrypted wallets to obstruct financial tracing.
Details from the financial investigation:
- Total cryptocurrency seized exceeded 42 million RMB, approximately $5.8 million
- Funds were spread across multiple wallets to complicate recovery
- Law enforcement extracted mnemonic phrases and login passwords as primary forensic evidence
- Zhou voluntarily returned over 28 million RMB in illegal gains on January 21 as part of his guilty plea
Why It’s Important
The case highlights how cryptocurrencies such as $USDT are increasingly being used within cybercrime operations to move and conceal illicit funds.
It also raises concerns about institutional cybersecurity standards, given that more than 150 government and enterprise systems were reportedly compromised and used to distribute illegal content for nearly two years before authorities intervened.
Related: Hackers Drain $3 Million From 86 Gnosis Safes in SquidRouterModule Exploit