Cross-Border Cryptocurrency Investment Scam Leveraging Social Messaging Channels and Fake Regulatory Credentials

**Executive Summary:** CloudSEK identifies ZHGUI Cryptocurrency Ltd. as a coordinated mirror-exchange scam targeting Mandarin-speaking retail investors in Southeast Asia (notably Malaysia), using cloned domains, fake trading dashboards, invitation-only onboarding, and Udesk-style KYC harvesting to collect funds and personal data; on-chain TRON (TRC20) analysis reveals an aggregated laundering pipeline (RazorPay and ZHGUI routing wallets) that forwards USDT to major centralized exchanges, and the operation leverages self-submitted FinCEN MSB listings, paid PR, social media, WhatsApp recruitment, and a previously published iOS app to create false legitimacy.