PlusToken Scam: How To Launder 11,999 BTC and Get Bitcoin Another Notch Lower

A Chinese pyramid scheme called PlusToken has managed to gain notoriety as a significant factor influencing Bitcoin’s price. Just recently, a hefty bunch of 11,999 BTC from its wallet started moving, putting the watchful members of the community on high alert: an en masse sell-off of this much Bitcoin wouldn’t be a good thing for its price.

ForkLog Hub resident Pavel Gromov investigated the matter and suggested the explanation as to where did the money go, how it got laundered, and what does it mean for Bitcoin. Here is the translation of the original Russian-language article.

On February 11th, 2020, reports about the 11,999 BTC moving from PlusToken’s wallet emerged. The money was sitting still since September 21st, 2019.

? ? ? ? ? ? ? ? ? ? 11,999 #BTC (117,393,202 USD) transferred from unknown wallet to unknown wallet

Tx: https://t.co/yQfrFxNRs1

— Whale Alert (@whale_alert) February 11, 2020

According to ErgoBTC, the original wallet was a part of the PlusToken cluster and has been marked by all blockchain analysis tools.

Balance dynamics for the original wallet. Source: Bitaps

Then, the money moved again, catching the eye of Chiachih Wu, the vice-president of a blockchain-security firm PeckShields, and the rest of the community. Yet, the attention of the public didn’t last long. Primarily, the situation was being monitored by researchers and a small audience on social networks.

New #PLUSTOKEN parking addresses:

19bMszbozeHyjANgSyM9iyjsZU1sKsR6uM (11,999 #BTC)
1LT4ae84S8tCsZtrLCcz3Z38DGn1LnZ9op (424 #BTC) pic.twitter.com/8xLJ5OXM39

— Chiachih Wu (@chiachih_wu) February 11, 2020

Before mixing, the coins were split into small parts on different addresses, as mixing a large sum is difficult. The people behind these transactions were probably using wallets with built-in mixers and their respective liquidity pools. In order to launder this much money, such wallets don’t have sufficient liquidity, but the “split and mix” approach turned out to be effective.

Leaning towards mixer deposit pre-split.

If these are mixer deposits will see how long it takes for coins to start coming out the other side. https://t.co/FyddM5XaFS

— Ergo ∴TxIDs Or It Didn't Happen∴ (@ErgoBTC) February 11, 2020

Notably, centralized exchanges use special tools to assign Risk Score to transactions. This score allows exchanges to see if the transaction is “clean” or “dirty.” If assets move from an address flagged as “dirty,” all the receiving addresses together with the original “dirty” are grouped into the same cluster. But it doesn’t happen instantaneously. Criminals have a small gap, during which they can mix and sell the coins before the platform notices. Since exchanges are typically interested in higher trading volumes, they often do nothing if the transaction isn’t flagged.

The start of mixing. Source: KYCP

In the case of the PlusToken cluster, the whole sum was split into batches of 1–5 BTC. Using KYCP, I’ve managed to track the output branches. After mixing, the coins were accumulated in groups of 300–400 BTC. For all instances, the algorithm was the same, which suggests there was a single owner.

One of the output transaction branches, which can be considered the end of mixing the 11,999 BTC. Source: KYCP

The coins aggregated into large sums were then sent to exchanges. KYCP shows how PlusToken’s coins were getting to OKEx exchange in groups of 20–50 BTC. For this particular case, the last batch of 55 BTC was sent to the exchange on February 28th.

According to ErgoBTC, 50% of all the assets being moved by PlusToken went through OKEx. Meanwhile, Huobi exchange got only 25% directly and 45% indirectly. This means that the share of other exchanges amounted to about 5%.

For February, Huobi directly received roughly ~25% and indirectly closer to 45%.

The remaining ~5% goes to "others".

My point: Recently, most of these coins are going to or through regulated KYC'd exchanges, not "OTC".

— Ergo ∴TxIDs Or It Didn't Happen∴ (@ErgoBTC) February 16, 2020

Unsettling Conclusion

Despite the attention from the crypto-community and media, PlusToken’s 11,999 BTC were transferred to exchanges to be sold. The reasons behind this include the insufficiently fast risk calculation procedures and trading platforms’ negligence regarding incoming transactions.

Notably, the mechanism utilized to transfer the money to OKEx shows how the platform acted as a mixing service, adding “grey” inputs to normal transactions.

OKEx transactions. Source: KYCP

The movements of the BTC in question seen in February and the Bitcoin price dynamics suggest that the sale of these coins did, in fact, push the market down.

BTC/USD chart. Source: TradingView

Back in summer 2019, scammers have hindered Bitcoin price growth. Now we have a seemingly similar scenario.

By mixing the coins from PlustToken the exchanges involved have created a precedent. Now there’s no sense in categorizing the scammer’s BTC into “clean” and “dirty,” everything has been laundered.

Disclaimer

The views expressed in this article are those of the author and don’t necessarily represent the opinions of the editorial board.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Subscribe to our Newsletter

Related posts

• Bitcoin ATMs Operator Faces 30 Years in Prison for Money Laundering
• Chess Ex-Champion Garry Kasparov: Bitcoin is Natural Choice in Fight Against Human Rights Violations
• Steve Wozniak Sues YouTube For Fake Bitcoin Giveaway Ads
• CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
• Opinion: Trump’s Election Campaign to Trigger Bitcoin Pump
• Korea Imposes 20% Tax on Capital Gains From Crypto Transactions
• Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
• Bitsonar Exit Scam: How Former Ukrainian Government Official Took Money From Europeans, Americans, and Russians With Cryptopyramid