Original Author: Beosin

Abstract

This report is supported by the Digital Asset Anti-Money Laundering Professional Committee (DAAMC) under the Hong Kong Virtual Asset Industry Association (HKVAIA) and is led by Beosin. It focuses on the core issues of anti-money laundering (AML) related to stablecoins, systematically sorting out the basic concepts of stablecoins, global regulatory differences, and financial security risks. It emphasizes the construction of AML technical solutions and ecological governance paths in Hong Kong, providing professional references for the compliant development of stablecoins.

The report clarifies that stablecoins are digital assets pegged to fiat currencies and other assets, primarily dominated by fiat-collateralized types (such as USDT, USDC). Their applications cover scenarios such as cross-border remittances, daily consumption, and value storage. The regulatory policy section compares the differences between Hong Kong's "Stablecoin Ordinance" and the U.S. "GENIUS Act," while also analyzing policies from countries such as Singapore, Japan, South Korea, and the UAE.

Regarding the financial security risks of stablecoins, their anonymity and cross-border convenience make them susceptible to illegal and suspicious activities such as terrorist financing, ransomware attacks, and dark web transactions, necessitating vigilance against the risks that may impact the development of stablecoins. Based on this, Beosin has proposed a targeted "source prevention - dynamic monitoring - precise governance" full lifecycle solution for Hong Kong, covering stablecoin smart contract security, on-chain monitoring of stablecoins, and KYT/KYA risk assessments, achieving AML monitoring and criminal intelligence analysis.

Finally, the report offers suggestions from the perspectives of industry self-discipline, inter-departmental collaboration, and user education, assisting DAAMC in promoting the construction of a compliant ecosystem for stablecoins in Hong Kong.

Chapter 1: Concept and Development Trends of Stablecoins

1.1 Definition and Classification of Stablecoins

Stablecoins are digital assets that are pegged to real-world assets (such as fiat currencies, gold, commodities, or real estate) to maintain a relatively stable value. In the field of digital assets, stablecoins have been widely used for trading, payments, and value storage, becoming a bridge between traditional finance and digital finance.

Currently, multiple countries and regions are legislating or have already legislated in the field of stablecoins to clarify the definition of stablecoins and establish an issuer licensing system, providing legal certainty for market participants.

Hong Kong's regulatory framework clearly defines "Fiat-Referenced Stablecoins (FRS)," which refers to stablecoins whose value is fully referenced to one or more official currencies, accounting units designated by the Monetary Authority, or forms of economic value storage, or their combinations, to maintain stable value. The U.S. "GENIUS Act" defines stablecoins as digital assets used as a means of payment or settlement tool, requiring issuers to maintain stable value relative to fixed currencies.

The implementation methods of stablecoins determine their operational models, regulatory difficulties, and risk levels within the financial system. In addition to fiat-collateralized stablecoins, there are other types of stablecoins in the blockchain ecosystem that anchor the value of the U.S. dollar.

Table 1-1 Classification of Stablecoins

1.2 Introduction to the Top 10 Stablecoins by Global Market Capitalization

Stablecoins have a development history of over 10 years. Since the issuance of USDT in 2014, the stablecoin market has developed rapidly, with fiat-collateralized stablecoins occupying a leading position in the market. As of August 20, 2025, according to statistics from DefiLlama, the total circulating market capitalization of stablecoins globally reached $277.5 billion, with the top ten stablecoins by market capitalization being:

Table 1-2 Overview of Top 10 Stablecoins

Data Source: https://defillama.com/stablecoins

In terms of market share, fiat-collateralized stablecoins account for over 83.46%, including USDT, USDC, USD 1, FDUSD, PYUSD, RLUSD, and TUSD, dominating the market. USDe, as a synthetic dollar stablecoin, has gained attention and recognition in the crypto market by generating stablecoin yields through arbitrage trading of mainstream digital assets like ETH on centralized exchanges, becoming the third-largest stablecoin.

On the on-chain trading data level, the trading frequency of stablecoins shows an upward trend. According to Visa's statistics, the total trading volume of stablecoins exceeded $27.6 trillion in 2024, with an effective trading volume of $5 trillion. USDT has consistently been the most traded stablecoin, followed by USDC, together accounting for over 90% of stablecoin trading data.

Figure 1-1 Monthly Trading Volume of Stablecoins

Data Source: Transactions | Visa Onchain Analytics Dashboard

Note: Effective Transaction Volume excludes trades by bots, internal transactions of smart contracts, internal exchange trades, and trades by high-frequency traders.

In the past year, USDT based on the TRON network has seen significant growth, with circulating USDT exceeding $82.6 billion, surpassing Ethereum to become the blockchain network with the largest circulation of USDT. BSC (also known as BNB Chain) has experienced a surge in trading volume due to Binance's support for free withdrawals of stablecoins to the BSC network, making it the blockchain network with the highest number of stablecoin transactions in the past year.

Figure 1-2 Annual Trading Volume and Number of Transactions of USDT and USDC on Mainstream Chain Platforms

Data Source: Transactions | Visa Onchain Analytics Dashboard

The trading volume and number of transactions of stablecoins on networks such as Base, Solana, Arbitrum, and Polygon are also noteworthy. As shown in the above figure, although Ethereum remains the primary blockchain network for the circulation and trading of stablecoins, blockchains with lower transaction costs and faster speeds are becoming new choices for businesses and ordinary users to use stablecoins.

1.3 Main Application Scenarios of Stablecoins

In July 2025, the International Monetary Fund analyzed the effective trading volume (Adjusted Transaction Volume) of stablecoins totaling $2 trillion across six chains: Ethereum, Binance Smart Chain, Optimism, Arbitrum, Base, and Linea, to assess the global liquidity of stablecoins.

The research report shows that the largest liquidity scale of stablecoins is in North America, reaching $633 billion, followed by the Asia-Pacific region with $519 billion; in terms of the proportion of stablecoin liquidity relative to GDP, Latin America and the Caribbean account for 7.7%, while Africa and the Middle East account for 6.7%. Emerging markets (such as Latin America and the Caribbean, Africa, and the Middle East) use stablecoins more frequently due to capital controls and unstable fiat currencies, primarily for cross-border flows, with stablecoin liquidity accounting for only 12%-14% within the region.

From the above data, it can be seen that stablecoins have become an indispensable role in the global financial ecosystem, with the main application scenarios as follows:

1. Cross-Border Remittances and Settlements

Traditional cross-border remittances rely on the SWIFT system, requiring multiple intermediaries such as banks and correspondent banks, which leads to issues such as slow speed, high costs, and low transparency. Stablecoins, based on blockchain technology, have rebuilt an efficient and low-cost global payment network through "peer-to-peer" transactions.

2. Daily Consumption

Southeast Asian ride-hailing platform Grab has supported users in Singapore and the Philippines to recharge digital assets like USDC and USDT into GrabPay, which can be used for daily payment scenarios such as rides, food delivery, and coffee purchases.

E-commerce platform Shopify supports the integration of Solana Pay, allowing users to complete payments using USDC on the Solana chain. As of May 2025, over 2000 Shopify merchants have supported Solana Pay.

3. Value Storage and Financial Management

The "value stability" characteristic of stablecoins makes them the "base currency" of the digital asset market, meeting the demand for hedging while also deriving rich financial scenarios due to their technological characteristics, becoming a bridge connecting traditional finance and digital finance.

In countries with high inflation of their fiat currencies (such as Argentina and Turkey), local residents choose to exchange their fiat currencies for stablecoins like USDT (pegged to the U.S. dollar) to resist the depreciation of their fiat currencies. For example, in Turkey, due to long-term high inflation and currency depreciation issues, the adoption rate of local stablecoins and mainstream digital assets continues to rise. In 2024, the total trading volume of USDT/TRY (Turkish Lira) on Binance, the world's largest digital asset exchange, exceeded $43.82 billion.

Figure 1-3 Trading Volume of USDT Stablecoin Exchange with Turkish Lira on Binance in 2024

Data Source: https://www.tradingview.com/symbols/USDTTRY/

In addition to resisting fiat currency depreciation, stablecoins can also be used for financial management. In the decentralized finance (DeFi) sector, stablecoin holders can choose to deposit stablecoins into decentralized lending protocols (such as Aave) to earn interest from borrowers, with annualized returns determined by market demand; or provide liquidity for trading pairs like USDT-USDC on decentralized exchanges like Uniswap to earn trading fees.

1.4 The Rise of Stablecoins and Regulatory Trends

2025 is hailed as the "Year of Stablecoins," as stablecoins transition from being marginal tools in digital asset trading to the global financial mainstream stage. As a type of digital asset pegged to fiat currencies or commodities, stablecoins demonstrate disruptive potential not only in cross-border payments, supply chain finance, and asset tokenization due to their price stability, low transaction costs, and efficient settlement, but also become a new focus of competition in global financial infrastructure.

However, alongside its rapid development, stablecoins have also brought many potential risks, including challenges to monetary policy, financial stability, consumer protection, and illegal financial activities such as money laundering and terrorist financing. International financial institutions have maintained a high level of concern regarding the risks associated with stablecoins. For example, the Bank for International Settlements (BIS) issued a stern warning in its report about the performance of stablecoins as widely used currencies, pointing out their lack of central bank backing, insufficient measures to prevent illegal use, and deficiencies in generating loans in terms of funding flexibility. The BIS report indicates that the anonymous holding characteristics of stablecoins may help conceal "dirty money" and face the risk of rapid redemptions by investors, potentially undermining monetary sovereignty and triggering capital flight from emerging economies.

In response to the technical challenges and systemic risks posed by the high liquidity, cross-border convenience, and anonymity of stablecoins and other digital assets, the Financial Action Task Force (FATF) recommended in 2019 extending the travel rule to digital asset service providers, requiring them to adhere to transfer standards consistent with those of banks. According to the travel rule, digital asset transactions exceeding a certain threshold (usually $1,000) must be reviewed through KYC and due diligence procedures.

Countries and regions have gradually advanced regulatory frameworks related to digital assets based on the recommendations and guidelines issued by the FATF, covering aspects such as digital asset trading service providers, stablecoins, and digital asset custody. The year 2025 became a "watershed" for global stablecoin regulation, with the U.S. and Hong Kong respectively launching the "GENIUS Act" and the "Stablecoin Ordinance," while most provisions of the EU's "MiCA Act" also came into effect in 2025. Countries like Japan and South Korea began evaluating the issuance of their fiat-pegged stablecoins, and the global regulatory framework for stablecoins gradually became clearer.

Chapter 2: Research on Stablecoin Policies

2.1 Analysis of Hong Kong's Stablecoin Regulatory Policy

Hong Kong has clearly expressed its strategic goal of becoming a global leading center for digital asset innovation and investment. To achieve this vision, Hong Kong emphasizes the establishment of a robust and appropriate regulatory environment, viewing it as a prerequisite for the sustainable and responsible development of the stablecoin ecosystem. This strategy is based on its inherent advantages as an international offshore financial center, including a comprehensive financial infrastructure in areas such as cross-border payments, asset management, clearing, and custody.

Hong Kong's linked exchange rate system provides a high degree of stability for the Hong Kong dollar, creating a solid monetary foundation for issuing stablecoins denominated in Hong Kong dollars and backed by fiat currency reserves. This strategic integration of digital assets into the existing financial infrastructure and monetary system indicates that Hong Kong does not view digital assets as a completely independent domain but strives to integrate them into the established financial ecosystem. The stability of the Hong Kong dollar provides a credible anchor for stablecoins, allowing Hong Kong to stand out when competing with jurisdictions that have underdeveloped financial infrastructures or high volatility in fiat currencies.

2.1.1 Regulatory Policy Goals and Guiding Principles

The core goal of Hong Kong's stablecoin regulatory system is to prevent potential risks that fiat-referenced stablecoins (FRS) may pose to monetary policy, financial stability, and investor protection. Its guiding principle is "same activity, same risk, same regulation," which runs throughout the "Stablecoin Ordinance," aiming to ensure that regulatory requirements meet international standards while being tailored to local conditions in Hong Kong. This approach aims to promote the healthy and orderly development of the digital asset market.

The regulatory framework also pays special attention to the unique challenges posed by stablecoins, such as their anonymity and convenient cross-border usage, which may increase the risks of anti-money laundering (AML) and counter-terrorism financing (CFT). The combination of the "same activity, same risk, same regulation" principle with a clear understanding of the unique risks associated with stablecoins (such as anonymity and cross-border nature) reflects the maturity of Hong Kong's regulatory philosophy. This is not simply a matter of transplanting existing rules into the digital asset space but involves tailored adjustments based on the unique technological characteristics of digital assets while acknowledging their functional equivalence to traditional financial instruments. This meticulous approach aims to prevent regulatory arbitrage and ensure effective mitigation of emerging risks. If the functions of stablecoins are similar to those of traditional financial instruments (such as payment and value storage), they should be subject to similar regulations to fill potential regulatory gaps. However, their technological characteristics (such as distributed ledger technology and potential anonymity) introduce new risks that traditional rules do not fully cover. Therefore, the Monetary Authority must adjust based on existing principles and introduce new measures (such as strict AML/CFT requirements for distributed ledger technology) to achieve comprehensive regulation.

2.1.2 Definition of Regulatory Scope

1. Clear Definitions: "Fiat-Referenced Stablecoins (FRS)"

Hong Kong's regulatory framework has clearly defined "stablecoins" and "fiat-referenced stablecoins (FRS)" to ensure precision and effectiveness in regulation.

Definition of "Fiat-Referenced Stablecoins (FRS)": FRS refers to stablecoins whose value is fully referenced to one or more official currencies, accounting units designated by the Monetary Authority, or forms of economic value storage, or their combinations, to maintain stable value. Currently, the scope of "designated stablecoins" is limited to fiat-referenced stablecoins. The regulatory framework covers FRS that reference a single currency and those that reference multiple currencies.

The Monetary Authority focuses its main regulatory efforts on FRS, reflecting a risk-based regulatory strategy. FRS, particularly those pegged to major fiat currencies, are considered to pose the most direct and significant risks to monetary and financial stability due to their widespread adoption potential as payment means and their direct connection to the traditional financial system. In contrast, stablecoins pegged to commodities (such as gold) or other digital assets typically have narrower use cases and smaller direct systemic impacts. By prioritizing the regulation of FRS, the Monetary Authority first addresses the most pressing regulatory needs while retaining the flexibility to expand the regulatory scope as the market evolves.

2. Licensing Requirement: Stablecoin Activities Must Apply for Licenses

In Hong Kong, any entity engaging in any of the "regulated stablecoin activities" must obtain a license from the Monetary Authority in advance: issuing designated stablecoins while conducting business in Hong Kong, issuing designated stablecoins pegged to the Hong Kong dollar outside of Hong Kong, and actively promoting the issuance of their fiat-referenced stablecoins to the public in Hong Kong.

The determination of "active promotion" is based on a comprehensive assessment, including marketing language (especially the use of Chinese), whether it targets Hong Kong residents, whether it uses Hong Kong domain names, and whether there is a detailed marketing plan. "Issuing" or "minting" typically refers to the initial recording and allocation of stablecoins on a distributed ledger to digital wallet addresses. The determination of "issued in Hong Kong" also takes a comprehensive approach, considering factors such as the location of daily management and operations, registration location, minting and destruction locations, reserve asset management locations, and the location of bank accounts handling cash flows.

3. Treatment of Algorithmic Stablecoins: De Facto Exclusion

Hong Kong's regulatory framework takes a de facto exclusionary stance towards algorithmic stablecoins. Due to the lack of actual reserve asset support, algorithmic stablecoins will not meet the Monetary Authority's strict reserve asset-related licensing conditions for FRS issuers. Although algorithmic stablecoins may technically meet the definition of "designated stablecoins," their inability to meet minimum standards, particularly reserve requirements, effectively prevents them from obtaining licenses.

This de facto exclusion of algorithmic stablecoins, despite their theoretical inclusion in the definition of "designated stablecoins," represents a strong prudential stance. It reflects the global consensus among regulators following the Terra/Luna incident that unsupported or under-collateralized stablecoins pose unacceptable systemic risks, thereby prioritizing stability and investor protection over speculative innovation. The Monetary Authority's approach aligns with international standards (such as those from the Financial Stability Board (FSB) and the Basel Committee on Banking Supervision (BCBS)), which emphasize that stablecoins used for payments must have adequate reserve support. By setting strict reserve requirements, the Monetary Authority effectively filters out inherently unstable algorithmic models, indicating a cautious attitude towards innovation while prioritizing financial stability.

2.1.3 Licensing System for Fiat-Referenced Stablecoin Issuers

The core of Hong Kong's stablecoin regulatory system is a mandatory licensing framework that imposes strict requirements on fiat-referenced stablecoin (FRS) issuers. The "Stablecoin Ordinance" establishes a "license-first" or "closed-loop" regulatory model that emphasizes prior authorization. This model is generally stricter than the "post-compliance" paths in some other jurisdictions. The Monetary Authority is the primary regulatory body, with comprehensive functions for licensing, auditing, revoking licenses, and issuing operational guidelines. The Monetary Authority has the authority to establish a "designated stablecoin list" and prohibit unauthorized stablecoins from circulating or being used for payments in Hong Kong.

The "license-first" approach, combined with the Monetary Authority's broad discretion (including the establishment of the "designated stablecoin list"), indicates that Hong Kong's regulatory environment is highly controlled and centralized. This contrasts with more lenient or decentralized regulatory concepts, reflecting Hong Kong's emphasis on prudent regulation and market integrity from the outset. By requiring prior authorization, the Monetary Authority can review the business models, financial soundness, and control systems of stablecoins before they enter circulation, significantly reducing risks. The "designated stablecoin list" provides a dynamic market control tool, allowing the Monetary Authority to respond swiftly to emerging risks or non-compliant entities by restricting market access.

Obtaining and maintaining a stablecoin issuer license in Hong Kong requires meeting a series of strict conditions and ongoing regulatory requirements designed to ensure the issuer's sound operation and protection of stablecoin holders.

1. Mandatory Requirements for Company Status and Local Presence

FRS issuers must be companies registered in Hong Kong. The senior management team and key personnel must reside in Hong Kong. Non-Hong Kong registered companies (except for institutions recognized and prudently regulated by Hong Kong) must establish a subsidiary in Hong Kong to apply for an FRS issuer license.

2. Minimum Financial Resources and Capital Adequacy Ratio

FRS issuers must meet minimum financial resource requirements. The minimum paid-up capital requirement is HKD 25,000,000. The Monetary Authority reserves the right to impose additional capital requirements when necessary. Retaining the discretion to impose additional capital conveys a flexible yet firm risk management attitude. While maintaining adequate capital buffers is crucial for financial stability, excessively high initial capital requirements may stifle innovation and hinder new entrants. This reflects a nuanced consideration of ensuring sufficient financial support while encouraging participation, acknowledging that the stablecoin market is still in its early stages.

3. Comprehensive Reserve Asset Management and Custody

FRS issuers must establish effective stabilization mechanisms. The total market value of reserve assets must at all times be no less than the total face value of circulating FRS (i.e., fully backed). Issuers should also consider the risk profile of reserve assets and ensure appropriate over-collateralization to provide a buffer. Reserve assets must be high-quality, highly liquid assets (e.g., bank deposits denominated in reference currencies). Reserve assets must be held in the same reference currency as the stablecoin, and the reserve assets for each stablecoin must be strictly separated from the issuer's other reserve pools and operational assets. Effective trust arrangements (e.g., appointing independent trustees or trust declarations) must be established to ensure that these assets are held for and in the interests of stablecoin holders.

The Monetary Authority will adopt a risk-based regulatory approach to assess the adequacy of reserve assets. The strict requirements for full backing of reserve assets, high liquidity, segregation, and sound trust arrangements are the cornerstones of Hong Kong's strategy for investor protection and financial stability regarding stablecoins. This effectively imposes "bank-like" prudential standards on stablecoin reserves, aimed at preventing liquidity crises and decoupling events that have occurred in more loosely regulated stablecoin models. Past failures of stablecoins often stemmed from insufficient reserves, poor liquidity, commingling of funds, or inadequate legal protections for holders. By imposing these strict requirements, the Monetary Authority directly addresses these vulnerabilities, ensuring that stablecoin holders have clear and enforceable rights to their underlying assets and that the peg of the stablecoin can be maintained even under stress.

4. Robust Redemption Mechanism and Timeliness Standards

Holders of FRS must be able to redeem stablecoins at face value in a timely manner, without incurring undisclosed or disproportionate fees, or having to meet unreasonable redemption conditions. Redemption requests must be fulfilled within one business day of receipt. If the issuer anticipates difficulty in meeting redemption requests within one business day (for example, due to unforeseen market pressures), prior approval from the Monetary Authority should be sought.

The "one business day" redemption standard sets a very high threshold for the operational efficiency and liquidity management of FRS issuers. This directly addresses the inherent "run" risk of stablecoins, aiming to maintain confidence and prevent systemic contagion. The ability for rapid redemptions is crucial for maintaining the peg of stablecoins and preventing panic redemptions. By setting a strict one-day standard, the Monetary Authority compels issuers to maintain highly liquid reserves and sound operational processes, minimizing the risk of liquidity mismatches that could lead to instability in stablecoins.

5. Requirements and Impacts on Ordinary Users

For digital asset wallet holders or ordinary users considering entering the stablecoin market, there are several points to note under Hong Kong's stablecoin regulations:

(1) KYC/AML Requirements

Users must complete real-name authentication when using regulated stablecoin issuers or related platforms (exchanges, custodial wallets) in Hong Kong.

(2) Source of Funds Review

Cross-border large transfers or frequent transactions may trigger anti-money laundering reviews.

(3) Restrictions on Stablecoin Use and Trading

In Hong Kong, the future use and trading of stablecoins may be subject to strict licensing requirements, and according to HKMA's requirements, the licensed stablecoins held by users can be redeemed at any time. Before the introduction of the Hong Kong OTC Act, ordinary users can still trade USDT and USDC on licensed digital asset trading platforms in Hong Kong (e.g., HashKey, OSL). However, under the future Hong Kong OTC licensing system, it is currently uncertain whether ordinary users will be able to trade unlicensed stablecoins like USDT and USDC.

(4) Taxation Requirements

Hong Kong currently does not impose capital gains tax, and buying and selling stablecoins themselves are generally not taxed, but commercial uses (e.g., payments, salary settlements) must be reported for tax purposes.

2.1.4 Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) Framework

1. Adherence to International Standards: FATF Recommendations and "Travel Rule"

Hong Kong actively adopts international standards in AML/CFT, particularly the recommendations of the Financial Action Task Force (FATF). The updated anti-money laundering framework in Hong Kong, including regulations for virtual asset service providers (VASPs), aligns with FATF and its Recommendation 16—"Crypto Travel Rule." The travel rule applies to all digital asset transfers exceeding HKD 8,000 (approximately USD 1,000). VASPs are given a six-month window to comply with the travel rule, allowing for gradual integration and avoiding business disruptions.

Hong Kong's active implementation of FATF Recommendation 16 (the travel rule) demonstrates its commitment to global AML/CFT standards and its ambition to be a responsible leader in the field of digital asset regulation. This alignment helps facilitate cross-border interoperability and reduces the risk of being perceived as a weak link in the global financial crime prevention network. The travel rule requires financial institutions and VASPs to transmit information about the originator and beneficiary during digital asset transfers, similar to traditional wire transfers. By adopting this rule, Hong Kong enhances traceability, reduces anonymity, and addresses the AML challenges posed by the cross-border and potentially anonymous nature of stablecoins. This strengthens Hong Kong's position as a compliant jurisdiction, which is crucial for attracting legitimate digital asset businesses.

2. Risk-Based Approach (RBA) for Money Laundering/Terrorism Financing Assessment and Mitigation

Licensees must adopt a risk-based approach (RBA) when designing and implementing AML/CFT policies and procedures. A money laundering/terrorism financing risk assessment must be conducted at the institutional level, considering risks related to customers, countries, products, and delivery channels. The assessment must be properly documented, approved by senior management, and kept up to date. For lower-risk situations, the system can be simplified, but it cannot be simplified when there are suspicions of money laundering/terrorism financing.

The use of RBA allows for flexible and proportionate AML/CFT measures, adjusting controls based on the specific risk characteristics of the issuer's business model and customer base. This avoids a "one-size-fits-all" approach that may impose excessive burdens on low-risk activities while ensuring sufficient rigor for high-risk activities. The money laundering/terrorism financing risks associated with stablecoin activities can vary significantly. RBA allows issuers to allocate resources effectively, focusing on high-risk areas. This also reflects international best practices in AML/CFT, promoting effective risk mitigation without stifling legitimate innovation.

3. Wallet Management and Enhanced Customer Due Diligence (CDD)

Licensees must properly manage the AML/CFT risks associated with the wallets used by their customers for stablecoin transactions. Customer wallet addresses must be identified, and ownership must be verified through methods such as micro-payments, message signature tests, or obtaining evidence from custodial wallet providers.

For self-custodial wallets provided by custodial wallet providers or used by financial institutions/VASPs, due diligence measures include collecting owner information, assessing their reputation and AML/CFT quality, and evaluating the adequacy of their control measures.

The detailed requirements for wallet management and CDD, including wallet ownership verification and due diligence on custodial providers, directly address the challenges posed by pseudonymity in digital asset transactions. This is a key step in bridging the gap between blockchain anonymity and the need for financial transparency. One of the main AML challenges in the digital asset space is the ability to transact with "non-custodial wallets" without clear identification. By requiring verification of wallet ownership and due diligence on third-party wallet providers, the Monetary Authority mandates issuers to establish a clear link between stablecoin transactions and verified identities, significantly reducing anonymity risks and enhancing traceability.

4. Ongoing Monitoring of Stablecoin Transactions and Strategies for Mitigating Illegal Activities

Licensees must monitor circulating stablecoins to prevent their use for illegal purposes, with the level of monitoring proportional to the money laundering/terrorism financing risks. Stablecoin transactions are recorded on the blockchain, providing traceability to identify illegal activities. Possible measures include using blockchain analysis technology to continuously screen transactions and wallet addresses, blacklisting sanctioned or illegal wallet addresses, and freezing stablecoins upon request from regulatory agencies/law enforcement. Unless the licensee can demonstrate the effectiveness of these measures to the Monetary Authority, the identity of each stablecoin holder must be verified by the licensee, a regulated financial institution/VASP, or a reliable third party.

The Monetary Authority has higher expectations for the effectiveness of blockchain analysis and blacklisting, and in the absence of proven effectiveness of anti-money laundering technologies, it defaults to requiring "identity verification for each stablecoin holder," indicating a highly conservative and risk-averse approach to emerging AML technologies. This means that relying solely on technological solutions may not be sufficient to meet Hong Kong's stringent AML standards, and manual verification remains crucial. While blockchain analysis provides promising tools for identifying illegal activities, the Monetary Authority acknowledges its limitations (e.g., difficulty in identifying ultimate beneficial owners, reliance on external data). By prioritizing direct identity verification, the Monetary Authority indicates that it will not compromise on fundamental AML principles, even while exploring technological advancements. Therefore, the current stablecoin ecosystem in Hong Kong has a robust "KYC" foundation.

2.2 Analysis of the U.S. Stablecoin Bill

2.2.1 Definition and Scope of "Payment Stablecoins"

The "GENIUS Act" primarily regulates a specific class of digital assets known as "payment stablecoins." These assets are typically defined as digital assets intended to serve as payment or settlement tools, with issuers obligated to redeem, repurchase, or exchange such assets at a fixed monetary value, and these assets are not considered national currency. A key aspect of the bill is the explicit statement that payment stablecoins issued by authorized issuers are not considered "securities" under U.S. federal securities laws, nor are they considered "commodities" under the Commodity Exchange Act. This legislative exemption aims to establish a clear regulatory path for compliant stablecoins, largely freeing them from direct oversight by the U.S. Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC).

This clear definition primarily targets fiat-backed stablecoins that maintain a 1:1 peg. Therefore, algorithmic stablecoins that typically lack 1:1 reserve backing and rely on complex algorithms to maintain their peg may not qualify as "payment stablecoins" under this framework. This effectively excludes them from the regulatory "safe harbor" provided by the GENIUS Act's classification of securities/commodities, potentially leaving them still subject to existing securities or commodity laws.

The explicit exclusion of compliant payment stablecoins from the definitions of "securities" and "commodities" is a significant step in regulatory terms. This directly addresses one of the most important sources of regulatory uncertainty that has plagued the U.S. crypto industry for years. By clearly defining regulatory classifications, the bill places the regulation of these specific digital assets primarily under banking regulators rather than market regulators. This clarity aims to enhance the confidence of traditional financial institutions and businesses, encouraging them to use stablecoins for various purposes such as payments, cross-border transactions, and fund management. It also creates a unique segment within the broader digital asset market, where "payment stablecoins" are treated differently from other digital assets or tokenized assets, thereby establishing a more specialized and predictable regulatory environment for this specific asset class.

2.2.2 Core Prudential and Operational Requirements

1. Reserve Asset Management

Authorized Payment Stablecoin Issuers (PPSIs) are strictly required to maintain at least a 1:1 reserve to support their circulating payment stablecoins. Eligible types of reserve assets include: U.S. coins and paper currency (including Federal Reserve notes), deposits at custodial institutions or foreign deposit institutions, short-term government securities with a remaining maturity of 93 days or less, repurchase agreements collateralized by short-term government securities, certain reverse repurchase agreements, money market funds that invest solely in the above eligible assets, and central bank reserve deposits. Notably, the bill does not grant major federal regulatory agencies the authority to expand the list of eligible reserve assets, even if they believe other assets have sufficient liquidity.

Reserve assets may not be pledged, re-pledged, or reused, except for the purpose of providing liquidity to meet reasonably anticipated stablecoin redemption requests. In this case, short-term government securities may be pledged as collateral for repurchase agreements, but these repurchase agreements must be cleared by an approved central counterparty or receive prior approval from the relevant regulatory agency. Reserve assets must be held by qualified third-party custodians and strictly segregated from the issuer's operating funds. Issuers must also publicly disclose the total amount of circulating payment stablecoins and the amount and composition of reserve assets on their website each month. Monthly reports must be reviewed by a registered accounting firm, and the CEO and CFO must certify the accuracy of the reports, with intentional false certification facing criminal penalties.

The strict limitations on reserve assets in the "GENIUS Act" are primarily confined to U.S. dollar-denominated assets and U.S. Treasury securities, which is not coincidental. This provision explicitly supports the dominant position of the U.S. dollar in the global digital economy and brings sustained demand for the U.S. Treasury market. This stands in stark contrast to Hong Kong's more flexible approach to reserve assets, reflecting the deep consideration of the U.S. in regulating stablecoins as a national economic strategy.

2. Redemption Mechanism and Activity Restrictions

All authorized payment stablecoin issuers must establish procedures for "timely" redemption of circulating payment stablecoins and publicly disclose their redemption policies. The business activities of PPSIs are strictly limited, typically confined to issuing and redeeming payment stablecoins, managing related reserves, providing custodial and safekeeping services, and other activities directly supporting these functions. The act also prohibits "tying" practices, which condition the provision of services on customers obtaining additional paid products or services from the issuer or any of its subsidiaries, or on customers agreeing not to obtain any paid products or services. Furthermore, stablecoin issuers are explicitly prohibited from offering any form of interest or yield to stablecoin holders. In the event of the issuer's bankruptcy, stablecoin holders have priority over all other creditors regarding their claims against the issuer.

3. Capital, Liquidity, and Risk Management

Federal and state regulators are required to establish capital requirement rules tailored to the business models and risk profiles of payment stablecoin issuers, with a regulatory threshold of $10 billion. Issuers must possess the technical capabilities, policies, and procedures to block, freeze, and refuse illegal transactions and must comply with all applicable court orders. Regulators will also incorporate Bank Secrecy Act and sanctions compliance standards into their risk management requirements. For banks holding stablecoins on their balance sheets, current U.S. banking rules may require them to hold additional capital. The act also outlines a timeline for rulemaking and implementation by regulators: unless otherwise specified, relevant rules must be promulgated by July 2026. The effective date of the act is 18 months after its enactment or 120 days after the primary federal stablecoin regulatory agency issues final implementing regulations, whichever comes first, meaning the latest effective date is January 18, 2027.

4. Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT) and Privacy Requirements

Under the "GENIUS Act," authorized payment stablecoin issuers are designated as "financial institutions" under the Bank Secrecy Act. This means they must comply with strict anti-money laundering (AML), customer identification (KYC), and transaction monitoring requirements. They are also required to submit suspicious activity reports (SARs) to the Financial Crimes Enforcement Network (FinCEN) and comply with sanctions regulations from the Office of Foreign Assets Control (OFAC). In terms of privacy protection, the privacy requirements of the Gramm-Leach-Bliley Act apply to most authorized payment stablecoin issuers.

The comprehensiveness of the U.S. AML/CFT framework, including KYC, transaction monitoring, suspicious activity reporting, and sanctions compliance, will undoubtedly impose significant compliance costs on issuers. This may give companies with robust KYC, risk management, and regulatory change management processes a competitive advantage. This area is also a common point of strictness in both the U.S. and Hong Kong regulatory frameworks.

2.3 Comparative Analysis of Stablecoin Regulatory Frameworks in Hong Kong and the U.S.

2.3.1. Regulatory Philosophy and Strategic Goals

As Hong Kong's stablecoin licensing system is being initially refined, more market participants are beginning to compare it with the regulatory path in the U.S. There are certain differences in legal systems, financial positioning, and strategic goals between the two regions, which not only reflect the differing risk preferences of regulatory agencies but also their distinct strategic considerations regarding the future landscape of digital finance. The following analysis compares regulatory philosophies and strategic goals.

Table 2-1 Comparison of Regulatory Philosophies and Strategic Goals in Hong Kong and the U.S.

2.3.2. Regulatory Structure and Authority

The U.S. stablecoin regulatory system is characterized by a dual-track system, with a complex multi-tiered federal/state structure involving multiple federal banking regulatory agencies, such as the Federal Reserve, OCC, FDIC, and NCUA. Although a Stablecoin Certification Review Committee (SCRC) has been established to facilitate coordination, this multi-headed regulatory model may still lead to regulatory fragmentation.

In stark contrast, Hong Kong adopts a centralized regulatory model, with the Hong Kong Monetary Authority (HKMA) serving as the sole primary prudential regulator. This "one-stop" regulatory approach provides greater clarity and efficiency for market participants. For institutions wishing to enter the market, Hong Kong's centralized regulatory structure offers a clear path and transparent rules, contrasting with the complexity that U.S. issuers may face due to interstate and inter-federal agency interactions, potentially leading to a higher compliance burden.

2.3.3. Reserve Assets and Custodial Requirements

In terms of reserve assets, both the U.S. and Hong Kong adhere to the principle of 1:1 full backing, requiring stablecoins to be supported by high-quality, highly liquid assets. This is a common consensus in global stablecoin regulation.

However, there are significant differences in specific implementation. The U.S. "GENIUS Act" strictly limits the types of eligible reserve assets, primarily to U.S. dollars and short-term U.S. Treasury securities. Additionally, the act mandates that reserve assets must be held by qualified third-party custodians and strictly segregated from the issuer's operating funds. This stringent limitation reflects the U.S. policy consideration of using stablecoins to reinforce the dominance of the dollar and support the U.S. Treasury market. In contrast, while Hong Kong emphasizes the high quality and liquidity of reserve assets, it provides greater flexibility. Although asset segregation is also required, Hong Kong allows issuers to self-custody or entrust management to qualified institutions such as banks. This flexibility aims to balance prudent regulation with market innovation, allowing for a broader range of operational models while still ensuring asset safety.

2.3.4. Retail Investor Access and Consumer Protection

The U.S. "GENIUS Act" aims to establish federal safeguards to protect the interests of stablecoin holders and enhance public confidence in the payment stablecoin market. Its consumer protection measures are reflected in strict requirements for reserve assets, transparent disclosures, and redemption mechanisms. Hong Kong, on the other hand, has adopted a more stringent and detailed investor protection strategy, particularly for retail investors. According to the Stablecoin Ordinance, only stablecoins issued by licensed fiat stablecoin issuers authorized by the HKMA can be sold to retail investors. Furthermore, Hong Kong imposes strict restrictions on the advertising of stablecoins to prevent fraud and misleading statements. This protective strategy is more cautious, aiming to isolate retail investors from the risks associated with stablecoin investments.

2.3.5. Cross-Border Cooperation and Reciprocity Arrangements

In terms of cross-border cooperation, both the U.S. and Hong Kong recognize the importance of international coordination. The U.S. "GENIUS Act" authorizes the Treasury Secretary to establish reciprocity arrangements or other bilateral agreements with foreign jurisdictions that have "comparable" stablecoin regulatory regimes to facilitate international transactions and interoperability with U.S. dollar-denominated stablecoins. In Hong Kong, the HKMA has the authority to assess on a case-by-case basis whether to modify or waive certain minimum standards for applicants that are fully regulated in other jurisdictions. This is not an automatic mutual recognition but is based on prudent case-by-case review. Although both sides are committed to international cooperation, their differing reciprocity mechanisms may create friction in practice or require further bilateral agreements to achieve true seamless cross-border interoperability.

Despite both jurisdictions acknowledging the necessity of cross-border cooperation, the lack of an immediate, automatic mutual recognition framework poses a significant challenge to the global adoption of stablecoins. This means that issuers seeking to operate in both markets will face a dual compliance burden, which may hinder the seamless flow of stablecoins in cross-border trade and payments and limit their full potential. The future success of stablecoins as a global payment rail depends on the practical implementation and breadth of these reciprocity arrangements.

2.3.6. Comparison of AML/CFT Policy Requirements

Table 2-2 Comparison of AML Regulations in Hong Kong and the U.S.

2.4 Stablecoin Regulatory Policies in Other Countries and Regions

2.4.1 Singapore Stablecoin Regulatory Policy

The Monetary Authority of Singapore (MAS) released the "Stablecoin Regulatory Framework" in 2023, but this framework has not yet been legislated. In 2025, MAS plans to conduct public consultations on stablecoin legislation and draft amendments to formalize the "Stablecoin Regulatory Framework." Until the amendments are officially implemented, Singapore will regulate stablecoins under the existing "Payment Services Act" (PSA) and the "Stablecoin Regulatory Framework."

The PSA clarifies the definitions of stablecoins, entry thresholds, reserve assets, and stablecoin redemption, among other regulations. The subsequently released "Stablecoin Regulatory Framework" includes regulations for single-currency stablecoins issued in Singapore that are pegged to the Singapore dollar or G10 currencies, adding regulations regarding stablecoin issuance services to further protect the rights of stablecoin holders and reduce financial risks.

Under the "Stablecoin Regulatory Framework," the regulatory requirements that stablecoin issuers must follow include:

1. Reserve Asset Requirements

• Composition: Cash/equivalents, low-risk bonds (government/central bank or AA-rated international institutions) with a remaining maturity of ≤3 months, ensuring the stability of asset value;
• Valuation: Daily marked to market, with a value ≥100% of the circulating SCS face value, to avoid redemption risks due to insufficient reserves;
• Custody: Segregated accounts must be held at custodians rated A- or above to prevent the misappropriation of reserve assets;
• Audit: Monthly independent audits + annual audits, reducing market trust risks through transparency.

1. Capital Requirements

• Base Capital: ≥1 million SGD or 50% of annual operating expenses (whichever is higher), ensuring the issuer has sufficient financial strength to address operational risks;
• Solvency: Liquid assets ≥50% of annual operating expenses or the amount required for settlement (to be independently verified annually), ensuring orderly redemption even in extreme situations.

1. Anti-Money Laundering Requirements

• Stablecoin issuers and intermediary services must strictly comply with AML/CFT regulations, including customer due diligence (CDD), transaction monitoring, and reporting of large and suspicious transactions.

It is noteworthy that Singapore's "Stablecoin Regulatory Framework" exhibits a "voluntary" characteristic, meaning stablecoin issuers can choose whether to apply to MAS for certification of their stablecoins as "MAS-regulated stablecoins." Those who do not choose this path can continue to operate as "digital payment tokens" under the PSA framework. The amendments that MAS is preparing may still adhere to the previous "voluntary" characteristics of stablecoin regulation, providing flexibility for different stablecoin issuers.

2.4.2 Japan Stablecoin Regulatory Policy

Japan has established a stablecoin regulatory system through the "Payment Services Act" (PSA), characterized by "issuer limitation + reserve transparency + full-process monitoring," emphasizing a balance between compliance and innovation. Its core logic is to incorporate stablecoins into the traditional financial regulatory framework, reducing money laundering risks through measures such as KYC, the travel rule, and asset segregation, while planning to enhance the market competitiveness of its stablecoins by allowing flexible reserve investments (e.g., permitting 50% allocation to government bonds).

According to the amendments effective June 2023, fiat-backed stablecoins are classified as "Electronic Payment Instruments" (EPI) and must comply with strict anti-money laundering (AML) and counter-terrorism financing (CFT) obligations. This system is designed to achieve a balance between compliance, financial stability, and innovative development.

1. Core Requirements for Anti-Money Laundering

• Customer Identity Verification (KYC) and Transaction Record Keeping: Stablecoin issuers and intermediaries (such as exchanges) must verify users' identities, including name, address, identification documents, etc., and record the information of both parties in a transaction. For example, stablecoins issued by money transfer service providers have a transaction limit of 1 million yen per transaction, and KYC verification is required for the recipient.
• Transaction Record Keeping: User information and fund flows must be retained for at least five years.
• Suspicious Transaction Reporting (STR): If abnormal transactions are detected, they must be reported to the Japan Financial Intelligence Center (JAFIC), as failure to do so may result in criminal liability.
• Travel Rule: Starting from June 2023, the circulation of stablecoins across borders or between platforms must include the identity information of both the sender and the recipient to prevent anonymous fund flows.

1. Regulatory Classification of Intermediaries and Businesses

Entities engaged in stablecoin trading, exchange, custody, etc., must register as Electronic Payment Instrument Service Providers (EPISP) with the Financial Services Agency (FSA) and meet capital adequacy, system security, and other requirements. For example, exchanges supporting stablecoin trading must undergo regular reviews by the Japan Virtual Asset Exchange Association (JVCEA).

3. User Asset Protection and Bankruptcy Response

• Domestic Asset Retention Order: If the issuer or exchange goes bankrupt, the FSA can order that user assets be retained within Japan to prevent cross-border transfers. (This mechanism was practically applied during the bankruptcy of FTX's Japanese subsidiary in 2022, ensuring that user assets were not affected by overseas liquidation.)
• Reserve Preservation and Independent Audits: Issuers must fully back stablecoin issuance with demand deposits or highly liquid assets (such as government bonds), and the adequacy of reserves must be verified by a third-party auditing firm quarterly. For example, the first yen stablecoin, JPYC, expected to be approved by the Japanese Financial Services Agency in the fall of 2025, plans to publicly disclose reserve proof monthly and introduce hardware security modules (HSM) to manage private keys.
• International Standards and Cross-Border Cooperation: As a member of the FATF, Japan has fully implemented the "Travel Rule" and is engaged in stablecoin interoperability and cross-border compliance cooperation with South Korea, ASEAN, and the G20 mechanism. This strategy not only strengthens international consistency in AML/CFT but also promotes the compliant application of Japanese stablecoins in the global market.

2.4.3 South Korea's Stablecoin Regulatory Policy

1. Legislative Implementation and Background

The "Virtual Asset User Protection Act" (VAUPA) was promulgated on July 18, 2023, and will officially take effect on July 19, 2024, marking South Korea's first regulatory approach to digital asset platforms through dedicated legislation. The draft "Digital Asset Basic Act," proposed on June 10, 2025, aims to further expand the regulatory scope, including clarifying the stablecoin issuance framework and regulatory standards. This reform stems from the market trust crisis caused by the collapse of Terra-Luna in 2022, with legislative intent to strengthen compliance foundations and risk control systems.

2. Regulatory Agencies and Compliance Requirements

The Korea Financial Intelligence Unit (KoFIU) is responsible for the registration supervision and AML/CFT compliance review of digital asset service providers; the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) oversee market operations, user rights protection, and on-site enforcement.

3. AML/CFT Regulatory Compliance Measures

South Korea implements highly detailed AML/CFT regulations for digital asset service providers. All digital asset service providers must register with KoFIU before conducting business and obtain ISMS (Information Security Management System) certification, as well as open accounts with financial institutions that support real-name bank accounts. If these requirements are not met, KoFIU may reject their registration application, and they cannot conduct any digital asset business before registration. Customer identity verification (KYC) and customer due diligence (CDD) are basic requirements; digital asset service providers must verify identities when users open accounts or when transactions reach 1 million won (approximately $700), and they must enhance due diligence for high-risk users. The Travel Rule has been in effect since March 25, 2022, requiring digital asset service providers to provide the names and wallet addresses of both the sender and recipient when a customer initiates a transfer of 1 million won or more to another digital asset service provider, and to submit identity information, including identification numbers, within three business days upon request from the registering party or authorities. Relevant records must be kept for five years, and violators may face fines of up to 30 million won. Suspicious transaction reporting (STR) and transaction monitoring systems are also mandatory. If abnormal transactions are detected, digital asset service providers must report to KoFIU or FSS.

4. User Asset Protection Mechanisms

Asset Isolation Requirements: Digital asset service providers must keep user assets separate from the platform's own assets to prevent user property risks due to platform bankruptcy.

Bankruptcy Custody and Preservation Mechanisms: If a digital asset service provider goes bankrupt, the FSC/FSS can execute asset retention orders to ensure that user assets remain in South Korea, free from the impact of overseas liquidation.

Reserve Transparency and Audits: Stablecoin issuers must maintain sufficient backing of assets for stablecoin issuance, implement regular audits, and enhance the transparency of reserve asset disclosures.

5. Strategic Trends and International Cooperation

The Bank of Korea will establish a "Digital Asset Task Force" in July 2025 to enhance policy response capabilities and track international trends in stablecoin regulation (such as the U.S. GENIUS Act) in preparation for subsequent legal institutionalization.

Prominent media reports indicate that the government plans to submit a "Phase Two" VAUPA tax proposal in October 2025, including stablecoin issuance, secure custody, and internal control mechanisms, to further improve the regulatory system.

2.4.4 UAE Stablecoin Regulatory Policy

The UAE divides token regulatory responsibilities among the Dubai Virtual Assets Regulatory Authority (VARA), the Abu Dhabi Financial Services Regulatory Authority (FSRA), and the Securities and Commodities Authority (SCA). In 2024, the Central Bank of the UAE issued the "Payment Token Services Regulations" (PTSR), formally regulating stablecoins.

Definition of Stablecoins: The Central Bank of the UAE clearly classifies stablecoins as "payment tokens." Payment tokens are digital assets that maintain stable value by being pegged to fiat currency or another payment token denominated in the same fiat currency.

Stablecoin Issuance: This includes dirham stablecoins and foreign currency stablecoins. Entities issuing dirham stablecoins must obtain a payment token issuance license issued by the Central Bank of the UAE. Key conditions include that the entity must be registered in the UAE under Federal Law No. 2 of 2015 concerning commercial companies; the issued stablecoins must be fully backed by independent reserve assets; and independent audits and financial disclosures must be conducted. Foreign entities issuing stablecoins pegged to currencies other than the UAE dirham must register with the Central Bank of the UAE as foreign payment token issuers. Additionally, foreign currency stablecoins are only allowed for digital asset trading and are not permitted for transactions involving goods and services, nor can they be used for local payments in the UAE.

Stablecoin Custody and Transfer: Obtain permission from the SCA or any local licensing authority to act as a digital asset service provider. Individuals providing custody services for digital assets can apply for a no-objection registration to execute the custody and transfer of stablecoins. Any other parties seeking to execute the custody and transfer of payment tokens must obtain a license from the Central Bank for stablecoin custody and transfer.

Licensed stablecoin service providers must meet the following requirements when conducting stablecoin custody and transfer or stablecoin exchange services:

If the average monthly value of stablecoin transfers initiated, facilitated, executed, guided, or received by the service provider as part of stablecoin services reaches 10 million dirhams or more, they must hold at least 3 million dirhams in regulatory capital;

If the average monthly value of payment token transfers initiated, facilitated, executed, guided, or received by the service provider as part of stablecoin services is less than 10 million dirhams, they must hold at least 1.5 million dirhams in regulatory capital.

Additionally, it should be noted that the "Payment Token Services Regulations" apply to individuals or legal entities providing "payment token services" in the UAE, but do not include financial free zones such as the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM). Currently, the Dubai Financial Services Authority (DFSA) has approved the use of USDC, EURC, and RLUSD in the Dubai International Financial Centre.

2.5 Chapter Summary

In summary, this chapter reveals the current international stablecoin regulatory differences and convergence trends in concepts, goals, and institutional design through a systematic comparison of the stablecoin regulatory frameworks in Hong Kong and the U.S., as well as a review of policies from other countries and regions (such as Singapore, Japan, South Korea, and the UAE).

First, in terms of regulatory philosophy and strategic goals, Hong Kong primarily emphasizes financial stability and systemic risk prevention as its primary objectives, highlighting licensing systems, reserve transparency, and comprehensive AML/CFT controls, reflecting a "risk-first" prudent model; the U.S., on the other hand, has recently attempted to establish a federal-level stablecoin regulatory framework through the "GENIUS Act" based on the horizontal application of the BSA, primarily aimed at safeguarding the core position of the dollar in the global payment system while gradually strengthening prudential requirements for issuers. Singapore's regulation of stablecoins reflects a balance between "encouraging innovation" and "risk prevention"; Japan's regulation is closer to the logic of traditional financial licenses, with banks and trust institutions as issuers; South Korea tends to focus on investor protection, emphasizing the compliance responsibilities of exchanges and issuers; the UAE adopts a "regulatory sandbox + segmented regulation" model, demonstrating strong institutional flexibility and a preference for attracting foreign investment.

Second, in terms of regulatory tools and institutional arrangements, Hong Kong has clearer definitions of the scope of stablecoins, requiring them to be pegged to fiat currencies and establishing stricter regulations regarding reserve asset custody, consumer redemption guarantees, and cross-border cooperation; the U.S. places more emphasis on functional orientation, particularly in AML/CFT (such as the Travel Rule, SAR/CTR reporting) and consumer protection, forming a multi-layered, multi-agency parallel regulatory policy. Other countries such as Singapore, Japan, and South Korea have also introduced AML/CFT obligations and investor protection measures within their regulatory frameworks, but the focus and openness of each country vary.

Based on the above analysis, the current regulatory paths for stablecoins in various countries and regions mainly reflect three types: the first type, represented by Hong Kong and Japan, emphasizes ex-ante regulation and financial stability; the second type, represented by the U.S., emphasizes a functional orientation, seeking a balance between compliance and market development; the third type, represented by Singapore and the UAE, is more flexible in regulation, promoting innovation through pilot programs and regulatory sandboxes. As stablecoins gradually embed themselves in cross-border payments and financial market infrastructure, there is a potential for gradual convergence among different jurisdictions in mechanisms for AML/CFT cooperation, reserve transparency, and cross-border mutual recognition.

Chapter 3 Financial Security Risks Faced by Stablecoins

3.1 Characteristics of Stablecoin Risks

Stablecoins, due to their anonymity, rapid cross-border transactions, and the complexity of regulatory environments, have been exploited by criminals in various scenarios, posing new challenges to financial order stability and social security. Their risk characteristics are mainly reflected in the following aspects:

1. Anonymity and Tracking Difficulties

Criminals exploit the anonymous addresses and complex transaction behaviors of stablecoins, increasing the difficulty of tracking. By splitting transactions, using mixing services (such as Tornado Cash), and transferring funds across blockchain bridges, they create complex paths of fund flow, making it difficult for regulatory agencies to trace the source and destination of funds. This technical characteristic provides a natural cover for illegal activities such as money laundering and terrorist financing.

2. Risks of Algorithmic Stablecoins

Algorithmic stablecoins maintain price stability through smart contracts that dynamically adjust supply and demand (minting/burning mechanisms), but under extreme market pressure, this mechanism may fail, leading to severe price fluctuations or even de-pegging, triggering market and social risks. For example, the "UST collapse incident": The algorithmic stablecoin TerraUSD (UST) issued by the Terra ecosystem lost its 1:1 peg to the dollar due to market panic and massive withdrawals. The price of UST plummeted from $1 to $0.05 in a short time, causing the price of LUNA tokens to crash, with a market value evaporating by over $50 billion. This incident exposed the vulnerabilities of algorithmic stablecoins under structural defects, prompting global regulators to strengthen oversight of stablecoins.

3. Smart Contract Vulnerabilities

If there are defects in the smart contract code or if malicious backdoors are implanted, it may lead to theft of funds or malicious manipulation. Common vulnerabilities include insufficient input validation, calculation errors, and lack of access control.

4. Functional Deficiencies of Smart Contracts

Some stablecoin projects lack necessary control capabilities in their functional design, such as freezing functions and transaction limits, making it impossible to take timely action when suspicious transactions are detected.

5. Abuse of Privacy-Enhancing Technologies

Privacy technologies such as zero-knowledge proofs (ZKP) can enhance transaction confidentiality but may also be used to completely anonymize transaction details, increasing tracking difficulties. Criminals use such technologies to hide transaction paths, creating a "technical black box" that makes it difficult for regulatory agencies to obtain effective information, resulting in compliance blind spots.

6. Regulatory Arbitrage and Cross-Border Regulatory Risks

Stablecoin issuers often choose to register in regions with lax regulations, evading scrutiny through structural design and reducing operational costs. This regulatory arbitrage behavior may lead to ineffective local regulation, creating a transnational regulatory vacuum, posing significant challenges to international anti-money laundering (AML) and counter-terrorism financing (CTF) cooperation.

7. Classification of Risk Activities

From the perspective of the social harm of events involving stablecoins, the risk activities associated with stablecoins mainly include:

Illegal Activities: Such as terrorist financing, human trafficking, drug trafficking, ransomware, fraud, identity theft, and impersonation scams.

Suspicious Activities: Such as dark web markets, unlicensed gambling, and the use of mixing services.

3.2 Risks of Illegal Activities

3.2.1 Terrorist Financing

On April 3, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced that it had added eight Tron wallet addresses associated with the Houthi movement in Yemen to the Specially Designated Nationals and Blocked Persons (SDN) list, accusing these addresses of participating in illegal financial activities using Tether (USDT).

According to the Treasury, this illegal financial network is controlled by Sa'id al-Jamal, a senior financial officer of the Houthi movement based in Iran. He has been designated as a global terrorist since 2021, and the network he leads involves procuring sensitive goods such as Russian weapons and stolen grain from Ukraine, transporting these materials to areas controlled by the Houthis.

On June 15, 2025, Tether, the issuer of USDT, froze 12.3 million USDT directly targeting the Houthi wallet addresses.

The Houthi case illustrates that digital assets have become an important tool for criminal activities such as terrorist financing and arms trading. Their anonymity, rapid settlement, and cross-chain characteristics provide criminals with loopholes to evade sanctions.

Figure 3-1 Schematic of Fund Flow in Terrorist Financing

3.2.2 Human Trafficking and Drug Trafficking

At the beginning of 2025, we provided information, data, and analytical support for a report by the United Nations Office on Drugs and Crime (UNODC) titled "Inflection Point: The Global Impact of Scam Centers, Underground Banking, and Illicit Online Marketplaces in Southeast Asia." The report pointed out that the development of transnational organized crime in Southeast Asia is accelerating faster than at any time in history.

This is first reflected in the data related to synthetic drug production, with the supply of methamphetamine in Myanmar's Shan State increasing to record levels over the past decade. At the same time, the number of industrial-scale online fraud and scam centers driven by complex transnational groups, money launderers, human traffickers, data brokers, and an increasing number of other professional service providers and accomplices has surged.

Asian criminal groups have become authoritative market leaders in global online fraud, money laundering, and underground banking, actively strengthening cooperation with other major criminal networks worldwide. Emerging illegal online markets in Southeast Asia further exacerbate this situation, significantly expanding sources of criminal income and allowing the scale of transnational organized crime to grow. The emergence of these platforms not only creates new opportunities for expanding operational bases overseas but is increasingly used by criminal groups outside Southeast Asia to launder money and evade formal financial systems. The aforementioned online fraud and other cybercrime activities are closely related to forced human trafficking crimes. Meanwhile, major criminal groups collude with each other, often infiltrating casinos, special economic zones, business parks, and various traditional financial and digital financial services, which have proven to provide all the conditions, infrastructure, and regulatory, legal, and financial guarantees necessary for sustained growth and expansion.

In this context, many criminal groups that have developed to a considerable scale within Southeast Asia and continue to expand in other parts of the world are rapidly diversifying their business scope into multiple key infrastructure areas. This far exceeds the construction and management of physical fraud centers, encompassing online gambling platforms and software services, illegal payment platforms and digital asset exchanges, encrypted communication platforms, as well as stablecoins, blockchain networks, and illegal online markets, which are often controlled by the same criminal networks. These organizations have also developed a powerful multilingual workforce composed of hundreds of thousands of human trafficking victims and accomplices.

These developments have rapidly expanded the victim scope of Asian criminal groups globally, exacerbating the existing challenges faced by law enforcement agencies.

Figure 3-2 Situation Map of Scam Centers and Human Trafficking in the Mekong River Basin from the Report

Figure 3-3 Distribution Map of Human Trafficking Victim Sources from the Report

Report Access Link: Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia

3.2.3 Ransomware Attacks

Attackers encrypt victims' device data and demand ransom payments in digital assets such as BTC to restore access. Due to their anonymity, convenience for cross-border payments, and irreversibility of transactions, stablecoins are often used by ransomware groups in money laundering operations after receiving ransoms.

Risk Case: On March 7, 2025, the U.S. Department of Justice (DOJ) took joint action with German and Finnish authorities to seize the Russian digital asset exchange Garantex, which had been investigated multiple times for allegedly helping ransomware groups launder money. It is said to have deep connections with the global cybercrime economy, with the now-dismantled ransomware group Conti relying on Garantex for money laundering. The exchange helped ransomware groups launder the digital assets obtained from ransoms, allowing them to convert Bitcoin into USDT and other crypto stablecoins before transferring them to other exchanges for conversion into fiat currencies like the dollar.

3.2.4 Fraud and Identity Theft

Identity theft and fraud are among the most serious cybercrimes. They can have long-term, devastating, and even irreversible consequences for affected individuals, groups, and companies. In recent years, stablecoins have increasingly appeared in related scenarios due to their widespread acceptance and rapid transaction characteristics, such as the sale of hacking tools, illegal rental of personal accounts, illegal sale of personal information, payments by fraud victims, and payments by extortion victims.

Risk Cases:

1. Fraudulent Activities Using Stablecoins: With the implementation of the "Stablecoin Regulation" in Hong Kong, the concept of "stablecoins" has gained significant attention. However, as the market becomes euphoric, illegal activities exploiting "stablecoins" have also begun to emerge.

For example, since July 2025, financial management departments and industry self-regulatory organizations in multiple regions, including Zhejiang, Shenzhen, Beijing, Suzhou, Chongqing, Ningxia, and Henan, have issued risk warning announcements, emphasizing and reminding that "stablecoins" are being exploited by criminals, and their potential risks warrant high vigilance. Hong Kong regulatory authorities have also issued multiple warnings, reminding the public to be cautious of scams using the concept of stablecoins. Additionally, authoritative media such as the Economic Daily have focused on reporting the risks associated with stablecoins.

Recently, several scams claiming to be "JD Stablecoin" have emerged. They boast of "state-owned background," "guaranteed profits," and "backed by Dong Ge," with some even sharing "profit screenshots" urging people to "get on board" quickly. JD.com has issued two statements clarifying that the so-called "JD Stablecoin" has not been issued at all, and all related investment information in the market is a scam.

Figure 3-4 Fake JD Stablecoin

2. Fraudulent Activities Using Stablecoins as a Channel: On June 26, 2025, a wealth management platform called "Xinkangjia," claiming to be backed by the "Dubai Gold Exchange (DGCX)" and promising "daily interest of 1%," collapsed. The platform had companies in multiple locations across the country (Guizhou, Suzhou, Chongqing, Sichuan, Xiangtan, Shenzhen, etc.), with the amount involved reaching hundreds of billions, affecting approximately 2 million investors.

The DGCX Xin Kang Jia platform participates in projects and funds settlement through the digital asset USDT. The platform requires an invitation code for registration, which is almost exclusively spread within familiar circles. Participants must pay a minimum entry fee of 1000 USDT, and users need to purchase USDT for recharge themselves. However, due to the difficulty of the operation and the complexity of the steps, most newcomers will directly exchange U for RMB and transfer it to their superiors. The USDT deposited by users goes directly into a private wallet controlled by the platform.

3. Personal Identity Information Theft: In March 2025, the incident of a "13-year-old girl participating in 'unboxing' online bullying against a pregnant woman" quickly became a focus of online discussion, bringing the term "unboxing" into the spotlight and exposing a corner of the black and gray industrial chain of citizen information leakage. On the overseas instant messaging software Telegram, accounts providing unboxing services listed over 50 items of user privacy information, including ID card information, household registration, marriage records, exit and entry records, delivery addresses, and asset flow under their name, which could be obtained as long as users recharge a sufficient amount.

From the perspective of the leakage paths of personal information, identity information theft has formed a gray industrial chain. In this chain, there are groups and individuals specifically engaged in collecting and leaking personal information, intermediaries who purchase personal information data from leaking sources, and individuals and groups who buy personal information from intermediaries to commit various crimes. The transaction payment links between them involve not only WeChat and Alipay but also digital assets like USDT. If one needs to inquire about the phone number, address, and educational background of the person being "unboxed," the price ranges from "dozens of U" to "hundreds of U" per item.

According to monitoring by Beosin's Alert platform, there are currently at least hundreds of public groups on Telegram involved in the buying and selling of personal data, most of which conduct payments through USDT. These public group businesses include loans, insurance and other financial data, hacked government or corporate data, and the buying and selling of personal privacy data related to unboxing.

3.2.5 Impersonation Fraud Attacks

Criminals frequently engage in phishing attacks by impersonating the official websites or applications of digital asset financial institutions, causing users to suffer losses due to their inability to distinguish between real and fake.

Risk Case:

Hubei Ezhou "OURBIT" Platform Fraud Case: A fraud gang established the "OURBIT Digital Asset Trading Platform," claiming to be "registered in Singapore" and "holding financial licenses from the U.S. and the U.K." They launched gimmicks such as "new profit-taking and stop-loss" and "zero slippage trading," forged trading K-line charts based on Bitcoin market prices, and fabricated the illusion of trading nine types of digital assets, creating a professional and compliant platform image to attract investors. The platform used USDT for deposits and withdrawals, with the amount involved reaching 460 million yuan.

Zhejiang Wenzhou Imitation Digital Asset Wallet Theft Case: Mr. Zhuo was lured by "Lulu," who impersonated a digital asset wallet promoter, to scan a QR code and install a malicious imitation digital asset wallet software. This software stole his wallet mnemonic through a backdoor program, directly stealing all digital assets (including stablecoins like USDT).

3.3 Suspicious Activity Risks

3.3.1 Dark Web Markets

Due to their anonymity, convenience, and global circulation characteristics, stablecoins have become one of the commonly used currencies in dark web transactions. In dark web trading, buyers and sellers can make anonymous payments through USDT, bypassing the supervision of traditional financial institutions. This has led to the widespread use of USDT in dark web transactions and facilitated the development of dark web trading. Some dark web platforms have accepted stablecoins as a means of payment for illegal goods (such as user data, drugs, etc.).

Figure 3-5 A Dark Web Platform

3.3.2 Guarantee Platforms

The black and gray industries in Southeast Asia have formed a new criminal infrastructure centered around stablecoins like USDT. Criminal groups provide instant settlement services for online fraud, cross-border gambling, and other crimes through decentralized channels such as stablecoins and Telegram groups, even forming a closed-loop ecosystem of funds pooling, guarantees, and exchanges. Guarantee platforms, as an emerging money laundering channel, have rapidly developed in recent years, with both user scale and fund scale growing exponentially. Data shows that from 2021 to 2025, the number of users on various guarantee platforms exceeded 460,000, and the fund flow on these platforms surpassed 10.9 billion USDT (approximately 79.4 billion yuan). Among them, by April 25, 2025, the number of users on guarantee platforms exceeded 110,000, and the fund flow exceeded 2.7 billion USDT (approximately 19.6 billion yuan).

Table 3-1 Overview of Some Guarantee Platforms

1. Huione Guarantee Case Introduction

"Huione Guarantee" was established in 2021 as an online guarantee platform based on Telegram and is the most well-known and largest market serving the online black and gray industries on Telegram, later renamed "Haowang Guarantee."

Haowang Guarantee publicly claims to only provide a guarantee platform for facilitating transactions, but in reality, it has long provided assistance for money laundering, fraud, and other transnational criminal activities in Southeast Asia. Platform merchants openly sell fraud technical tools, human trafficking-related tools, citizen privacy data, and USDT-based money laundering services, with a total transaction amount reaching at least 27 billion USD.

As of the end of April 2025, Beosin found that Haowang Guarantee had over 290,000 users, with more than 6,000 merchants providing services, covering 12 major business categories and over 70 subcategories, with a cumulative total of over 500,000 related on-chain address tags.

2. Haowang and Other Guarantee Platforms Being Targeted

On July 13, 2024, Tether, the issuer of USDT, announced the freezing of approximately 29.62 million USDT assets in addresses related to the Huione platform, accusing the platform of assisting in money laundering activities by collecting funds from hacker incidents involving institutions like DMM Exchange and Poloniex.

In early 2025, Apple and Google removed the app developed by Huione Group from their stores;

In January 2025, the National Bank of Cambodia revoked the operating license of "Huione Payment," marking its illegality in the region;

On May 1, 2025, the U.S. Department of the Treasury's Financial Crimes Enforcement Network announced that it had designated Huione Group as a "foreign financial institution of primary money laundering concern," intending to include it in the list of institutions with "significant money laundering issues" under the "Section 311" provision;

On May 13, 2025, thousands of channels, merchant accounts, and groups related to Haowang Guarantee and Xinbi Guarantee that were associated with crypto fraud were banned en masse by Telegram, after which "Haowang Guarantee" announced the cessation of operations.

According to monitoring by Beosin's Alert platform, after Haowang and other guarantee platforms ceased operations, a large number of black and gray industry entities related to digital assets quickly shifted to other guarantee platforms' public groups to continue operations. Since 2024, a new batch of second-tier guarantee platforms has emerged, such as Xinbi Guarantee, Potato Guarantee, and Shengfeng Guarantee, which have launched more differentiated guarantee transaction public group services. Notably, there are also hundreds of small and medium guarantee platforms that operated briefly, providing transaction guarantee services for illegal trades with greater social harm, such as drugs, human trafficking, smuggling, and more.

3.3.3 Typical Money Laundering Business Cases

Taking the current frequent occurrence of "cash/gold/physical goods + return to U" type money laundering crimes in various parts of mainland China as an example. In past telecom network fraud cases, the money defrauded from victims was generally transferred to the fraudsters through bank cards, third-party payments, and other means. As Chinese public security agencies have intensified their crackdown on telecom network fraud, it has become increasingly difficult for fraudsters to transfer funds related to fraud through traditional means, prompting them to abandon traditional methods of fund transfer and revert to the most primitive method—cash collection in person.

After deceiving victims out of their funds through persuasive language, fraudsters often use phrases like "cash recharge has high timeliness and strong transaction security" or "online recharge channels are temporarily maintained" to lure victims into handing cash directly to the "U merchants" who come to their door. In reality, these so-called "U merchants" are often "runners" carefully arranged by the fraud gang, whose core function is to quickly complete offline cash collection, achieving efficient transfer of fraud-related funds.

In specific operations, criminals recruit "door-to-door cash collection teams" through guarantee public groups on the Telegram platform, subsequently luring victims to hand cash to the "coin merchants" (who are actually cash collection runners) who come to their door. The team directs the runners to collect cash from victims at the agreed time, and once the cash is collected, it is immediately converted into USDT and transferred to an on-chain address designated by the upstream criminal group, forming a complete criminal chain of "overseas fraud - domestic cash collection - digital asset money laundering."

Currently, the items and methods for cash collection have also gradually upgraded. In addition to cash, the items defrauded in "door-to-door cash collection" have been upgraded to include gold, jewelry, luxury goods, electronic products, and more, with the targets for "cash collection" becoming more diverse and harder to trace. In addition to direct door-to-door transactions, fraudsters may also arrange to meet victims for transactions in some hidden and remote locations, or even have victims transfer fraud-related funds through express delivery, ride-hailing, or flash delivery, making it even more concealed and increasing the challenges for case investigations.

Risk Case:

On August 19, 2025, the Maldives Police Service issued a notice warning the public about a new type of scam emerging within the country. This scam is typically carried out by unidentified third-party intermediaries. The fraudsters contact both USDT sellers and Chinese citizens holding cash, arranging for offline transactions between the two. The Chinese citizens pay cash on the spot, while the sellers transfer USDT to the wallet address provided by the fraudsters. After the transaction is completed, the scammers disappear, and neither party receives the expected return, with the funds being taken by the intermediary, leading to mutual misunderstandings and difficulties in accountability. This scam specifically targets foreigners, especially Chinese citizens.

In August 2025, the Public Security Bureau of Southern Sichuan successfully dismantled a money laundering gang impersonating U merchants. On August 5, a resident named Jing reported to the police that he had been defrauded of 80,000 yuan while the other party collected cash offline in two transactions outside a local tea house. After investigation, the special task force identified the suspect's vehicle and suspects, discovering that they had fled to Nanchong, Suining, Chengdu, and other places on August 6. That night, police arrested four suspects in Chongzhou and seized 225,000 yuan in funds and two vehicles used in the crime. It was found that this gang had been impersonating U merchants to collect cash in multiple locations, and the case is under further investigation.

According to monitoring data from Beosin-AML, there are long-term high-frequency operations of "money laundering teams" in all 34 provinces and municipalities in mainland China, with an average single order amount exceeding 100,000 yuan, and in some high-incidence provinces, the daily order volume can reach dozens. The scale and specialization of such criminal activities have drawn significant attention and proactive responses from public security departments. According to related reports, regions such as Beijing-Tianjin-Hebei, the Yangtze River Delta, and the Pearl River Delta are continuously optimizing the prevention and warning system for telecom network fraud crimes through a combination of crackdown and prevention, forcefully intercepting and combating the "offline cash collection" link, establishing a rapid interception and strike mechanism for fraud-related cash collection clues, and deeply investigating and combating "cash collection runners" and the organizational chains behind them, initially forming a full-chain governance model of "monitoring - warning - striking."

3.3.4 Unlicensed Online Gambling Services

Unlicensed gambling platforms utilize stablecoins for rapid and anonymous fund settlement. Online gambling platforms (especially illegal ones operating across borders) are "heavy users" of stablecoins. These platforms typically do not accept direct deposits in fiat currency (to avoid bank regulation) but require users to convert fiat into stablecoins and transfer them to designated addresses on the platform. Betting funds are settled and withdrawn entirely in stablecoins. By circumventing traditional financial regulations, the cross-border nature of stablecoins makes them the preferred payment method for such platforms. Once stablecoins enter the gambling platform's fund pool, they may mix with funds from fraud, extortion, theft, etc., further contaminating and spreading through user withdrawal operations, posing serious harm to financial regulation and crime prevention.

Numerous online gambling platforms serving Chinese citizens allow gamblers to use stablecoins for deposits and withdrawals. According to monitoring by Beosin's Alert platform, in 2024, the transaction volume of online gambling platforms exceeded 38 billion USD, with a significant proportion involving stablecoins.

1. Common Types of Online Gambling Involving Stablecoins

Traditional online gambling with digital asset deposits/withdrawals: In this type of online gambling, platforms usually offer multiple deposit and withdrawal methods, such as bank cards, third-party payment platforms, fourth-party payment platforms, and digital assets like USDT stablecoins. Gamblers can choose to deposit and withdraw directly using USDT.

New blockchain hash gambling: This is a very popular form of gambling involving digital assets. In this type of gambling, a unique blockchain hash value is generated during the transfer of digital assets. The gambling outcome is determined based on the last few digits of the blockchain hash value generated from the digital asset transfer, whether the number is odd or even, the sum of the digits, and combinations of numbers and letters. The platform uses smart contracts to determine the outcome and return winnings in real-time, allowing for quick transactions without the need for user registration, with the casino's fund pool being verifiable in real-time.

2. Risk Cases Involving Stablecoins in Reports

400 Million USDT Online Gambling Money Laundering Case: According to police allegations, a programmer living abroad helped multiple gambling platforms complete a total of over 400 million USDT in betting settlements over the past two years, equivalent to about 2.7 billion yuan; he personally profited illegally by over 900,000 USDT, approximately 6 million yuan. The programmer was accused of providing digital asset payment settlement services for several overseas gambling websites, suspected of constituting the crime of operating a casino.

3.3.5 Mixers and Cross-Chain/Exchange Platforms Being Maliciously Used

Stablecoins have long been a primary circulating asset within financial tools such as mixers, cross-chain bridges, exchange pools, and privacy wallets. Stablecoin holders utilize their stability to reduce transaction value volatility risks. However, these financial tools are often maliciously exploited by criminals as tools to sever digital asset transaction links and obscure the sources and destinations of funds, rendering transaction records on the blockchain untraceable. Their main use cases include laundering funds from online crimes and facilitating the flow of funds to evade sanctions.

Online crime fund laundering: Funds involved in theft, robbery, and hacking attacks are processed through mixers in multiple layers before being exchanged for stablecoins and liquidated in segments, leveraging the wide acceptance of stablecoins to quickly convert them into fiat or other assets.

Evading sanctions fund flow: Entities or individuals under international sanctions process funds through mixers or privacy wallets to bypass the restrictions of traditional financial systems, enabling cross-border fund movement.

Table 3-2 Overview of Typical Mixers and Exchange Cross-Chain Platforms

1. Tornado Cash Used by Criminals for Money Laundering Case

Ronin Bridge Hacking Incident: In March 2022, attackers associated with the North Korean hacking organization Lazarus Group exploited a vulnerability in the Ronin Bridge under Axie Infinity, stealing 173,600 ETH and 25.5 million USDC, with a total value of up to 625 million USD at the time. Subsequently, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) clearly stated in its sanctions report that the hackers used Tornado Cash to launder part of the stolen funds, mixing the stolen ETH through Tornado Cash before transferring it to other addresses for exchange or transfer, laundering over 455 million USD in digital assets stolen from the Ronin Bridge.

Xin Kang Jia Investment Fraud Case: The project used stablecoins for deposits and withdrawals, rapidly transferring funds across borders when it fled, involving an amount of about 13 billion yuan, with approximately 2 million investors. In just 48 hours before the collapse, the project team used a mixer (Tornado Cash) to quickly transfer about 1.8 billion USDT to overseas accounts.

2. THORChain and LI.FI Used by Criminals for Money Laundering Cases

Bybit Theft Incident: On the evening of February 21, 2025, the ETH cold wallet of the digital asset trading platform Bybit was hacked, with stolen assets valued at nearly 1.5 billion USD. First, the hackers continuously split the stolen funds and transferred them to multiple other addresses under their control. Subsequently, the hackers exchanged USDT and ETH for BTC through exchange and cross-chain operations using Chainflip, ChangeNow, Thorchain, LI.FI, DLN, etc., further transferring and concealing the flow of funds. Among them, cross-chain platforms like Thorchain and MayaSwap became the main channels for transferring the stolen funds from Bybit. Finally, the hackers further obscured the fund path by mixing the exchanged BTC through a mixer, laundering the stolen funds.

Figure 3-6 Analysis of Hacker Stolen Fund Flow

3. Exchange Platforms Used by Criminals for Money Laundering Cases

On October 16, 2024, Radiant Capital experienced a security vulnerability, resulting in a loss of approximately 50 million USD. The hackers used mixers and cross-chain bridges to transfer funds, severing the traceability of the funds. Recently, the hacker group sold 2,496 ETH at a price of 4,741 USD each, exchanging for approximately 11.83 million USD in DAI.

3.4 Chapter Summary

Currently, global law enforcement agencies have established a multi-layered response system to address risks associated with stablecoins, forming a comprehensive regulatory network through technical tracking (such as blockchain analysis tools), judicial cooperation (such as cross-border asset freezing), and policy regulations (such as Hong Kong's "Stablecoin Regulation").

According to monitoring by Beosin's Alert platform, as of August 24, 2025, the total circulating supply of USDT was approximately 167.1 billion, with over 2.505 billion USDT frozen on Ethereum, TRON, Arbitrum, and Avalanche chains, accounting for 1.49%; the total circulating supply of USDC was approximately 67.5 billion, with over 108 million USDC frozen on Ethereum, TRON, POLYGON, and Arbitrum chains, accounting for 0.16%.

Although the scale of funds used in illegal activities involving stablecoins has raised concerns, their proportion in the total transaction volume remains relatively limited. We believe that as anti-money laundering standards are upgraded (such as the implementation of FATF travel rules and the mandatory freezing function of smart contracts), the risk exposure is gradually narrowing.

As the world's first jurisdiction to establish a regulatory framework for stablecoin issuers, Hong Kong has formed a risk prevention and control system covering the entire process of issuance, circulation, and redemption, relying on a "100% collateral + statutory audit + real-time monitoring" three-in-one mechanism, combined with on-chain tracking technology provided by institutions like Beosin. Based on mature financial infrastructure and cross-border cooperation networks, Hong Kong has sufficient capability to ensure financial innovation while establishing its stablecoin projects as global compliance benchmarks.

Chapter Four: Anti-Money Laundering Technical Solutions for Stablecoins in Hong Kong

4.1 Overall Technical Solutions for Stablecoin Regulation and Key Technology Introduction

In the Web 3 ecosystem, stablecoins serve as a key hub connecting traditional finance and the digital economy. Throughout their lifecycle, from issuance preparation, transaction circulation, operational monitoring, to asset redemption, various stages face security and compliance risks. This solution builds a security protection system covering the entire lifecycle of stablecoins, focusing on three core dimensions: source prevention, dynamic monitoring, and precise governance, providing a comprehensive security solution for stablecoins:

Figure 4-1 Beosin's "One-Stop" Stablecoin Security and Compliance Technical Solution

Based on the overall technical solution for stablecoin regulation and the regulatory requirements in Hong Kong's "Stablecoin Regulation" and "Guidelines for Combating Money Laundering and Terrorist Financing," a targeted stablecoin regulatory solution based on a whitelist of stablecoin smart contracts has been proposed. The main features of this solution are as follows:

1. Whitelist to achieve a closed-loop ecosystem for stablecoin fund circulation

2. KYT/KYA to achieve real-time risk assessment of stablecoin transactions and wallet addresses

3. Contract operation monitoring to achieve real-time monitoring of stablecoin issuance, destruction, freezing, and other operations

4. Situation analysis to monitor transaction risks of stablecoins and analyze asset distribution

5. TransTracer to trace and source risky funds

6. Issuers and financial institutions to confirm customer identity information in accordance with the Travel Rule

Figure 4-2 Regulatory Technical Solution Based on the "Hong Kong Stablecoin Regulation"

The stablecoin regulatory technical solution involves the following key technologies:

1. KYC

KYC ("Know Your Customer") is a core process executed by financial institutions, payment platforms, digital asset exchanges, online lending companies, and other entities that handle funds or sensitive business to comply with anti-money laundering (AML), counter-terrorist financing (CFT), and other regulatory requirements. Its essence is to confirm the authenticity of customer identities by collecting and verifying customer identity information (such as ID cards, passports, proof of address, etc.), understanding the source of customer funds and the purpose of their business, and assessing customer risk levels, thereby eliminating the possibility of identity fraud or using the platform for money laundering, fraud, or terrorist financing activities, ultimately ensuring the compliance operation of the institution while maintaining the security of the financial system and business ecosystem.

2. KYT

KYT ("Know Your Transaction") is a real-time monitoring and risk screening process implemented by financial institutions, payment platforms, digital asset exchanges, and other entities based on the completion of KYC ("Know Your Customer"). It aims to further prevent illegal financial activities such as money laundering, terrorist financing, and fraud. Its core involves systematically tracking key information for each transaction in real-time— including transaction amount, transaction frequency, fund flow direction, the identity and region of counterparties, and whether the transaction patterns align with the customer's historical behavior. This information is then compared against anti-money laundering (AML) and counter-terrorist financing (CFT) risk lists (such as international sanctions lists, high-risk country/region lists, and suspicious transaction pattern databases). If any abnormal transactions are detected (such as sudden large fund transfers, frequent transactions with high-risk region accounts, or transaction patterns that severely deviate from the customer's identity background), alerts are triggered, and subsequent verification and reporting processes are initiated, thereby blocking illegal fund flows at the transaction stage and adding a "real-time protective net" to the financial system's security.

3. KYA

In the digital asset context, KYA focuses on "Know Your Address" and extends to "digital asset address risk assessment." Essentially, it involves on-chain risk screening, tracing, and grading processes conducted by digital asset trading platforms, wallet service providers, and on-chain compliance institutions regarding the blockchain addresses used by users (such as BTC, ETH, USDT, etc.). It is a core component of the anti-money laundering (AML), counter-terrorism financing (CFT), and anti-fraud compliance systems for digital assets, and serves as an on-chain extension of traditional KYC identity verification—after all, while blockchain addresses are highly anonymous, on-chain transaction records are publicly traceable, and address risk is directly related to the legality of funds. The core assessment logic revolves around three major dimensions of on-chain addresses: "historical behavior, relational connections, and compliance attributes," specifically including:

(1) Address historical transaction risk: By using on-chain explorers or compliance tools to trace the transaction history of an address, it assesses whether there are high-risk behaviors— for example, whether it has received/sent "hacker proceeds" (such as funds flowing from known stolen wallet addresses), "dark web funds" (interacting with addresses of dark web trading platforms), "mixed funds" (using mixers to split/confuse the source of funds to evade tracking), or frequently engaged in typical money laundering transaction patterns like "small aggregate - large outflow" or "cross-chain rapid transfers."

(2) Address associated entity risk: It checks whether the address is linked to "high-risk entities"— for instance, whether it belongs to individuals/organizations sanctioned by regulatory bodies worldwide (such as FATF, OFAC), addresses of publicly listed illegal exchanges, pyramid scheme/fraud fund pool addresses, or addresses that have financial transactions with known money laundering groups or terrorist financing networks.

(3) Address compliance attribute risk: It evaluates the "transparency" and "compliance record" of the address— for example, whether it is an "anonymous address" (never linked to a compliant platform with real-name information, used solely for anonymous transactions), a "dormant address" (suddenly activated with a large amount after a long period of inactivity, suspected of evading monitoring), or has been marked as a "risky address" by security agencies due to involvement in illegal transactions.

The core purposes of such assessments are twofold: first, from a compliance perspective, to meet regulatory requirements for the digital asset industry in various countries (such as FATF's "travel rule" requiring tracking of on-chain fund flows to ensure traceability), avoiding regulatory penalties or license revocation risks for platforms handling funds from high-risk addresses; second, from a risk prevention perspective, to protect the funds of the platform and legitimate users— for example, if a user's deposit address is assessed as "high-risk," the platform can trigger alerts, requiring the user to explain the source of funds, or restrict deposit and withdrawal operations for that address to prevent illegal funds from entering the platform, or to avoid users freezing funds due to mistakenly transferring to a stolen funds address.

4. Travel Rule

The Travel Rule is a key compliance framework established by the Financial Action Task Force (FATF), the core international organization for anti-money laundering and counter-terrorist financing. Its essence is to prevent money laundering, terrorist financing, and proliferation financing by proposing cross-institutional identity information transmission requirements for "funds or value transfer services" (covering both traditional finance and digital asset sectors). When the amount of funds or digital assets transferred reaches or exceeds the threshold set by FATF (typically 1,000 euros/dollars in traditional finance, with the digital asset sector referencing this standard), the sending institution (such as banks, payment institutions, digital asset exchanges) must proactively provide "complete identity information of the sender and receiver" (including name/institution name, account/blockchain address, residential/registered address, contact information, etc.) to the receiving institution. The receiving institution must verify the authenticity of the information, properly maintain records, and cooperate with regulatory authorities during inspections. Essentially, it aims to break the "identity anonymity" in the transfer of funds/assets, achieving full traceability of fund flows, thereby blocking illegal fund transfers at the transaction stage. It has now become a mandatory anti-money laundering compliance requirement that financial institutions and digital asset service providers in most countries and regions must adhere to, while also promoting the coordinated unification of compliance standards in both traditional finance and digital finance sectors.

5. Stablecoin Smart Contracts

Stablecoin smart contracts are token contracts deployed on blockchains (such as Ethereum, Solana) that implement the issuance and management of digital currencies pegged to fiat or other assets through pre-set automated code protocols. They achieve transparent issuance, redemption, transfer, and other functions through on-chain verifiable logic, and combine reserve proof, permission control, and compliance mechanisms (such as KYC/AML, freezing functions) to ensure price stability, security compliance, and traceability, forming the technical core of the stablecoin system. The functional interfaces of stablecoin smart contracts must meet relevant standards and specifications, such as ERC-20, ERC-3643, etc. Stablecoin smart contracts can implement transfer prohibitions and normal releases during the token transfer process by setting black/white lists and identity authentication.

6. Blacklist and Whitelist of Stablecoin Smart Contracts

The blacklist and whitelist mechanism of stablecoin smart contracts is a core permission control module built into the contract, primarily serving to manage the precise access and restriction of on-chain transfer operations of stablecoins. In actual operations, licensed entities (such as compliant stablecoin issuers and regulatory-qualified custodians) can rely on pre-set permissions in the contract to list specific addresses (such as those associated with sanctions or money laundering risks) on the blacklist—once an address is blacklisted, any stablecoin transfer requests initiated from that address will be automatically intercepted by the contract, and the transfer transaction cannot be executed normally. At the same time, licensed entities can also include compliant addresses verified through KYC/AML (such as legitimate user accounts and partner financial institution addresses) in the whitelist, allowing only transfer operations initiated from whitelisted addresses to be recognized and executed by the contract. This "dual permission control" satisfies anti-money laundering (AML), counter-terrorist financing (CFT), and regulatory compliance requirements, ensuring the security of the stablecoin circulation ecosystem.

4.2 Stablecoin Whitelist and Its Contract Security Audit

4.2.1 Stablecoin Whitelist Structure

Regulatory Text: "Guidelines for Licensed Stablecoin Issuers under the Stablecoin Regulation"

Section 6.5.3: Licensees should identify all operations related to each specified stablecoin throughout its entire token lifecycle, including deployment, configuration, minting, burning, upgrading, pausing, resuming, blacklisting, unblacklisting, freezing, unfreezing, whitelisting, and the use of any operational wallets.

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing Applicable to Licensed Stablecoin Issuers"

Section 5.11: Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the Monetary Authority requires licensees to exercise caution when determining whether their systems are sufficient to mitigate the money laundering and terrorist financing risks associated with licensed stablecoin activities (especially those involving peer-to-peer transfers between non-custodial wallets). Unless the licensee can prove to the Monetary Authority and convince them that such risk mitigation measures can effectively prevent and combat money laundering, terrorist financing activities, and other crimes, the identity of each stablecoin holder should be verified by one of the following parties: (i) the licensee (even if the holder does not have a customer relationship with the licensee); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

To ensure that only wallet addresses verified for identity can hold stablecoins, stablecoin licensees can set up a whitelist in the smart contract and grant the licensee and qualified institutions joint management rights over the contract whitelist. The operational process generally follows these steps:

1. The licensee and institution conduct KYC registration, certification, and storage of user information.

2. The licensee and institution manage the registered wallet addresses in the contract, adding the addresses to the contract whitelist.

3. The licensee and institution confirm information for both parties in the transfer under the off-chain Travel Rule.

4. Conduct real-time and periodic risk assessments on whitelisted addresses, and promptly remove any address from the whitelist or place it on the blacklist if its risk level changes.

Figure 4-3 Stablecoin Smart Contract Whitelist Solution

4.2.2 Stablecoin Smart Contract Design

Regulatory Text: "Guidelines for Licensed Stablecoin Issuers under the Stablecoin Regulation"

Section 6.5.3: Licensees should identify all operations related to each specified stablecoin throughout its entire token lifecycle, including deployment, configuration, minting, burning, upgrading, pausing, resuming, blacklisting, unblacklisting, freezing, unfreezing, whitelisting, and the use of any operational wallets.

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing Applicable to Licensed Stablecoin Issuers"

Section 5.10: All on-chain stablecoin transactions will be automatically recorded in real-time on the blockchain where the transaction occurs, providing a certain level of traceability for transactions and helping to identify potential illegal activities and the wallet addresses involved in such activities. Without conflicting with Section 5.11, licensees may implement various measures to mitigate the risk of stablecoins being used for illegal activities. Examples of such measures include: (a) adopting appropriate technological solutions (such as blockchain analysis tools) to continuously screen stablecoin transactions and related wallet addresses beyond the initial distribution scope; (b) blacklisting wallet addresses identified as being related to sanctions or illegal activities; and/or (c) promptly freezing the relevant stablecoins upon receiving requests from regulatory authorities or law enforcement agencies or court orders.

Section 5.11: Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the Monetary Authority requires licensees to exercise caution when determining whether their systems are sufficient to mitigate the money laundering and terrorist financing risks associated with licensed stablecoin activities (especially those involving peer-to-peer transfers between non-custodial wallets). Unless the licensee can prove to the Monetary Authority and convince them that such risk mitigation measures can effectively prevent and combat money laundering, terrorist financing activities, and other crimes, the identity of each stablecoin holder should be verified by one of the following parties: (i) the licensee (even if the holder does not have a customer relationship with the licensee); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

Section 6.36: (b) Regularly and/or upon the occurrence of triggering events (for example, when the licensee is continuously monitoring stablecoin transfers with counterparties, or from other information (such as negative news reports from credible media, or public information indicating that the counterparty has been involved in any targeted financial sanctions, money laundering, and terrorist financing investigations or regulatory actions), being aware of any greater risks of money laundering and terrorist financing) review the information obtained from the due diligence measures taken on stablecoin transfer counterparties as per Section 6.33, and (if applicable) update the risk assessment of the stablecoin transfer counterparties.

1. Stablecoin Smart Contract Functional Requirements

According to the guidelines, the smart contract must implement the following identity verification and operational management requirements:

• Deployment: Place the smart contract code "on-chain," turning it into a runnable program that users can call. After deployment, the contract address is fixed, and the code cannot be arbitrarily changed (unless an upgrade mechanism is designed);
• Configuration: Adjust operational parameters (e.g., token name, token precision, permission allocation, etc.) within the allowed scope of the contract;
• Minting: The stablecoin issuer adds new token issuance and sends the newly issued stablecoins to a designated address. After minting new stablecoins, the total supply of stablecoins increases. For fiat-pegged stablecoins, minting must correspond to the increase in fiat reserves off-chain;
• Burning: Permanently remove tokens from circulation and deduct tokens from a designated address, commonly used in redemption scenarios (when users exchange stablecoins for fiat);
• Upgrading: If the stablecoin contract adopts an upgradable technical architecture, the stablecoin issuer can upgrade the business logic of the stablecoin. Upgrading can add new business functions to meet the latest regulatory requirements or fix current code defects;
• Pausing/Resuming: Temporarily disable part or all of the contract's functions (such as transfers, minting, redemption, etc.) under emergency or judicial/compliance requirements; resuming unlocks the corresponding capabilities;
• Freezing/Unfreezing: Mark addresses identified as illegal or high-risk as "blacklisted," prohibiting them from receiving or transferring stablecoins; unblacklisting restores their normal transfer capabilities;
• Whitelisting: Only accounts that have undergone KYC/due diligence and received approval can participate in certain sensitive operations (such as initially receiving newly minted coins, participating in redemptions, or directly connecting with the issuer's custodial accounts).

According to the guidelines, the smart contract must implement the following transaction control and real-time screening requirements:

Although regulatory requirements do not mandate the adoption of specific token standards, it is clearly stated that stablecoin contracts must have comprehensive governance and compliance functions, including: token issuance and burning (mint/burn), contract logic upgrades, network-wide pauses, fund freezing, and blacklist and whitelist management, to ensure that business operations are traceable, controllable, and compliant with audit requirements.

In terms of technical solutions, issuers typically weigh between two paths: implementing compliance controls based on ERC-20 through an extension layer, or directly adopting the ERC-3643 standard designed specifically for regulated assets.

Unlike the general ERC-20 standard, ERC-3643 is an Ethereum token standard designed specifically for regulated assets. It constructs a technical architecture that complies with securities regulations while retaining the efficiency advantages of blockchain through embedded identity verification and automated compliance engines, addressing the core contradiction of traditional financial assets on-chain.

ERC-3643 addresses the core needs of compliant asset tokenization through a modular architecture. This decoupled design allows for high configurability of business logic. The most critical aspect is the separation of the identity registry and compliance contract, which allows for flexible adjustments to compliance rules based on jurisdictional requirements without changing the core logic of the token. When a user initiates a transfer, the token contract automatically queries the compliance contract, which cross-checks the identity declarations in the identity registry, forming an automated compliance decision chain.

The technical architecture of ERC-3643 employs dual-level permission control, inheriting ERC-20 functionalities while adding two key compliance layers. The first layer focuses on verifying the identity and qualifications of the transaction recipient, utilizing the ERC-734/735 standard to validate the existence of identity declarations and the certification status of trusted issuers; the second layer imposes global rule constraints on the token itself, such as setting daily transfer limits and maximum holder counts. This layered design ensures continuous verification of investor qualifications while providing issuers with flexible regulatory rule enforcement tools, meeting the multidimensional compliance needs of security tokens.

Table 4-1 Comparison of Technical Implementation Paths for ERC-20 and ERC-3643 Stablecoins

2. Contract Framework Design

Under the Hong Kong regulatory framework, stablecoin issuers not only need to ensure the security and stability of the tokens but must also meet strict compliance review, traceability, and scalability requirements. Therefore, the design of the stablecoin contract must incorporate mechanisms for permission management, compliance control, upgrade strategies, and risk prevention from the outset. To meet these needs, a "three-layer architecture" is recommended, including: stablecoin token contract + proxy contract + multi-signature wallet contract, achieving secure, flexible, and auditable stablecoin issuance and management through modular and multi-layer control.

(1) Stablecoin Token Contract

The stablecoin token contract is the core of the entire system, responsible for minting, burning, and transferring tokens, and embedding compliance control logic. The contract can implement functions such as account freezing, blacklist and whitelist management, and network-wide pauses, ensuring that each transaction complies with the regulatory requirements of the Hong Kong Monetary Authority (HKMA). In terms of technical implementation, it can choose to be based on ERC-20 and implement compliance controls through an extension layer, or adopt the ERC-3643 standard designed specifically for regulated assets, enabling on-chain identity verification and compliance checks during token circulation on-chain, achieving real-time compliance and traceability.

(2) Proxy Contract

The proxy contract is used to manage the upgrades and maintenance of the stablecoin token contract, effectively providing a secure "upgrade entry" for the core contract. Through the proxy contract, issuers can smoothly update the token contract when business logic or regulatory requirements change, without needing to change the token address or migrate user assets, thereby reducing operational risks and costs. At the same time, the upgrade process of the proxy contract can be controlled and audited, ensuring that the system remains scalable over the long term and meets regulatory requirements.

(3) Multi-Signature Wallet Contract

The multi-signature wallet contract serves as an important security layer for the system, managing funds, permissions, and authorizations for key operations. For example, high-risk operations such as minting, burning, or contract upgrades must be jointly signed by multiple parties to execute, similar to how a bank vault requires multiple authorizations to open. The multi-signature mechanism can decentralize operational permissions, reducing single-point risks while meeting the Hong Kong regulatory requirements for prudent governance, multi-party supervision, and operational traceability for stablecoin issuers.

4.2.3 Smart Contract Security Audit

Regulatory Text: "Guidelines for Licensed Stablecoin Issuers under the Stablecoin Regulation"

Section 6.5.5: Licensees should also engage qualified third-party entities to conduct smart contract audits (such as formal verification and security assessments) at least once a year, and when deploying, redeploying, or upgrading smart contracts, to ensure that the smart contracts (i) execute correctly, (ii) align with expected functions, and (iii) have a high level of confidence that there are no vulnerabilities or security defects.

As the regulatory framework for stablecoins in Hong Kong and globally gradually improves, stablecoin contracts need to meet both technical security and compliance requirements during the design and deployment process. Smart contract security audits aim to comprehensively assess the contract architecture, proxy mechanisms, fund logic, permission governance, and on-chain compliance design from multiple dimensions, combining automated detection with manual review to identify potential security risks and design flaws, ensuring the stablecoin system operates securely, transparently, and sustainably, providing a solid technical guarantee for subsequent compliance applications and market operations.

(1) Contract Architecture and Proxy Mechanism Audit

Focus on verifying the logical integrity and upgrade safety of the proxy contract, ensuring that the data storage layout of the proxy contract is consistent with that of the stablecoin contract, avoiding asset risks caused by variable misalignment after upgrades. At the same time, assess whether the contract framework complies with design requirements, ensuring that upgrade permissions, management roles, and governance logic are transparent and controllable.

(2) Core Logic and Fund Security of Stablecoins

Audit the core logic of the stablecoin contract regarding issuance, burning, transferring, and freezing, ensuring compliance with regulatory policies and business needs, avoiding high-risk issues such as logical vulnerabilities, permission abuse, and abnormal minting. Focus on the accuracy and consistency of fund flows and asset records, ensuring that on-chain assets match off-chain custodial assets.

(3) Permission Control and Multi-Signature Governance Mechanism

The multi-signature contract is an important foundation for compliance and security, requiring verification of the multi-signature signing process, threshold strategies, and abnormal recovery plans. Ensure that management permissions are decentralized to prevent single-point failures or individual control of assets. Conduct comprehensive testing of the management logic involved in key operations, such as contract upgrades, parameter adjustments, and emergency freezing.

(4) Compliance and On-Chain Monitoring Design

Evaluate the contract's support for mechanisms such as blacklists, whitelists, address freezing, and limit restrictions in conjunction with regulatory requirements. Focus on verifying the on-chain event recording and audit tracking capabilities, ensuring that the contract has sufficient compliance visibility and regulatory collaboration capabilities to meet cross-chain and cross-institution risk control needs.

(5) Security Testing and Attack Defense

Conduct comprehensive testing of the stablecoin contract using formal verification, symbolic execution, and fuzz testing methods, focusing on covering risks directly related to stablecoin operations, such as mint/burn authorizations, upgrade and storage layout consistency, permission boundaries, on-chain/off-chain reconciliation, and emergency freezing. At the same time, in conjunction with the operating environment and proxy mechanism design, ensure that the contract has attack resistance capabilities in real business scenarios.

Before deploying the stablecoin smart contract on-chain, Beosin can provide in-depth audits of the stablecoin smart contract through its self-developed formal verification platform Beosin VaaS, in collaboration with a team of blockchain security experts. By using formal verification technology to validate contract logic and leveraging a multi-source security vulnerability database accumulated from practical experience to conduct comprehensive security testing on the stablecoin contract. For identified code vulnerabilities, contract backdoors, and other issues, provide remediation plans and track rectifications to ensure the underlying logic of the stablecoin is secure and trustworthy.

Figure 4-4 Smart Contract Security Audit Process

4.2.4 Underlying Distributed Ledger Security Audit

Regulatory Text: "Guidelines for Licensed Stablecoin Issuers under the Stablecoin Regulation"

Section 6.5.5: Regarding the distributed ledger related to the operation of specified stablecoins, licensees should assess the robustness of the relevant technology, including but not limited to security infrastructure, such as the cryptographic algorithms used; consensus mechanisms, covering factors such as decentralization, fault tolerance, and incentive mechanisms; capacity and scalability; whether there are third-party audits or assessments and their results; the ability to withstand common attacks (including 51% attacks or other attacks that may affect transaction finality); past security records; and risks related to code defects, intrusions, vulnerabilities, and other threats.

The HKMA has repeatedly emphasized that stablecoin issuers should prioritize choosing mature public blockchains with long-term stable operation experience and high decentralization, such as Ethereum. These public chains rely on a large network of validating nodes, transparent governance mechanisms, and long-term operational experience, providing advantages in attack resistance, transaction finality, and overall security, while their high attack costs can effectively reduce systemic risks.

For cases where non-mainstream chains (such as emerging public chains, consortium chains, or proprietary chains) are chosen due to business needs, a more detailed security audit and assessment of the chain platform should be conducted to ensure that overall security and robustness are not lower than that of mature public chains. The audit can focus on the following dimensions:

• Network architecture and consensus mechanism: Assess the number of nodes, geographical distribution, the attack resistance and fault tolerance of the consensus algorithm, ensuring stable network operation.
• Economic model and incentive mechanism: Analyze the economic design of the network token, evaluating its effectiveness in incentivizing validators and preventing Sybil attacks or economic manipulation.
• Centralization risks of nodes and operators: Investigate the degree of decentralization of on-chain nodes and the design of operator permissions to reduce systemic risks brought by centralization.
• Code and protocol security: Conduct security analysis on the core code of the chain, consensus protocols, virtual machines, and P2P modules to identify potential vulnerabilities or backdoors.
• Network monitoring and emergency response: Evaluate the logging, monitoring capabilities of the chain platform, and emergency plans for fork or attack events.
• Governance mechanism and upgrade strategy: Review the chain governance rules and protocol upgrade processes to ensure transparency, controllability, and risk resistance.
• Compatibility and scalability: Assess the compatibility of non-mainstream chains with external systems (such as wallets, cross-chain bridges, or oracles) and the risks of ecological integration.

Through customized security testing, a comprehensive assessment of the blockchain platform's architecture, consensus mechanism, node communication protocols, etc., can be conducted, combined with simulated attack tests to identify potential risk points. The audit results can form targeted reinforcement plans to enhance the security, robustness, and auditability of the underlying environment, providing technical support for the issuance and circulation of stablecoins.

Figure 4-5 Blockchain Platform Security Testing Process

4.3 Stablecoin Anti-Money Laundering Risk Assessment and Monitoring

For the risks during the circulation and transaction phase of stablecoins, Beosin's Stablecoin Monitor, KYT, and KYA product solutions can achieve 24/7 continuous dynamic monitoring. They can promptly capture transaction anomalies and funding risks, ensuring the safe and compliant circulation of stablecoins.

Table 4-2 Overview of Anti-Money Laundering Technical Solutions Based on Hong Kong Regulatory Requirements

4.3.1 Risk Monitoring in Stablecoin Circulation

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 5.9: Continuous monitoring of circulating stablecoins is crucial for licensees to fulfill their responsibilities in combating money laundering and terrorist financing.

Section 6.42: Licensees are not required to comply with the provisions of Sections 6.40 to 6.41 regarding peer-to-peer stablecoin transfers between non-custodial wallets of non-customers. However, licensees should adhere to the guidelines in Sections 5.9 to 5.12 to conduct adequate ongoing monitoring of circulating stablecoins.

Beosin Stablecoin Monitor continuously monitors the operational status and transaction risks of stablecoin projects, providing in-depth insights into the distribution of stablecoin holders, the flow of stablecoins, and real-time monitoring of stablecoin transactions. By utilizing deep learning algorithms to capture abnormal transaction behaviors and issue alerts, it links with the internal risk control systems of institutions to block the flow of risky funds, assisting issuers and regulatory agencies in closely monitoring the operational risks of stablecoins. The stablecoin monitoring system can achieve the following functions:

• Stablecoin issuers can monitor the operational status of contracts in real-time, gaining a comprehensive understanding of the current security status of stablecoins.
• Assist stablecoin issuers in screening the risks of funding sources and destinations, preventing high-risk activities on-chain/off-chain.
• Help stablecoin issuers monitor the execution of high-level regulatory actions in contracts in real-time, such as issuance, burning, freezing, etc.
• Monitor the price anchoring of stablecoins, promptly detecting abnormal price fluctuations and issuing first-time alerts for de-pegging.
• Possess the ability to identify custodial/non-custodial wallet addresses, allowing issuers to adopt different response strategies for potential risk addresses, especially for peer-to-peer transactions involving non-custodial wallets.

Figure 4-6 Beosin Stablecoin Monitoring - USDT Fund Distribution Monitoring

Figure 4-7 Beosin Stablecoin Monitoring - USDT On-Chain Transaction Risk Alerts

4.3.2 Risk Identification of Stablecoin Transactions and Addresses

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 4.35: Licensees should properly manage any money laundering and terrorist financing risks associated with customer wallets used to receive stablecoins issued by the licensee or to return stablecoins upon redemption.

Section 5.4: Licensees should also implement effective risk-based transaction monitoring systems and procedures during issuance and redemption to identify and report suspicious transactions. In addition, licensees should establish and maintain adequate and effective systems and controls to screen stablecoin transactions (i.e., stablecoin transfers with customers) and related wallet addresses.

Licensees should adopt appropriate technological solutions (such as blockchain analysis tools) to:

(a) Track the transaction records of stablecoins to more accurately identify the sources and destinations of the relevant stablecoins; and

(b) Identify transactions involving wallet addresses that are directly and/or indirectly related to illegal or suspicious activities/sources or designated persons.

Section 6.32: Due diligence on stablecoin transfer counterparties generally involves the following procedures:

(a) Determining whether the stablecoin transfer will be with stablecoin transfer counterparties or non-custodial wallets;

In traditional finance, the paths of fund flows across institutions are often broken and difficult to trace, making hidden risks hard to detect in a timely manner. However, the traceable nature of blockchain allows for clear visibility of the upstream and downstream links of each transaction. In the technical assessment of stablecoin risks, two main technologies are included: KYT and KYA. The KYT technology assesses whether a transaction's funding source and destination are associated with risky entities. The KYA technology conducts a comprehensive risk assessment of the funding sources and destinations of all assets for a given blockchain address based on its historical transaction data.

Beosin KYT builds a closed-loop prevention and control system around the funding inflow and outflow scenarios, relying on on-chain fund visualization tracking technology to trace the flow of funds. Combined with risk identification models, it can achieve penetrating risk identification, accurately identifying money laundering, terrorist financing, and other risk nodes hidden in the transaction path.

Beosin KYT provides an easy-to-use interface and professional API integration solutions, allowing for a comprehensive assessment of address and transaction risks related to stablecoin business. Beosin KYT supports 57 public chains, accumulating over 4.7 billion global address tags, monitoring over 200 money laundering entities in Southeast Asia, and accumulating over 20 million Southeast Asia tags, covering well-known money laundering platforms such as Huobi, Potato, and New Coin, supporting the identification of 120+ cross-chain and exchange protocols, achieving the identification of real funding risks across multiple chain platforms.

Figure 4-8 Beosin Risk Assessment Platform - KYT Transaction Risk Assessment

Beosin KYA supports comprehensive risk screening of blockchain addresses across all asset types, capable of identifying risks associated with all assets, including stablecoin assets. It mainly achieves the following capabilities:

• Conduct comprehensive risk assessments of bidirectional fund flows, reflecting the overall risk situation of wallets.
• Perform comprehensive analysis for single or multiple asset types, considering cross-chain money laundering and continuous tracking business scenarios.
• Assist stablecoin issuers in conducting feature analysis of address transaction behaviors, monitoring abnormal behaviors through rule models and machine learning technologies.

Figure 4-9 Beosin Risk Assessment Platform - KYA Address Risk Assessment

4.3.3 Continuous Monitoring and Periodic Scanning

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 6.36: (b) Regularly and/or upon the occurrence of triggering events (for example, when the licensee is continuously monitoring stablecoin transfers with counterparties, or from other information (such as negative news reports from credible media, or public information indicating that the counterparty has been involved in any targeted financial sanctions, money laundering, and terrorist financing investigations or regulatory actions), being aware of any greater risks of money laundering and terrorist financing) review the information obtained from the due diligence measures taken on stablecoin transfer counterparties as per Section 6.33, and (if applicable) update the risk assessment of the stablecoin transfer counterparties.

Through Beosin Realtime Monitoring's automated address risk status monitoring mechanism, users can add target addresses that need monitoring to a watchlist, achieving 24/7 real-time address score updates. When abnormal transaction behaviors are detected (such as high-frequency small transfers within a short period, or interactions with high-risk addresses), the system will immediately trigger alerts and reassess the risk level, ensuring that the risk status always reflects the latest security situation.

Beosin Rescreen assists users in periodically or regularly scanning target addresses across different dimensions. The monitoring system will update the risk scores of target addresses based on multi-dimensional data such as on-chain transaction frequency, fund flow, and associated address risk levels, using machine learning algorithms.

Figure 4-10 Beosin Risk Assessment Platform - Periodic Risk Assessment of Addresses

4.3.4 Post-Investigation and Risk Tracking

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 5.4: Licensees should adopt appropriate technological solutions (such as blockchain analysis tools) to:

(a) Track the transaction records of stablecoins to more accurately identify the sources and destinations of the relevant stablecoins; and (b) Identify transactions involving wallet addresses that are directly and/or indirectly related to illegal or suspicious activities/sources or designated persons.

Section 5.12: If a licensee becomes aware of any stablecoin transaction or related wallet address that is directly and/or indirectly associated with illegal or suspicious activities/funding sources or designated persons, they should immediately conduct further investigation and analysis. If there are any grounds for suspicion, the licensee should report the suspicious transaction to the Financial Intelligence Unit and take appropriate follow-up actions as described in Chapter 8 of these guidelines.

Beosin TransTracer provides an intuitive and concise topological view analysis, facilitating stablecoin issuers in conducting in-depth investigations of fund flows related to addresses or transactions. Beosin TransTracer utilizes a multi-dimensional address tagging database and deep neural network analysis model to track fund flows involved in malicious activities such as money laundering and fraud, penetrating through exchange protocols, cross-chain bridges, and other technical barriers, restoring the flow paths of risky funds, and providing a complete chain of evidence for issuers and regulatory agencies. The main features include:

• Risk classification of source and destination addresses, automatically tracking transaction links, and quickly identifying and displaying fund paths.
• Support for automatic penetration of exchanges and cross-chain protocols to reach the final real destination address.
• Support for multi-currency analysis of multi-chain addresses, allowing for unlimited hierarchical expansion of fund paths.
• Support for accurate route filtering and highlighting based on dimensions such as asset/currency/transaction occurrence time/transaction amount.
• Quickly generate fund flow diagrams/reports to save time for enhanced due diligence/case investigations.

Figure 4-11 Beosin TransTracer - Risk Fund Path Analysis

4.4 Intelligent Judgment of Crimes such as Money Laundering in Digital Assets

With the rapid development of digital assets, their anonymity, global circulation, and low-cost characteristics have been widely exploited by criminals, becoming a primary funding tool for various illegal activities. In cases of telecom fraud, online gambling, drug-related transactions, and online pyramid schemes, criminal gangs transfer funds through digital assets to achieve rapid laundering and conceal the sources of funds.

When tracking the funds in these cases, law enforcement agencies often face the following challenges:

• Technical Entry Difficulty: Case analysis involves blockchain knowledge and transaction patterns, making it costly for investigators to get started.
• Address Anonymization: The roles of on-chain addresses are unclear, making it difficult to determine account ownership and where to retrieve evidence.
• Complex Case Chains: Numerous addresses are involved, often increasing analysis difficulty through exchanges and cross-chain operations. Traditional manual methods are time-consuming and inefficient, making it hard to form a complete chain of evidence.
• Concealed Fund Flows: Funds are processed through mixing services (such as Tornado Cash), further increasing tracking difficulty, making manual analysis nearly impossible to penetrate.
• Insufficient Use of Open Source Intelligence Clues: Some funds circulate through guarantee platforms, involving multiple money laundering links and teams, making it difficult to uncover the full picture relying solely on on-chain transactions.

In this context, law enforcement agencies need the ability to quickly sort out fund flows, penetrate complex transaction links, and fully utilize open-source intelligence to address the aforementioned challenges.

To equip law enforcement agencies with the necessary capabilities in digital asset cases, Beosin Trace combines full-chain data analysis capabilities with AI intelligent algorithms to form efficient and precise intelligent judgment capabilities for digital asset crimes. The main features include:

• Intelligent Learning: Relying on large models and a digital asset crime knowledge base, it provides analytical guidance and intelligent Q&A functions, helping law enforcement personnel quickly master digital asset case analysis skills and shorten the learning cycle.
• Address Tagging Database: Based on different entities and crime types, it labels on-chain addresses, providing over 4.7 billion tag data covering dozens of address types such as mainstream exchanges, wallets, mixing platforms, guarantee platforms, fraud and gambling platforms, mining pools, and blockchain games, helping law enforcement personnel quickly identify address roles and significantly improve case analysis and judgment efficiency.
• Automatic Judgment of Involved Funds: In the early stages of case investigation, rapid judgment of fund flows is needed, but manual analysis is not only time-consuming but also prone to missing key information. Beosin Trace can automatically identify the transfer paths of funds, draw clear fund flow diagrams, label key addresses, and generate periodic analysis reports to help law enforcement personnel quickly grasp the core of the case.
• Penetration of Exchange and Cross-Chain Funds: When funds are transferred through exchange or cross-chain protocols, Beosin Trace can automatically identify the flow paths of exchanges and cross-chain operations, penetrating to the final real receiving address, ensuring full visibility of fund flows.
• Intelligent Discovery of Hidden Clues: When deeply analyzing the funding network of a case, Beosin Trace will comprehensively scan on-chain addresses, automatically identify abnormal transaction behaviors and suspicious addresses, uncovering hidden clues that are easily overlooked in manual analysis, making investigations more comprehensive.
• Tornado Cash Fund Analysis: Beosin Trace utilizes intelligent algorithms to penetrate the Tornado Cash mixing process, restoring the true flow of funds before and after mixing, helping law enforcement personnel efficiently track funds.
• Intelligent Address Profiling: For key on-chain addresses of interest, Beosin Trace will use AI modeling to analyze address behavior patterns, abnormal fund flows, and associated trading partners, quickly generating clear and understandable address profile reports to help law enforcement personnel accurately identify suspicious chains.
• Integration and Utilization of Open Source Intelligence: Automatically collect and integrate on-chain data with available open-source intelligence, assisting law enforcement personnel in discovering and verifying potential related information, improving the comprehensiveness and accuracy of case analysis.

Figure 4-12 Beosin Trace - Intelligent Judgment Platform

4.5 Chapter Summary

Beosin, with the core principles of "building defenses at the source, dynamic monitoring, and precise governance," has constructed a comprehensive regulatory technology solution covering the entire lifecycle of stablecoins. In terms of stablecoin whitelisting and contract security, it requires licensees to identify the full-cycle operations of tokens, verify the identities of holders, provide a three-layer contract framework of "stablecoin token contract + agency contract + multi-signature wallet contract," and achieve "building defenses at the source" through annual and key node audits of smart contracts and underlying distributed ledgers. In terms of anti-money laundering risk assessment and monitoring, Beosin has launched products such as Stablecoin Monitor (24/7 monitoring of stablecoin operations and transaction risks), KYT (tracking fund flows and identifying risk nodes), KYA (comprehensive wallet risk screening), Rescreen (continuous monitoring and periodic scanning), and TransTracer (post-investigation and risk tracking) to achieve "dynamic monitoring." At the same time, in response to the complex trends of digital asset money laundering crimes, Beosin Trace engine builds a full-process intelligent judgment capability to assist law enforcement personnel in efficiently conducting case investigations, achieving "precise governance."

Chapter 5 Recommendations for the Development of the Anti-Money Laundering Ecosystem

5.1 Industry Self-Regulation Norms and Collaborative Governance Mechanisms

Building an industry self-regulatory system to strengthen anti-money laundering capabilities has become an important consensus in the global digital asset field. Against this backdrop, the Hong Kong Virtual Asset Industry Association (HKVAIA) officially established the Digital Asset Anti-Money Laundering Professional Committee (DAAMC) on August 19, 2025, marking a key step for Hong Kong in constructing a compliant ecosystem for digital assets. As an industry-led non-profit organization, DAAMC focuses its mission on three core areas: first, promoting the construction of a compliant issuance framework for stablecoins in Hong Kong; second, strengthening the financial integrity defense line of the digital asset ecosystem; and third, promoting deep collaboration among licensed financial institutions. DAAMC will achieve an organic balance between regulatory requirements and business practices through the establishment of an industry consensus mechanism.

In terms of compliance practices, DAAMC will benchmark against the "Anti-Money Laundering and Counter-Terrorist Financing Guidelines (Applicable to Licensed Stablecoin Issuers)" and the regulatory guidelines for licensed stablecoin issuers published by the Hong Kong Monetary Authority (HKMA), while closely tracking the development trends of emerging compliance standards such as global on-chain identity verification, ensuring that regulated stablecoins in Hong Kong achieve a dynamic balance between controllable risks and sustainable business development, accelerating the mainstream application process of stablecoins.

HashKey Group, Pionex Innovation Technology Co., Ltd., Beosin, and SlowMist Technology, as founding members of DAAMC, aim to explore innovative solutions for compliant stablecoins through offline seminars, closed-door exchanges, and other means, driving high-quality collaborative development in the digital asset industry.

Figure 5-1 DAAMC Joint Statement

5.2 Promoting the Construction of Collaborative Mechanisms Across Government and Inter-Departmental Coordination

The government should promote the establishment of a comprehensive governance collaboration system at the government level, integrating the resources and professional capabilities of departments responsible for prevention, law enforcement, regulation, and financial victim protection. By establishing an efficient coordination mechanism, effectively breaking down departmental barriers, a full-cycle governance closed loop of "prevention-investigation-disposal-protection" can be formed, achieving synchronous resonance between policy formulation and execution, significantly enhancing the multi-dimensional prevention and control capabilities against digital asset crimes. This collaborative governance model not only aligns with international anti-money laundering standards but also adapts to the evolving criminal patterns in the digital economy era, providing institutional guarantees for building financial security barriers.

5.2.1 Establishing Inter-Departmental Coordination Agencies

Establish a regular joint meeting system among departments such as finance, financial regulation, public security, and cybersecurity. Referencing FATF international standards, develop a unified digital asset risk assessment framework to ensure consistency in regulatory policies.

5.2.2 Building a Capability Co-Building System

Joint training programs focusing on specialized skills training in blockchain forensics, digital asset tracking, etc. Conduct scenario-based practical drills simulating typical criminal patterns such as cross-border fund transfers and mixing services to enhance inter-departmental collaborative combat capabilities.

5.2.3 Optimizing Fund Disposal Processes

Establish a full-process disposal system covering "monitoring-freezing-recovery-returning," introducing blockchain traceability technology to enhance fund penetration capabilities. Develop standardized operational guidelines to clarify the boundaries of responsibilities and time requirements for financial institutions and law enforcement agencies.

5.2.4 Creating a Data Sharing Hub

Build a cross-departmental data sharing platform to achieve interconnectivity of financial transaction data, communication records, and intelligence information within a compliance framework. Utilize privacy computing technology to conduct joint analysis while ensuring data security.

5.3 Strengthening User Security Awareness and Training System Construction

Users need to strengthen their awareness of digital asset crime prevention to avoid involvement in illegal fund transfers and other violations. In the process of depositing and withdrawing digital assets, users should pay attention to fund risk screening and can utilize professional and user-friendly digital asset risk screening tools (such as Beosin KYA Lite) to quickly complete fund risk identification, effectively avoiding risks such as account freezing and financial losses due to receiving tainted funds.

In addition, building and continuously improving a multi-dimensional and multi-level user safety education system is a fundamental key measure to prevent crime risks in the digital asset field. This system should coordinate the efforts of government regulation, market entities, and the general public to form a "trinity" collaborative governance mechanism, consolidating the financial security defense line.

5.3.1 Building a Risk Awareness Enhancement Framework

To help users more clearly identify risks, a cognitive enhancement system should be built relying on multiple forces. From the government side, regulatory and law enforcement agencies can enhance capabilities in blockchain forensics, digital asset tracking, etc., through specialized training; at the enterprise level, digital asset service providers should establish employee compliance training systems; at the social level, the government and enterprises can actively promote activities such as "Digital Financial Security into Communities" to expand the coverage of financial security awareness education.

5.3.2 Innovating Public Education Implementation Paths

In terms of public education formats, it may be considered to develop immersive educational scenarios, flexibly using novel formats such as short videos, VR, and role-playing games to simulate crime scenarios involving digital assets (such as online fraud, online gambling, money laundering), thereby increasing public awareness of related crime risks; regarding the target audience, digital asset investors and cross-border traders are groups that are easily deceived, and more refined risk prevention education should be conducted for them; stablecoin issuers and regulatory agencies should consider regularly issuing risk alerts and analyses of typical criminal methods to the public, strengthening the warning effect through real cases.

5.3.3 Popularizing the Use of Digital Asset Risk Screening Tools

Digital asset risk screening tools can help ordinary users score risks associated with on-chain addresses and transactions, identify risky entities and fund flows, and reduce the probability of users interacting with high-risk addresses, thereby preventing issues such as fund freezing and involvement in money laundering activities from the source due to receiving illegal funds. Considering the security needs of individual users regarding these assets, Beosin will soon launch a digital asset risk screening tool suitable for ordinary users, Beosin KYA Lite, providing convenient and accurate risk screening for their wallet address's daily interactions.

References

1. "Stablecoin Regulation" Guidelines for Licensed Stablecoin Issuers, Hong Kong Monetary Authority (HKMA), August 2025.

2. Guidelines for Combating Money Laundering and Terrorist Financing (Applicable to Licensed Stablecoin Issuers), Hong Kong Monetary Authority (HKMA), August 2025.

3. "Summary of the Licensing System for Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 2025.

4. "Summary of Transitional Provisions for Existing Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 2025.

5. "Consultation Document on Legislative Proposals for Implementing a Regulatory System for Stablecoin Issuers in Hong Kong," Hong Kong Monetary Authority (HKMA) and the Financial Services and the Treasury Bureau, December 27, 2023.

6. "Press Release: Implementation of the Regulatory System for Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 29, 2025.

7. "Press Release: HKMA Announces Participants in the Stablecoin Issuer 'Sandbox'," Hong Kong Monetary Authority (HKMA), July 18, 2024.

8. "Press Release: Legislative Council Passes the 'Stablecoin Regulation'," Hong Kong Monetary Authority (HKMA), May 21, 2025.

9. "Insight: Stablecoin Regulation: A New Era for Digital Assets in Hong Kong," Hong Kong Monetary Authority (HKMA), June 23, 2025.

10. "2024 Hong Kong Cryptocurrency Regulation," ComplyCube.

11. "Stablecoins: Hong Kong's Proposal for Licensing and Regulatory Systems for Issuers," King & Wood Mallesons.

12. "Key Points of Hong Kong's Proposed Stablecoin Regulatory System," King & Wood Mallesons.

13. "Hong Kong Stablecoin Regulatory Policy: Industry Comments," Eastmoney.

14. "Legal Analysis of Hong Kong's New Stablecoin Regulations," Yingke Law Firm.

15. "The Era of Hong Kong Stablecoins Officially Begins - Part One: The Passage of the 'Stablecoin Regulation Draft' Opens a New Chapter," JunHe Law Firm, May 30, 2025.

16. "Securities and Futures Ordinance" (Hong Kong Legislation Chapter 571).

17. "Anti-Money Laundering and Terrorist Financing Ordinance" (Hong Kong Legislation Chapter 615).

18. "Stablecoin Ordinance" (Hong Kong Legislation Chapter 656).

19. 2025 U.S. Stablecoin Legislation Update, Womble Bond Dickinson.

20. The U.S. "GENIUS Act" Officially Becomes Law: A Regulatory Framework for Compliant Stablecoins, King & Wood Mallesons, July 23, 2025.

21. Analyzing the Differences Between the GENIUS Act and Hong Kong's Stablecoin Ordinance in Terms of Custodial Requirements and Cross-Border Impacts, Tianyuan Law Firm, June 4, 2025.

22. What Are the Specific Roles of OCC, the Federal Reserve, and SCRC in the GENIUS Act?, Tianyuan Law Firm, June 4, 2025.

23. New Stablecoin Legislation: Analyzing the "GENIUS Act," Arnold & Porter, July 2025.

24. Comparison of Stablecoin Capital Requirements Between the U.S. and Hong Kong, Hong Kong Legislative Council, February 11, 2025.

25. Inflection Point: Global Implications of Scam Centers, Underground Banking, and Illicit Online Marketplaces in Southeast Asia, UNODC, April 2025.

26. Decrypting Crypto: How to Estimate International Stablecoin Flows, International Monetary Fund, July 2025.

Disclaimer

This research report has utilized artificial intelligence (AI) to assist in content organization and has referenced publicly available materials from institutions such as the Hong Kong Monetary Authority, the Financial Services Agency of Japan, the Central Bank of the UAE, the International Monetary Fund, and various law firms. All content in this research report does not constitute any investment or legal advice. Beosin strives to ensure that the information and data provided are accurate and reliable but does not guarantee that such information and data are absolutely correct, complete, and reliable. Readers should still directly consult the latest regulations and guidelines published by official sources for authoritative references. Beosin is not responsible for any losses or damages arising from inaccuracies or omissions in the information or from decisions, actions, or inactions made based on or relying on this research report.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。