The documents shed light on the internal mechanisms of two alleged fraudulent centers in Palau. They also show how the local elite and weak laws create conditions for the flourishing of this criminal activity, even in the most remote corners of the world, as noted by occrp.org.
During a January raid at the Cocoro hotel, the police encountered a reality that was vastly different from the ideal image of this tiny island nation.
Such sights have become a troubling norm in the Asia-Pacific region.
During this raid, all the attributes of a fraudulent online center were discovered, which fuels a brutal cybercrime industry in Asia, largely run by Chinese criminal syndicates.
These centers often target victims who have been subjected to human trafficking and violence, luring them into online delusions through romantic schemes, gambling, and investments, which is estimated to lead to losses of over $60 billion annually worldwide. They are most commonly known by the term "pig slaughtering," which indicates the main tactic of the fraudsters — to gain the victims' trust before striking and draining their accounts.
Cyber fraud concentrated in Southeast Asia has become such a serious problem that in mid-October, the U.S. and the U.K. announced sanctions against numerous suspected fraudsters and a record seizure of $15 billion in bitcoins linked to Chen Zhi, the CEO of Prince Group, a Chinese national who has been recognized as a transnational criminal organization. (Prince Group denied these allegations, stating that the company and Chen were not engaged in illegal activities).
Photos found on Chen Zhi's phone likely show abuses of workers in fraudulent centers linked to Prince Group.
Although the recent sanctions mainly affect countries like Cambodia, they also impacted seven individuals associated with an investment project in Palau, which may indicate that this island nation has become a hub for this criminal industry.
New documents obtained by OCCRP provide information on how the operation at the Cocoro hotel functioned and a similar operation uncovered two weeks ago at the Beluu Sea View Resort. These documents include reports from the Palau police investigations, results of digital forensics, and internal files of the fraudsters.
They revealed a complex business model in which about two dozen employees from China and Vietnam, some of whom apparently worked under duress, used pre-prepared scripts to find victims through Chinese-language gambling sites. According to Jay Hunter Anson, the chief information security specialist at the Palau Ministry of Finance, one of the operations was bringing in at least $200,000 a month, and the proceeds were then transferred abroad using cryptocurrency.
Despite these reports, it is unclear whether the police are actively investigating these centers. The Palau National Security Coordination Office, the Immigration Agency, and the Bureau of Public Safety, responsible for criminal investigations, did not respond to inquiries about whether the raids led to prosecutions or ongoing investigations.
According to Anson, fraudulent schemes in Palau are becoming "increasingly brazen," yet the island nation lacks the resources to combat this problem.
In the country, "there are no laws or regulations governing cybercrime," he told OCCRP. Although at least 12 workers were detained during the January raids, they were simply deported, as there are no laws or means to initiate criminal proceedings, he added.
There is another issue. According to Anson, local intermediaries often facilitate fraudulent schemes, using their positions to cover up or legitimize illegal activities.
One recently uncovered center managed to remain unnoticed for about two and a half years in this small country with a population of just 18,000.
The case materials indicate that many workers at the centers that were raided had work visas sponsored by construction and IT companies owned by the local political and business elite of Palau, including the owner of the Cocoro hotel, Vance Polikarp, who until earlier this year was on the board of Palau's banking regulator, appointed by the country's president. He did not respond to requests for comments, and there is no further evidence in the case materials linking him to the alleged fraudulent site.
Aerial view of Palau.
As previously reported by OCCRP and local media, this is not the first instance of well-known residents of Palau being involved in assisting foreigners who were later arrested during raids against alleged fraudulent schemes.
What else do the recently updated files show?
Under Surveillance
During the January raids, evidence was found confirming that workers at the alleged fraudulent centers were from China, Malaysia, and Vietnam. Some were given nicknames in Chinese, such as "Shark," "Tall and Elegant," and "Little Hero."
According to spreadsheets found on seized devices, 21 individuals were listed as "employees" of the operation at the Cocoro hotel since 2023 or earlier.
Cocoro hotel in Koror, Palau.
All of them had work visas sponsored by companies linked to two well-known residents of Palau: Polikarp and former Vice President Elias Camsek Chin.
In another alleged fraudulent center at the Beluu Sea View Resort, two suspects detained during the raid also had visas sponsored by Polikarp's companies, according to a document obtained by OCCRP from the National Security Coordination Office.
Chin, the former vice president, who reportedly also sponsored visas for eight Chinese nationals arrested in 2020 during a similar operation, rejected any allegations of wrongdoing and stated that the workers he sponsored were in the raid area because they were visiting friends at the hotel at the time.
“They were not involved in fraud. They were in a place where a raid was taking place, but they were not fraudsters. They were there because their friends were staying at that hotel,” he claimed.
Elias Camsek Chin, former Vice President of Palau.
There is no ongoing investigation against Chin, and he has not been charged.
The forensic examination of devices seized during the raid showed that Cocoro hotel employees were "strictly controlled" through a "complex personnel management system."
The report does not specify who was behind this operation, but it mentions internal files indicating the presence of a "structured transnational criminal organization" operating under the guise of numerous IT and construction companies. All companies listed in the materials as employers of the staff were owned by Polikarp or Chin, according to the corporate registry of Palau.
In response to a request for comment, Chin stated: "My employees have not been charged with gambling or any other illegal activity, so I cannot comment as I know nothing about these allegations."
The police report on the raid mentions that some detained workers, most of whom were around 20 years old, "confessed that they had not left the building for several months, and in some cases years, while working there." These testimonies are corroborated by "observations of food deliveries from a Chinese restaurant" over an eight-month period.
This level of isolation is common in fraud centers worldwide, as noted by Erin West, president and founder of the nonprofit organization Operation Shamrock, which fights fraud.
“The fact that people were not allowed to leave the building for months or years is insane,” she told OCCRP. “That is an incredibly long time for them to be stuck, and it aligns very well with what we see elsewhere.”
Copy-and-Paste Fraud Methods
According to forensic reports, files on the computers of the alleged fraudsters confirmed that these centers were part of a network engaged in online gambling, which is banned in mainland China, as well as cryptocurrency fraud.
On one of the seized devices at the Beluu Sea View Resort, files and applications related to an online lottery called "6688 Caipiao," aimed at Chinese-speaking clients, were found.
Source: Ciberseguridad 720
Screenshot from the forensic report showing one of the images related to the online lottery platform found on computers used at Beluu Sea View Resort.
According to a report prepared for the Palau government by analysts from a private cybersecurity firm, the documents contained instructions in Chinese directing workers to use manipulation tactics and psychological pressure on victims, as well as possibly rigging betting results.
The report describes "two methods of deceiving clients":
“Offer an attractive bonus, then change the terms of obtaining it after the client has deposited money.”
“Use emotional tactics to manipulate the client and encourage them to deposit more money.”
Image of chats on one of the computers found during the raid.
Analysis of blockchain records also revealed a "complex and coordinated cryptocurrency fraud scheme," according to a cyber forensics report prepared by the country's financial intelligence. The fraudsters allegedly implanted worthless digital tokens into the wallets of over two million users of the popular cryptocurrency platform Tron. Users attempting to exchange the tokens lost their personal data and funds in their accounts, as stated in the report.
According to Anson, over eight months, this scheme brought in at least $1.6 million for the fraudsters from Palau.
According to the report, files seized at the Cocoro hotel, some of which were encrypted and required hacking by investigators, also show that the center used detailed instructions to engage victims in gambling on various websites. The report does not disclose the names of the organizers of the operation, but it recommends that Palau authorities work in coordination with international law enforcement agencies.
It is reported that the fraudsters managed such websites from the backend, allowing them to alter the amount of funds in accounts, offer unrealistic bonuses, and conceal losses, making users believe they were successfully gambling.
In conclusion, the report mentions that the files "clearly indicate that the individuals managing these devices were operating a coordinated criminal network under the guise of an online gambling business."
“There is reason to believe that their activities extend beyond illegal gambling,” the statement adds. “It likely involves the deployment of malware potentially used to infect victims' systems, fraud, and the expansion of criminal activity networks through unauthorized access.”
Jarod Baker, co-founder of the consulting firm Pacific Economics, which works with the government of Palau, characterized both operations as having the same logic as other fraudulent centers believed to be run by Chinese organized crime that have been uncovered in Palau in recent years.
“Illegal gambling, cyber fraud, cryptocurrency laundering, identity theft, and labor exploitation are all hallmarks of Chinese transnational criminal groups,” he noted.
Baker also pointed out that the schemes uncovered in January resemble those that were exposed in Palau in 2020 when employees also received visas from former Vice President Chin.
“In Palau, the same intermediaries continue to bring people in or hire them as IT specialists for their companies,” he added. “These are the same individuals, just operating under different names.”
Investigators who applied digital forensics methods to trace the money flows from the hotel in Beluu were able to track payments sent through the cryptocurrency platform Tron. OCCRP found that one of the digital wallets receiving the money was linked by third-party researchers to Huione Group, a Cambodian financial conglomerate that was recently sanctioned by the U.S. for allegedly laundering proceeds from fraudulent schemes in Southeast Asia.
Huione did not respond to requests for comments.
Global Scale
Despite the recently imposed sanctions by the U.S. and the U.K., as well as increasing pressure from Southeast Asian authorities, cyber fraud schemes continue to expand beyond national borders.
Source: Jorge Santos/Wikimedia Commons
According to a report from the United Nations Office on Drugs and Crime, authorities found evidence of an alleged fraud center in Oecusse-Ambeno, an exclave in East Timor.
In an April report, the United Nations Office on Drugs and Crime described the extent of the spread of fraudulent schemes worldwide, noting that syndicates from East and Southeast Asia are entering new markets, including the city of Batumi in Georgia.
In September, the agency issued a warning that organized crime groups had begun to infiltrate East Timor, referencing an August raid when evidence of a fraudulent center was found in the remote exclave of Oecusse-Ambeno.
The report also mentioned that a gaming company based in this region is linked to fraudulent schemes in Cambodia and to sanctioned Chinese organized crime figure Wang Kuok Koi, who also has business in Palau.
“The movement into East Timor demonstrates the resilience of this industry and its ability to adapt to new markets and conditions,” the report states.
Due to the limited capabilities of law enforcement in Palau, the location remains attractive to organized crime groups.
“The threat of organized fraud schemes persists in Palau,” Anson noted. “As we found out after the raids, these networks rely on access to insider information and protection to maintain their illegal operations and conceal the flow of funds.”
