PlusToken Scam: How To Launder 11,999 BTC and Get Bitcoin Another Notch Lower
A Chinese pyramid scheme called PlusToken has managed to gain notoriety as a significant factor influencing Bitcoin’s price. Just recently, a hefty bunch of 11,999 BTC from its wallet started moving, putting the watchful members of the community on high alert: an en masse sell-off of this much Bitcoin wouldn’t be a good thing for its price.
ForkLog Hub resident Pavel Gromov investigated the matter and suggested the explanation as to where did the money go, how it got laundered, and what does it mean for Bitcoin. Here is the translation of the original Russian-language article.
On February 11th, 2020, reports about the 11,999 BTC moving from PlusToken’s wallet emerged. The money was sitting still since September 21st, 2019.
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 11,999 #BTC (117,393,202 USD) transferred from unknown wallet to unknown wallet
— Whale Alert (@whale_alert) February 11, 2020
According to ErgoBTC, the original wallet was a part of the PlusToken cluster and has been marked by all blockchain analysis tools.
Balance dynamics for the original wallet. Source: Bitaps
Then, the money moved again, catching the eye of Chiachih Wu, the vice-president of a blockchain-security firm PeckShields, and the rest of the community. Yet, the attention of the public didn’t last long. Primarily, the situation was being monitored by researchers and a small audience on social networks.
New #PLUSTOKEN parking addresses:
— Chiachih Wu (@chiachih_wu) February 11, 2020
Before mixing, the coins were split into small parts on different addresses, as mixing a large sum is difficult. The people behind these transactions were probably using wallets with built-in mixers and their respective liquidity pools. In order to launder this much money, such wallets don’t have sufficient liquidity, but the “split and mix” approach turned out to be effective.
Leaning towards mixer deposit pre-split.
If these are mixer deposits will see how long it takes for coins to start coming out the other side. https://t.co/FyddM5XaFS
— Ergo ∴TxIDs Or It Didn't Happen∴ (@ErgoBTC) February 11, 2020
Notably, centralized exchanges use special tools to assign Risk Score to transactions. This score allows exchanges to see if the transaction is “clean” or “dirty.” If assets move from an address flagged as “dirty,” all the receiving addresses together with the original “dirty” are grouped into the same cluster. But it doesn’t happen instantaneously. Criminals have a small gap, during which they can mix and sell the coins before the platform notices. Since exchanges are typically interested in higher trading volumes, they often do nothing if the transaction isn’t flagged.
The start of mixing. Source: KYCP
In the case of the PlusToken cluster, the whole sum was split into batches of 1–5 BTC. Using KYCP, I’ve managed to track the output branches. After mixing, the coins were accumulated in groups of 300–400 BTC. For all instances, the algorithm was the same, which suggests there was a single owner.
One of the output transaction branches, which can be considered the end of mixing the 11,999 BTC. Source: KYCP
The coins aggregated into large sums were then sent to exchanges. KYCP shows how PlusToken’s coins were getting to OKEx exchange in groups of 20–50 BTC. For this particular case, the last batch of 55 BTC was sent to the exchange on February 28th.
According to ErgoBTC, 50% of all the assets being moved by PlusToken went through OKEx. Meanwhile, Huobi exchange got only 25% directly and 45% indirectly. This means that the share of other exchanges amounted to about 5%.
For February, Huobi directly received roughly ~25% and indirectly closer to 45%.
The remaining ~5% goes to "others".
My point: Recently, most of these coins are going to or through regulated KYC'd exchanges, not "OTC".
— Ergo ∴TxIDs Or It Didn't Happen∴ (@ErgoBTC) February 16, 2020
Despite the attention from the crypto-community and media, PlusToken’s 11,999 BTC were transferred to exchanges to be sold. The reasons behind this include the insufficiently fast risk calculation procedures and trading platforms’ negligence regarding incoming transactions.
Notably, the mechanism utilized to transfer the money to OKEx shows how the platform acted as a mixing service, adding “grey” inputs to normal transactions.
OKEx transactions. Source: KYCP
The movements of the BTC in question seen in February and the Bitcoin price dynamics suggest that the sale of these coins did, in fact, push the market down.
BTC/USD chart. Source: TradingView
Back in summer 2019, scammers have hindered Bitcoin price growth. Now we have a seemingly similar scenario.
By mixing the coins from PlustToken the exchanges involved have created a precedent. Now there’s no sense in categorizing the scammer’s BTC into “clean” and “dirty,” everything has been laundered.
The views expressed in this article are those of the author and don’t necessarily represent the opinions of the editorial board.
Subscribe to our Newsletter<
- AT&T Faces Lawsuit Over Alleged SIM Swapping Leading to Massive Cryptocurrency Theft
- North Korean Hacker Group Lazarus Laundered Over 2,500 Stolen Bitcoins In May, Report
- “BigSpender” Exploit in Some Bitcoin Wallets Allows Attackers to Fake Transactions
- Will Bitcoin Always Be #1?
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data
- Blockstack’s Muneeb Ali: Bitcoin as the Most Secure Blockchain Will Be the Best Foundational Layer for Web 3.0
- Institutional Money In Bitcoin: Problem or Solution? An Expert Take
- Bitcoin Investors Remain Bullish Despite Extended Consolidation