Chinese police uncovered a $1.9 billion underground banking operation in Chengdu using the USDT stablecoin. The operation is focused on smuggling goods like medicine and cosmetics overseas. However, Tether recently blocked $5.2 million in USDT tied to phishing scams. Unfortunately, several other crypto firms like Sonne Finance, BlockTower, and Cypher Protocol have recently faced hacks and exploits.

$1.9 Billion Tether Scheme

Chinese police uncovered a $1.9 billion underground banking racket involving the stablecoin Tether (USDT) in the city of Chengdu. The USDT stablecoin was used to exchange foreign currencies. So far, authorities have arrested 193 suspects across 26 provinces.

According to a media report, the underground operations started in January of 2021 and were mostly focused on smuggling medicine, cosmetics, and investment assets overseas. Two major underground operations were destroyed in Fujian and Hunan, and the police also froze 149 million yuan, worth around $20 million, linked to these operations.

Despite a very strict prohibition on crypto-related activities in China, traders still find ways to work around the ban and use crypto assets. A report from Kyros Ventures revealed that Chinese traders are among the largest stablecoin holders in the world, with 33.3% of Chinese investors holding several stablecoins, second only to Vietnam’s 58.6%.

China has banned the use of cryptocurrency and cryptocurrency exchanges, along with Bitcoin mining operations. However, the local population keeps finding ways to evade these restrictions. At the time of the Bitcoin mining ban, China was the largest contributor to the Bitcoin network hash rate, and within just a year of the ban, its mining hash rate contribution rose to second place. After banning centralized exchanges, Chinese traders turned to decentralized exchanges and decentralized finance-based protocols. Many also defy the ban using virtual private networks (VPNs).

With Great Power…

On the other hand, Tether recently froze $5.2 million in USDT that was stored in 12 Ethereum wallets tagged as "USDT Banned Address." On-chain analytics firm SlowMist shared that these addresses were used to launder funds from phishing scams.

Tether has quite a history of freezing assets associated with hacks, scams, and other illicit activities. In fact, Tether CEO Paolo Ardoino stated in an X post that the firm has blocked more than $1.3 billion since its inception, including $1.6 million related to terrorist financing.

In January 2022, Tether blacklisted three Ethereum addresses holding more than $150 million in USDT. By October 2022, it froze $8.2 million in USDT on Ethereum, adding 215 addresses to its blacklist. Later in 2022, Tether froze over $360 million in assets. In October 2023, the firm froze $817,000 in USDT linked to terrorist activities in Ukraine and Israel, after which it froze $225 million in USDT tied to romance scammers a month later.

Although USDT has a reputation for being used for criminal purposes, Tether has made it a priority to collaborate extensively with law enforcement as it works with 24 agencies across over 40 countries. The company responded to 198 requests to block wallets in the past year and 339 in the past three years.

Tether also implements secondary market controls to freeze activities that are connected to people on the United States Office of Foreign Assets Control Specially Designated Nationals list.

Decentralized ledger technology makes it possible for firms like Tether to monitor funds on-chain, while the centralized nature of stablecoins allows issuers to freeze assets linked to illicit activities.

Sonne Finance Breach

Hackers are also keeping the crypto community on its toes. Sonne Finance recently had to pause its operations after a hacker exploited a vulnerability and drained $20 million worth of cryptocurrencies. The breach happened on May 14 when Web3 security firm Cyvers pointed out an attack on Sonne Finance’s USD Coin (USDC) and Wrapped Ether (WETH) contracts. Although Sonne Finance was made aware of the hack only 25 minutes later, the attacker was still able to get away with huge amounts of WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).

By May 15 at 12:11 am UTC, Sonne Finance announced on X that it paused all markets on Optimism and partnered with Cyvers to investigate the breach. Sonne Finance is now exploring ways to recover the stolen funds, including negotiating a bug bounty with the hacker.

However, it seems unlikely that the hacker will take this road as they already transferred around $7.8 million to a new wallet address. Blockchain investigator PeckShield reported that the hacker swapped 59 WBTC for roughly 1,185 Ether (ETH) and 183,000 Dai (DAI), which suggests that they plan to obscure the funds through a privacy protocol like Tornado Cash.

A post-mortem analysis by Sonne Finance revealed that the hack was a donation attack targeting Sonne’s Compound v2 forks, which were known to have a bug. The X community subsequently criticized Sonne Finance for using Compound v2 despite being aware of the risks.

BlockTower Exploit

Institutional crypto investment firm BlockTower, with $1.7 billion in assets under management, also recently suffered an exploit of its main hedge fund. So far, none of the stolen assets have been recovered.

BlockTower has partnered up with blockchain forensic analysts to try and trace the missing funds and to investigate the breach.

This is not the first time BlockTower has faced issues similar to this. In February of 2023, the firm lost about $1.5 million in a $2 million exploit of the multichain exchange aggregator Dexible. Dexible revealed that about 85% of the stolen funds came from a few large investors. On-chain intelligence platform Arkham Intelligence identified a wallet that had drained around $1.5 million belonging to BlockTower.

Cypher Protocol Hit Again

Meanwhile, Cypher Protocol developer Hoak confessed to stealing almost $300,000 worth of user funds and gambling them away. Hoak stated in a May 14 statement that “I took the funds and gambled them away. I didn’t run away with it, nor did anyone else.”

This confession came after a post on May 13 by the pseudonymous core contributor Cobra, who revealed the absence of funds. At first, the post went unnoticed until a Discord group member reported experiencing fund withdrawal issues.

According to Cobra, Hoak stole funds from the Cypher redemption contract over several months through 36 withdrawals. The funds were moved from Cypher’s redemption contract to an intermediary wallet before being sent to the Binance exchange. On-chain data indicated that a total of $317,000 in Solana (SOL), Tether (USDT), and USD Coin (USDC) was transferred to Binance. At its peak on Dec. 7 of 2023, Hoak’s wallet held $68,365 worth of digital assets, and over $56,000 on Apr. 22, 2024, before 99% of the assets were transferred within two days.

This incident is yet another blow for Cypher Protocol as it was hacked in August of 2023, losing more than $1 million worth of digital assets.

Although Hoak does not want to victimize himself, he blamed his actions on a severe gambling addiction and other unchecked psychological issues.

The crypto space has faced a lot of criticism for encouraging casino-like behavior. In fact, the U.S. Securities and Exchange Commission Chair Gary Gensler compared the ecosystem to “casinos in the Wild West.” A 2023 YouGov survey found that people gambling at harmful levels were almost five times more likely to own cryptocurrencies than the general population.