Tether (Tether USD, hereinafter referred to as USDT) is issued by Tether Limited and is a centralized stablecoin pegged to the US dollar value through smart contracts on the blockchain network. In addition to possessing the anonymous transfer and permissionless use features of other cryptocurrencies, USDT also grants the issuer significant control rights, allowing developers to selectively issue or destroy USDT tokens for a specific address, or restrict specific addresses from operating USDT, commonly known as "Tether freezing".
Such centralized freezing activities are usually triggered by law enforcement requests from various government departments around the world or temporary major cryptocurrency security incidents, aiming to prevent known illegal activities using USDT and intercept damaged assets to prevent further harm. As the adoption of USDT in the real financial system increases, incidents of illegal activities involving cryptocurrencies have become more frequent, leading to more widespread Tether freezing activities, causing significant negative impacts on a large number of web3 enterprises that inadvertently accept high-risk encrypted funds, and even bringing legal risks.
This article will analyze and explain the case of the Huiong Group in Cambodia, which had 29.62 million USDT frozen by Tether.
Overview of Huiong's Business Scale
The Huiong Group is a large financial group located in Cambodia, with business segments including cryptocurrency wallets, payments, trade guarantees, insurance, and cryptocurrency exchanges. Its core payment and guarantee business heavily utilize USDT. According to the address tagging data from Bitrace's DeTrust on-chain risk fund monitoring and management platform under Bitrace, the official and user addresses of HuionePay and HuioneGuarantee exceed 180,000, making it the largest-scale cryptocurrency enterprise in the region, with influence extending to the entire Southeast Asia and even East Asia.
According to Bitrace's monitoring, from June 2022 to June 2024, the monthly fund scale of all known HuionePay and HuioneGuarantee business addresses has been on the rise, from a minimum of 10.3 billion USDT in June 2022 to a peak of 83.9 billion USDT in April 2024, with a total fund scale of 102.397 billion USDT over the two years.
During this period, Huione's related business addresses also maintained a significant amount of reserves. Between June 2022 and June 2024, the daily average balance of all known HuionePay and HuioneGuarantee business addresses reached 35.68 million USDT.
Due to the high incidence of illegal activities using cryptocurrencies in the Southeast Asian region, Huione's business addresses have been affected to a certain extent. Taking the core business address TL8TBp currently used by HuioneGuarantee as an example, according to Bitrace's monitoring, between July 1, 2023, and June 30, 2024, a total of 2.158 billion USDT flowed into this address, with high-risk funds for online gambling accounting for 0.35 billion (1.62%), high-risk funds for black and gray market transactions accounting for 3.39 billion (15.71%), high-risk funds for money laundering accounting for 0.54 billion (2.50%), and high-risk funds for fraud accounting for 0.02 billion (0.09%).
Analysis of Frozen Funds in Huiong
On July 13, 2024, Tronscan showed that the Tron network address TNVaKW was restricted by Tether Limited, with a high amount of 29.62 million USDT frozen and unable to be transferred. Bitrace immediately intervened in the investigation.
Preliminary investigation results showed that just five days after the creation of TNVaKW, the total transaction scale of funds exceeded 1 billion USDT, receiving deposits from a large number of Tron addresses marked as HuionePayUser, as well as funds from other official HuionePay and HuioneGuarantee addresses. Therefore, Bitrace confirmed that this address is an official business address of Huione and judged that the reason for the freeze was the receipt of a large amount of stolen encrypted funds.
The next day, well-known on-chain detective ZachXBT further stated on social media that in the earlier theft incident at the Japanese exchange DMM, the related stolen assets had entered HuionePay through cross-chain exchanges.
Based on the addresses publicly disclosed by ZachXBT, Bitrace discovered more addresses related to money laundering activities and conducted a retrospective analysis of the entire fund chain. Among them—
>165BTC cross-chain to Avalanche via AvalancheBridge
>182BTC cross-chain to Ethereum via ThorChainBridge
>263BTC cross-chain to Ethereum via ThresholdBirdge
The obtained tBTC, BTC.b, and other assets were exchanged for assets such as USDT, USDC, DAI, etc., with a value equivalent to 31.82 million USD, and then cross-chain exchanged to the TRON network, with approximately 14 million eventually entering TNVaKW.
It is worth noting that the DMM incident is just one of the publicly disclosed security incidents involving funds flowing into Huione addresses. During June 5 to 7, 2024, at least 1.05 million USDT related to the Poloniex exchange theft incident flowed into multiple HuionePay official business addresses, including TLmktr, TR5F41, and TNVaKW.
Currently, there is no direct evidence to indicate that the freezing of TNVaKW is related to the funds from these two security incidents. However, considering that other business addresses of Huione have not been frozen, this at least indicates that this freezing action is not specifically targeting the Huione Group itself.
Analysis of Huiong's Payment Run on Bank
As mentioned earlier, the daily average balance of all known HuionePay and HuioneGuarantee business addresses is 35.68 million USDT, and in the three months before the freezing incident, this value has been maintained at around 40 million USDT. The frozen 29.63 million USDT is equivalent to 75% of its reserves, indicating a certain withdrawal pressure.
An analysis of the latest HuionePay business address TQuFSv—
The address TNVaKW was activated 2.5 hours after being frozen, and began processing deposits and withdrawals for HuionePay users, as well as receiving an inheritance of 114,800 USDC from TNVaKW. As of 9:34:39 on July 16, 2024, its transaction volume had reached 733 million USDT.
Hourly statistics of the income and expenses of TQuFSv did not reveal any significant abnormal financial phenomena, and the address still has a balance of 12.88 million USDT.
An analysis of the counterparties of TQuFSv showed that the top ten counterparties in terms of funds received transferred a total of 147 million USDT, with two addresses marked as HuioneGuarantee addresses transferring 73 million USDT and 15 million USDT to TQuFSv, accounting for 23.64% of the total transfers. The top ten counterparties in terms of funds sent received a total of 80 million USDT from TQuFSv, with three addresses marked as HuioneGuarantee addresses receiving 14 million USDT, 8 million USDT, and 6 million USDT, accounting for 7.76% of the total transfers.
This indicates that HuionePay experienced a significant outflow of funds after the freezing incident, but the official entity promptly replenished the reserves from other business addresses to meet user withdrawal requests.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
