ForkLog Hub resident Pavel Gromov, also known as the “Chief by crypto”, tells about the PlusToken pyramid laundering scheme and the impact of massive sales on the price of the first cryptocurrency. In the light of the current collapse and movements on PlusToken wallets, the topic is extremely relevant.
On February 11, 2020, the media reported that 11,999 BTC came in from the cluster of the Chinese pyramid Plustoken, which has been putting pressure on the market for a long time.
The first move took place on the same day, February 11th. 11,999 BTCs were sent from the wallet, which lay motionless from September 21, 2019.
According to the ErgoBTC researcher, the source wallet was part of the PlusToken cluster and was marked with all the tools for blockchain analysis.
After that, the bitcoins again moved, which attracted the attention of PeckShields vice president Chiyachi Wu and the community. However, public interest was not enough for a long time, and only researchers with a small audience on social networks continued to monitor the development of the situation.
In preparation for mixing, the coins were fragmented into small pieces at different addresses, since mixing a large amount is a very difficult task. Those behind the cash flow were most likely using wallets with built-in mixers and their liquidity pools. In order to completely whitewash such a significant amount, the purses have too little liquidity, but the “smash and hinder” approach has paid off.
The reader must understand that centralized exchanges use tools from analytical companies that assign transactions a risk rating (Risk Score). Based on this assessment, exchanges determine whether the transaction is “clean” or “dirty.” If assets are moved from the address marked in red, the recipient addresses will also be included in the cluster. However, this does not happen instantly; attackers have a gap for quick mixing and subsequent sale before transactions are marked. Exchanges are interested in high volumes, so most often they do not take action if there is no red flag.
Start crushing, KYCP data
Returning to the PlusToken cluster, it is necessary to add that bitcoins were split at 1-5 BTC. With the help of the KYCP service, I was able to track the path of the “branches” of exits - after mixing the coins were collected on wallets of 300-400 BTC. The algorithm of actions was identical, which speaks in favor of a single owner.
One of the “branches” of the final transactions, which can be considered the completion of the “mix” of 11,999 BTC, KYCP data
At the time of writing, these clusters are still not marked in the free oxt.me service. I assume that at the time of transfers, service providers for exchanges did not manage to assign them a red risk level.
After the aggregation of relatively large amounts in wallets, coins began to be sent to exchanges.
The link allows you to follow how PlusToken bitcoins after mixing got on the OKEx exchange in batches of 20-50 coins. From this particular wallet, the last portion of 55 BTC went to the OKEx exchange on February 28.
According to ErgoBTC, in the first half of February, 50% of PlusToken's funds moved through OKEx. At the same time, Huobi received only 25% directly (45% directly and indirectly). This means that only 5% absorbed other services.
11 999 BTC of the PlusToken pyramid, despite the attention of the media and the community, managed to get on the exchanges for sale. Probably one of the main reasons is the insufficiently fast process of calculating the level of risk and the careless attitude of trading floors to checking incoming transactions.
Another interesting nuance is the output mechanism on OKEx. For visualization follow the link. Hover over IN15 with 33 BTC from the PlusToken pyramid cluster. It is clearly seen that the exchange worked as a classic mixing service, adding a gray entrance to the rest of the white ones. On the right you will see the recipients.
Comparing the February movements of PlusToken funds and the dynamics of the Bitcoin exchange rate, we can draw a reasonable conclusion about the strong pressure of these sales on the market.
In the summer of 2019, they stopped the rise in the price of bitcoin, now, apparently, a similar story has happened.
By mixing PlusToken inputs, exchanges set a precedent. Now there is no point in dividing the bitcoins of the pyramid into dirty and white, since they have already been washed.