On-Chain Bitcoin Analysis Reveals New Depth of PlusToken Scam
The PlusToken drama is far from over.
Share this article
OXT Research, a tool from Samourai Wallet, recently revealed the full depth of last year’s PlusToken Bitcoin sell-off. Beyond a crash course in crypto privacy, this new data confirms a strong correlation with price actions for BTC over the past six months.
Granular Data Reveals New Details
Although the PlusToken scam was finally shut down late last year, the on-chain data is still being analyzed. Chainalysis, for instance, performed the first forensic sweep and revealed over $2 billion in funds collected. Their analysis methods were, however, slightly unclear.
In the latest report, it appears that the original amount of Bitcoin allegedly cashed out is far lower than the most recent data. Initially placed at roughly 25,000 BTC, OXT Research indicated that their figures were “four times this number.”
They added:
“The Chainalysis blog post is extremely opaque and we are unable to verify this analysis due to a lack of references including pre-mix addresses and clusters, postmix addresses, and most importantly distribution transaction IDs.”
Indeed the blowback from crypto’s first ever multi-billion dollar Ponzi scheme is still being measured.
And perhaps the most noteworthy is the correlation between the price of Bitcoin and PlusToken’s off-loading procedure. Though the specific figures are unclear, OXT estimates that the scam’s “total hoard likely exceeded 1% of BTC’s total supply.”
Ergo, the lead researcher of the report, told Crypto Briefing in an email that the most striking feature of this scam was its size. “Billion-dollar scams are very rare,” they said. “We did not expect the previously reported 200K BTC volumes to be accurate, but they were.”
Of this supply, a handful of addresses, identified thanks to poor privacy practices on the part of PlusToken, began distributing Bitcoin at a rate of 1,050 BTC per day. The distribution began in the first week of Aug. and continued until the end of Nov. 2019.
The report affirms that “this distribution likely had a significant downward effect on price action in the latter half of the year.”
Of the estimated 187,646 BTC, PlusToken has yet to distribute between 55,843 to 75,843 tokens.
Privacy Failures
The method through which the research group analyzed all token movements was made possible by poor privacy hygiene. The movement of PlusToken funds was executed via address reuse, merging, single round mixing, and abnormal incoming volume.
The primary mixing service in this operation was the Wasabi mixer. The OXT’s ability to track PlusToken’s activity says more about the scheme’s inability to correctly use mixing services rather than a critique of Wasabi. Attempting to mix 20,000 BTC through Wasabi in such a short period of time was perhaps the most blatant tip.
Interestingly, tutorial videos were also a major crux of the operation. In attempts to gather more followers to the scheme “users frequently share their referral links in tutorial videos,” said Ergo. “These videos contain cryptocurrency addresses which give analysts an address ownership starting point. This is a crucial mistake.”
As such, movements of lump sums in and out of mixing services, of which took a documented fee to obfuscate transactions, helped analysts reduce the culprits to an alleged OTC desk or investment fund wallet, and two primary address “clusters,” or groups of addresses.
Another technique reported was that of “self-shuffling.”
It refers to the “repeated UTXO splitting and merging in hundreds of transactions,” according to the report. This method was both easy to track and the most common way in which PlusToken funds were handled.
Huobi played a major role in off-loading these funds too, with nearly 250,000 addresses associated with the PlusToken funds. These addresses were reduced to two clusters which were identified following the incompetent privacy standards.
The report added that “it is also possible due to the poor mixing of the PlusToken coins, Huobi is acting as a ‘custodial’ tumbler.” In moving through the exchange and then sold elsewhere, tracking the funds becomes much more difficult. The OXT analysts speculate that Huobi was aware that these tokens were flooding their platform.
In conclusion, the PlusToken scam is still unfolding. Thanks to research from various members of the crypto community, however, it will be much easier to follow where these coins are moving in 2020.
It is on-chain archeology like this that is providing continuous feedback on network dynamics, blockchain technologies’ transparency, as well as hopefully deterring other Ponzi schemes from springing up.
Share this article