Cryptoforensics firm Chainalysis says massive OTC cryptocurrency cash-outs by “PlusToken” scammers may be driving down the price of bitcoins.
According to the firm:
“Based in China, PlusToken presented itself as a cryptocurrency wallet that would reward users with high rates of return if they purchased the wallet’s associated PLUS cryptocurrency tokens with Bitcoin or Ethereum. The scammers claimed those returns would be generated by ‘exchange profit, mining income, and referral benefits.'”
The scheme was widely perceived as legitimate, and PLUS tokens were eventually, “listed on several Chinese exchanges,” Chainalysis writes, “and hit a peak price of $350 USD, raking in ‘investments’ from millions of people.”
Some Chinese media has reported that the scheme attracted $3 billion worth of cryptocurrency.
Chainalysis, “tracked a total of 180,000 BTC, 6,400,000 ETH, 111,000 USDT (tethers), and 53 OMG (OmiseGo) that went from scam victims to PlusToken wallets, equating to roughly $2 billion. Either figure would make PlusToken one of the largest Ponzi schemes ever.”
Six individuals in China were arrested in June for pervading PlusToken, but Chainalysis believes there are still parties at large who are moving and cashing out PlusToken proceeds, “through independent OTC brokers operating mostly on the Huobi platform…”
Tracking the scammed ETH has been easier, the firm writes:
“(W)e’ve tracked roughly 800,000 ETH and 45,000 BTC we can definitively say the scammers transferred to their own addresses to launder. They’ve cashed out at least 10,000 of that initial 800,000 ETH, while the other 790,000 has been sitting untouched in a single Ethereum wallet for months.”
“The flow of the 45,000 stolen Bitcoin is more complicated. So far, roughly 25,000 of it has been cashed out. The other 20,000 is currently spread out across more than 8,700 cryptocurrency addresses, which speaks to the high level of effort the scammers put into obfuscating the movement of funds. The scammers have transferred the Bitcoin more than 24,000 times, using more than 71,000 different addresses — and that’s not even counting cash outs or transfers to off-ramps such as exchanges.”
Part of the problem with tracking the bitcoins is that there are more services that enable “mixing” or obscuring of a bitcoin’s trajectory across the Internet:
“Many of those transactions were conducted through mixers like Wasabi Wallet, which utilizes the CoinJoin protocol to make it more difficult to trace the path of funds…funds are split off into large groups of new unique addresses, and re-consolidated later, which is activity typical of a mixer.”
The scammers are also shooting the coins back and forth between wallets while cashing out small amounts and pushing the bulk of coins forward, Chainalysis writes:
“At other points, the scammers utilized peel chains and other complex movements to obfuscate the path of funds. Peel chains are strings of transactions commonly used for money laundering, in which entities send funds through several wallets in quick succession, usually breaking off small amounts to cash out at each step and sending the majority on to the next wallet.”
Chainalysis provides an interesting take on the crucial role of OTC desks in this exploit:
“In the end, the funds moved to the address of an OTC broker operating on Huobi to be liquidated — that’s how nearly all of the funds so far have been cashed out. For reference, OTC (Over The Counter) brokers facilitate trades between individual buyers and sellers who can’t or don’t want to transact on an open exchange. OTC brokers are typically associated with an exchange but operate independently. Traders often use OTC brokers if they want to liquidate a large amount of cryptocurrency for a set, negotiated price.”
Public exchanges are now labouring under an increased set of KYC/AML (know-your-customer/ anti-money laundering) rules. However:
“Some OTC brokers have significantly lower KYC requirements than most exchanges, which can make them attractive for criminals like the PlusToken scammers…Some even specialize in the movement and laundering of criminal money.”
Ultimately, Chainalysis believes, PlusToken scammers control so many cryptocoins, that they may be partly responsible for recent downward movements in the price of bitcoins.
Cryptocoins periodically trade quite thinly, meaning markets can be easily perturbed by large holders.
“So far,” Chainalysis claims, “the PlusToken scammers have cashed out at least $185,000,000 worth of stolen Bitcoin via OTC brokers…(and) could be driving down the price of Bitcoin when they liquidate their stolen funds via OTC brokers.”
Chainalysis says the PlusToken scam is one of many, “(O)ur internal research suggesting bad actors bilked billions of dollars’ worth of funds from millions of victims in 2019.”
Chainalysis’ Senior Economist, Kim Grauer, says that features of cryptocurrencies enable the company’s work:
“This kind of analysis would not have been possible with the traditional financial system. This demonstrates how cryptocurrency’s transparent blockchains make it possible to identify and weed out illicit activity in an unprecedented way.”