An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges.
The investigation began in September 2020 when FBI agents discovered Market0Day, an online marketplace operated by a cybercriminal using the alias “SPOX.” Prosecutors later identified the administrator as Abdellah Belmili, who promoted the platform through his Telegram channel, @SpoxCoder.
Federal investigators say Belmili sold phishing kits, stolen financial data, compromised login credentials, malware tools, and other cybercrime-related services, accepting payment exclusively in Bitcoin.
To see what was being sold through the platform, FBI agents made undercover purchases from Market0Day in December 2020. Among the items obtained was a phishing kit designed to impersonate JPMorgan Chase, which investigators were able to download after completing the transaction.
Agents also paid for access to a compromised cPanel account, a web hosting management platform that can provide administrative control over a website and allow changes to its content. The credentials were never delivered.
By late 2020, customers had begun complaining that products purchased through Market0Day were not being delivered. Belmili allegedly responded by directing users to a new platform called Spoxy.us, which was marketed as a “new store for bulk SMS,” a service commonly linked to phishing campaigns conducted through text messages.
“During the course of the conspiracy, Belmili is accused of defrauding multiple institutions, including American Express, Bank of America, JPMorgan Chase, and Wells Fargo, as well as financial institutions in the United Kingdom,” the Justice Department said.
Investigators identified roughly 5,600 victims in the United States and abroad and traced approximately $900,000 in deposits to an account controlled by Belmili between January 2020 and January 2023.
Belmili was extradited to the United States on June 18 and appeared before a federal judge in Buffalo, New York. If convicted, he faces up to 30 years in prison.
“Cybercriminals often believe they can hide behind usernames and encrypted platforms. This arrest proves otherwise,” said Brendan Dunford, Acting Special Agent-in- Charge of the FBI Buffalo Field Office. “
“The FBI identified the individual behind this alleged cyber fraud scheme, followed the evidence across international borders, secured his extradition, and brought him to the United States to face justice,” concluded Dunford.
US seizes infrastructure linked to Huione Group
In a separate case, the U.S. government seized a cloud computing account tied to a Cambodia-based conglomerate accused of providing money laundering services used by cybercriminals, fraud networks, and scam operations.
Court documents link the seized account to Huione Guarantee, also known as Haowang Guarantee, a platform authorities say hosted Telegram channels advertising stolen credit card and identity data, proceeds from malware-related thefts, money laundering services, and services linked to human trafficking schemes.
“Huione Guarantee also provided escrow services for criminals transacting on its platforms to facilitate transactions, including money launderers laundering cryptocurrency. In doing so, Huione Guarantee facilitated the movement of considerable funds stolen by Southeast Asian scam centers,” authorities noted.
Last October, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) designated Huione Group as a primary money laundering concern and moved to cut the company off from the U.S. financial system.
According to the FBI’s Internet Crime Complaint Center (IC3), victims reported more than $7.2 billion in losses from cryptocurrency investment scams in 2025 alone.
