Author | Bitrace
According to local media GMA Integrated News and the press conference of local police (PNP PIO), it was confirmed that a well-known Chinese businessman in the Philippines, Guo Congyan, and his driver Amani Pablo were kidnapped in April and brutally murdered after their family paid a ransom of up to 26 million yuan.
Bitrace investigators immediately conducted intelligence analysis on publicly available online information, restored the event context through blockchain tracking, and discovered more related crypto crime incidents based on the Southeast Asian organized crime network intelligence database.
This article aims to disclose and introduce the cryptocurrency money laundering tools used by the kidnapping and extortion gang.
HuionePay: Exploited Crypto Payment Tool
HuionePay, belonging to the Cambodian financial entity Huione Group, is a popular cryptocurrency payment tool in Southeast Asia that supports settlement of dollar stablecoins across multiple public chains with numerous users. Due to the permissionless and anonymous nature of cryptocurrencies, this payment tool has been extensively used by local organized crime networks to achieve money laundering, payment transfer, cash-out, and storage.
Sanlian Life Weekly reported on May 27, 2025:
"Philippine police revealed that the ransom paid by Guo's family was... exchanged into USDT cryptocurrency, with most of the amount (over 1.365 million USD, approximately 75.58 million pesos) withdrawn through an account on the Cambodian financial platform Huione Pay (Huione App)."
After traversing all HuionePay User address transfer transaction data, Bitrace successfully located an Ethereum address that received and transferred USDT tokens worth 1.365 million USD to the HuionePay hot wallet address between May 4 and May 7.
Further investigation of the address's fund sources revealed that this kidnapping extortion gang is also related to another fraud case Bitrace is investigating, with these two events connected through a blockchain address in Cambodia.
This indicates that the Guo Congyan kidnapping and murder case may not be the first criminal act of this gang.
Dollar Stablecoins: Decentralized Double-Edged Sword
Dollar stablecoins are cryptocurrencies with value pegged to the US dollar, issued on the blockchain through real-world asset collateralization or algorithmic control. Leveraging blockchain technology characteristics, dollar stablecoins have created a low-cost, high-efficiency, decentralized value transfer system outside the traditional banking system, widely used in cross-border payments, value storage, and transaction relay.
However, they are also easily misused by criminal groups, with online gambling, money laundering, gray market transactions, and fraud entities widely adopting dollar stablecoins - especially USDT - to facilitate upstream crimes and downstream fund laundering.
In this case, USDT was used to transfer and launder ransom funds.
Further tracing of the previously mentioned HuionePay funds revealed they were cross-chained from the Ethereum network via a cross-chain bridge, with the kidnapping gang previously performing simple transfer and laundering of USDT.
The news mentioned:
"As of May 11, the Philippine National Police Cybercrime Group (ACG) stated that cryptocurrency worth 205,900 USD (approximately 11.4 million pesos) had been discovered overseas and frozen."
In the chain restored by Bitrace, several frozen USDT addresses indeed exist:
These addresses transferred and laundered over 1.76 million USD worth of USDT in the three days after the incident, with 205,500 USDT successfully intercepted, matching the news report's amount. However, even with timely on-chain law enforcement by local authorities, over 1.4 million USD of USDT successfully escaped and flowed into downstream HuionePay addresses through a cross-chain bridge.
[The translation continues in the same manner for the rest of the text]Web3 organization operators should be vigilant about this threat, learn more about and comply with local laws and regulations, establish communication channels with regulatory authorities, build law enforcement collaboration channels with major global countries' law enforcement agencies, and prevent business addresses and customer addresses from being contaminated by risky funds.
