29.62 million USDT was frozen, analysis of Cambodian Huiwang Group Incident

Tether USD (hereinafter referred to as USDT) is a centralized stable token issued by Tether Company. It is constrained through smart contracts in the blockchain network and its currency value is anchored to the US dollar. In addition to the anonymous transfer and permissionless use features of other cryptocurrencies, USDT also gives the issuer huge scheduling rights, allowing developers to issue and destroy USDT tokens at a certain address, or restrict the operation of USDT by a specific address. Permissions, also known as "TEDA Freeze" in the industry.

This kind of centralized freezing activity is usually triggered by law enforcement requests from government departments around the world, or temporary large encryption security incidents. It aims to prevent known illegal and criminal activities using USDT and to prevent damage. Assets are intercepted to prevent damage from expanding. As the adoption of USDT in the real financial system increases, currency-related illegal and criminal activities occur frequently, resulting in TEDA freezing activities becoming more common, which has caused a large business negative impact on a large number of web3 companies that operate normally but accidentally collect risky crypto funds. impact and even bring legal risks.

This article will analyze and explain the incident of Cambodian Huiwang Group being frozen by TEDA with 29.62 million USDT as an example.

Overview of Huiwang’s business scale

Huiwang Group is a large financial group located in Cambodia. It has business sectors including cryptocurrency wallets, payments, transaction guarantees, insurance, cryptocurrency exchanges, etc. Its core payment and guarantee business uses USDT extensively. According to the address tag data of Bitrace's DeTrust on-chain risk capital monitoring and management platform, HuionePay and HuioneGuarantee have more than 180,000 official and user addresses, making them the largest local encryption companies. , its influence radiates to the entire Southeast Asia and even East Asia.

According to Bitrace monitoring, between June 2022 and June 2024, the monthly fund size of all known HuionePay and Huione Guarantee business addresses has maintained an upward trend, from a minimum of 1.03 billion USDT in June 2022 to The highest amount was 8.39 billion USDT in April 2024, and the total fund size reached 102.397 billion USDT in two years.

During this period, Huione related business addresses have also maintained a relatively large amount of reserves. Between June 2022 and June 2024, the average daily balance of all known HuionePay and HuioneGuarantee business addresses reached 35.68 million USDT.

Since Southeast Asia is a high-risk area for criminals to use cryptocurrency to carry out illegal activities, Huione’s business address has been affected to a certain extent. Take the core business address TL8TBp being used by HuioneGuarantee as an example. According to Bitrace monitoring, from July 1, 2023 to June 30, 2024, a total of 2.158 billion USDT flowed into this address, of which 35 million were high-risk online gambling funds. 1.62%, high-risk funds for black and gray industry transactions were 339 million, accounting for 15.71%, high-risk funds for money laundering were 54 million, accounting for 2.50%, and high-risk funds for fraud were 0.02 million, accounting for 0.09%.

Analysis of Huiwang’s Frozen Address Funds

On July 13, 2024, Tronscan showed that the TRON network address TNVaKW was restricted by TEDA. Up to 29.62 million USDT was frozen and could not be transferred. Bitrace immediately intervened in the investigation.

Preliminary investigation results show that just five days after TNVaKW was created, the total fund transaction size exceeded 1 billion USDT, and deposits were collected from a large number of Tron addresses marked as HuionePayUser, as well as from other HuionePay official addresses and Funds from HuioneGuarantee official address. Therefore, Bitrace confirmed that the address was Huione’s official business address and determined that the reason for freezing was the collection of a large amount of stolen crypto funds.

The next day, well-known on-chain detective ZachXBT further stated on the social platform that in the earlier Japanese exchange DMM theft incident, the relevant stolen assets had entered HuionePay through cross-chain exchange.

According to the address disclosed by ZachXBT, Bitrace discovered more addresses related to cleaning activities and reviewed the entire fund link. Among them -

165BTC cross-chain to Avalanche through AvalancheBridge

182BTC cross-chain to Ethereum through ThorChainBridge

263BTC cross-chain to Ethereum through ThresholdBirdge

obtained tBTC, BTC. After assets such as b were converted into USDT, USDC, DAI and other assets worth equivalent to 31.82 million U.S. dollars on avalanche, ethereum and other chains, they were converted to the TRON network through cross-chain, and eventually about 14 million of them entered TNVaKW.

It is worth noting that DMM is only one of the public security incidents where funds flowed into Huione’s address. When we investigated other incidents, we found that some of the funds in the Poloniex exchange theft incident were also related to Huione. Between June 5 and 7, 2024, at least 1.05 million USDT involved in the case flowed into HuionePay user addresses, and successively flowed into multiple HuionePay official business addresses including TLmktr, TR5F41, and TNVaKW.

There is currently no direct evidence that TNVaKW’s freezing is related to the funds in these two security incidents, but considering that Huione’s other business addresses have not been frozen, this at least indicates that this freezing action is not targeting the Huione Group itself.

Analysis on the run on HuionePay

As mentioned above, the average daily balance of all known HuionePay and HuioneGuarantee business addresses is 35.68 million USDT, and three months before the freezing event, this value has remained at 40 million USDT Around USDT, the frozen 29.63 million USDT is equivalent to 75% of its reserves, and there is a certain amount of withdrawal pressure.

Analysis of the latest HuionePay business address TQuFSv -

This address was activated 2.5 hours after TNVaKW was frozen, began to process HuionePay users' recharge and withdrawal needs, and received 114,800 USDC inheritance from TNVaKW, as of 2024/7 /16 9:34:39 Its transaction size has reached 733 million USDT.

Statistics of TQuFSv’s income and expenditure were made on an hourly basis. No obvious fund anomalies were found, and the address still has a balance of 12.88 million USDT.

Analysis of TQuFSv’s counterparties revealed that the top ten counterparties transferred a total of 147 million USDT, of which two addresses were marked as HuioneGuarantee addresses, transferring 73 million USDT and 73 million USDT respectively to TQuFSv. 15 million USDT, accounting for 23.64% of the total transfers; the top ten counterparties in terms of fund transfer volume obtained a total of 80 million USDT from TQuFSv, of which three addresses were marked as HuioneGuarantee addresses, and the amounts of funds obtained were 14 million USDT and 08 million USDT respectively. USDT, 0.06 billion, accounting for 7.76% of the total transfers.

It shows that HuionePay experienced a large-scale capital outflow after the freezing incident, but the official replenished reserves from other business addresses in a timely manner and was able to meet users' currency withdrawal requests.

The above is the detailed content of 29.62 million USDT was frozen, analysis of Cambodian Huiwang Group Incident. For more information, please follow other related articles on the PHP Chinese website!