In the last week of November, the saga of an alleged crypto Ponzi scheme that has persisted for over six months took a new turn. A blockchain enthusiast researcher reported on Twitter that he had tracked nearly 200,000 BTCs that went missing over the summer, when several million people invested in PlusToken – a South Korea-based exchange and program. high-yield investment – found themselves unable to withdraw. their money.
The researcher suggested that the embezzled funds were gradually dumped on crypto exchanges, potentially removing the price from the Bitcoin market. Here is what we know about the monumental project which has not yet been officially confirmed.
The biggest exit scam in history
The story of PlusToken is a testament to the fundamental disconnect between the Asian and Western crypto spaces. The platform is believed to have held nearly $ 3 billion in assets like Bitcoin, Ethereum, and EOS when it went bankrupt in June 2019 – and yet it wasn’t until August 13, when the company Blockchain analysis Ciphertrace released its second quarter report, which the story caught the attention of the Western public.
Even after the true scale of the project became evident, it seemed like the collective West was receiving updates through a rather tight bottleneck. Dovey Wan, founding partner of blockchain investment firm Primitive Ventures, has become a key source of information on the alleged scam.
Related: What Are The Biggest Alleged Crypto Heists & How Much Has Been Stolen?
Launched in May 2018, PlusToken offered both a wallet service for storing cryptocurrencies and an investment program promising high monthly returns on stored funds, between 8% and 16%. It was mainly marketed in China and South Korea, although Wan reported that the exchange’s clients were also located in Europe and even North America. While the operation had a user base of ten million, Ciphertrace estimates that up to 3 million people could have been invested.
The program reportedly targeted a general audience of people not particularly savvy with crypto, emphasizing the “educational” component of the operation, which was to teach new members how to deposit funds through the PlusToken app.
A telltale sign of a Ponzi scheme was also present: the size of the rewards depended on recruiting new investors. Members could advance in the internal hierarchy accordingly, earning honorable distinctions such as “Big Boy” and “Great God”. The aggressive expansion campaign also relied in part on offline gatherings.
At the end of June, customers learned that withdrawals through the app were frozen. Around the same time, Vanuatu law enforcement took action to detain six persons involved in the scheme. An announcement immediately appeared on PlusToken’s website indicating that those arrested were regular users, not co-founders.
While the six allegedly high-ranking operatives found themselves in custody, other alleged PlusToken bosses, including a Korean and a Russian, remained at large. The location of nearly $ 3 billion in cryptocurrency has also remained opaque.
Money in motion
On August 14, news emerged that funds associated with PlusToken were being transferred to exchanges. Wan was the one who to augment the alarm, quoting research by security auditing firm PeckShield. A few days later, crypto watchdog Whale Alert reported four transactions totaling nearly 23,000 BTC that were likely the product of PlusToken.
However, both claims lack conclusive evidence. Ciphertrace, for example, has refrained from publicly acknowledging that the addresses identified by PeckShield may have belonged to the operation.
On August 23, blockchain research firm Elementus suggested that large sums of ether associated with the alleged exit scam had also been transferred to exchanges, primarily Huobi. Yet after this increase in research and media attention, the issue seems to have gradually faded from the limelight.
Related: Criminal Activity in Crypto: Fact, Fiction, and Context
Three months later, what to take away from the new wave of media attention on the subject? Granted, it wasn’t until the end of November that members of the crypto community came to suspect that PlusToken program loot could put considerable selling pressure on the market. According to reports from sources in Chinese trading circles, the story of the sale of the scammed funds driving down the price of Bitcoin has been circulating since at least mid-August.
What’s new is some solid research that has emerged in the wake of the latest drop in the BTC price cycle. Led by a crypto enthusiast who goes through Ergo on Twitter and Medium, the analysis links certain points of the PlusToken plot by tracing the funds that would be associated with it and estimating the average rate at which they are poured into the market.
Poorly mixed parts
Although Ergo has presented his recent findings as a series of tweets rather than a more formal article, the survey builds on the analyst’s earlier work reported in a Medium article that appeared on October 23.
The post is an account of the large-scale suspicious activity the author observed between early August and mid-September. Someone had deposited huge amounts of Bitcoin into the privacy-focused Wasabi wallet service, which allows multiple users to mix their digital funds in a single transaction, thus obscuring the origin of individual coins. Some of the addresses could be assigned to people already bound at PlusToken.
The analyst described what he considered to be âSybil behavior,â as opposed to a Sybil attack. In both cases, the basic mechanism is that one entity poses as many different ones. If malicious intent towards the service informs such actions, they are considered an attack, but in this case, the whale was simply using multiple mixer clients to create the appearance that money entered a mixer by multiple users. In an attempt to further cloud the transaction history, those controlling the flow of money also used a separate algorithmic technique known as ‘self-shuffling’.
According to Ergo, however, “self-mixing” is actually a traceable process, and the Wasabi mixing was performed poorly, leaving identifiable traces in the form of recurring patterns of post-mixing expense. At the end of October, the researcher was able to track some 54,000 of the alleged 200,000 BTC linked to the PlusToken program that were mixed using these two techniques. Most of this money then went to the Huobi Stock Exchange.
The tweetstorm that came a month later reports the results of the ongoing research effort. Ergo had tracked several other Bitcoin clusters allegedly linked to PlusToken, bringing the total discovered money to 187,000 BTC – a figure close to the estimate of stolen funds.
Assuming the start of August as the starting point for the sale, he also estimated the daily Bitcoin excess averaging 1,300 BTC – an amount that seems large enough to put downward pressure on the price. of the cryptocurrency market. A few days later, Ergo continued with a observation that some of the pieces allegedly related to PlusToken were still being moved from Huobi to Gemini.
One thing that this remarkable investigation fails, however, is to eliminate what is alleged and instead state facts before any reference to PlusToken in connection with the funds being tracked. The starting point for the analysis is a handful of addresses that are widely believed to belong to Operation PlusToken, but there is neither conclusive evidence nor a firm consensus that this is the case.
To move from the realm of the probable to a more solid factual ground would require the discovery of a new indisputable piece of evidence, most likely coming from the police force. For now, the analysis conducted by a lone crypto enthusiast is probably the best the community has to offer in understanding what really happened behind PlusToken’s brilliant facade.