New details have emerged regarding a significant breach in NVIDIA’s AI hardware export controls to China. The story specifically involves Super Micro servers equipped with advanced NVIDIA GPUs, which managed to reach China despite export prohibitions. It’s now understood that a route through Thailand was used for this purpose, with Alibaba mentioned as one of the alleged end customers. The most sensitive aspect is that the official accusation from the US Department of Justice does not publicly name any of these companies, only referring to a “Company-1” in Southeast Asia. This company has been identified as OBON Corp, based in Bangkok, reportedly responsible for getting the hardware to China, specifically to Alibaba.
According to the US indictment, Yih-Shyan “Wally” Liaw, Ruei-Tsang “Steven” Chang, and Ting-Wei “Willy” Sun allegedly participated in an operation to divert high-performance servers assembled in the United States to customers in China, violating export control laws. Liaw is described as a co-founder, board member, and senior vice president of business development for a US server manufacturer. Chang was in charge of the Taiwan office, and Sun acted as an external broker. The Department of Justice states that Chang remains a fugitive, while Liaw and Sun have been arrested.
The gray market remains the entry point for ‘prohibited’ NVIDIA AI hardware in China
The scheme attributed to the group was relatively sophisticated. A Southeast Asian company placed orders for restricted servers, claiming they were for its own use. These units were shipped from the United States to facilities in Taiwan and then to Southeast Asia. There, according to prosecutors, NVIDIA AI hardware was repackaged into unmarked boxes to conceal its contents and then redirected to China. The indictment speaks of approximately 2.5 billion dollars in orders between 2024 and 2025, with at least 510 million dollars in diverted servers between late April and mid-May 2025.
A particularly striking detail is the use of fake servers to deceive audits. Prosecutors assert that those involved created non-functional physical replicas to create the illusion that the inventory remained stored in Southeast Asia, when in reality, the servers had already been shipped to China. The use of a hairdryer to remove and reapply labels and serial numbers on fake boxes and equipment before internal inspections and inspections by the Department of Commerce has even been mentioned.
The novelty of this news lies in the connection with Thailand and Alibaba. Reuters, citing Bloomberg, indicates that the intermediary company described as “Company-1” was reportedly OBON Corp, based in Bangkok and linked to Thailand’s national AI initiative. It also states that Alibaba was allegedly one of the end customers for some of these servers. However, Alibaba denies any commercial relationship with Super Micro, OBON, or the cited brokers, and claims it does not use and has never used prohibited NVIDIA chips in its data centers.
Super Micro distances itself from the accused
Super Micro is attempting to distance itself from the accused. The company stated that it is not a defendant in the case. Upon learning of the events, it suspended Liaw and Chang, severed ties with Sun, and asserted that the described conduct contradicts its internal policies and compliance controls. It also stated its intention to cooperate with the US government’s investigation.
The regulatory context is crucial. Since 2022, the United States has restricted the export of advanced AI chips to China for national security reasons. However, in January 2026, the Department of Commerce revised its policy to consider licenses on a case-by-case basis for products like NVIDIA H200 GPUs, AMD MI325X, and similar, always under security requirements, performance verification, and buyer controls. This means the NVIDIA H200 transitioned from being banned to potentially being sold under specific conditions.
China continues to have enormous demand for NVIDIA accelerators despite restrictions. The controls based on licenses, audits, and end-user declarations can be compromised when intermediaries, opaque logistics routes, and physical repackaging are involved. For Washington, this case reinforces the argument that controlling the chip alone is insufficient. Therefore, it is also necessary to control complete servers, integrators, brokers, warehouses, transit routes, and the end customer.
