Why this Bitcoin and Ethereum ponzi scheme garnered billions (in victims and dollars)

Plus Token, Bitconnect, OneCoin, had one thing in common – an investment deal that sounded too good to be true and when something’s is too good to be true, it usually is. With One Coin Ponzi, Ruja Ignatova was the leader who managed to ‘enchant’ thousands, if not millions, of her followers into investing in OneCoin, which, apparently aimed to “solve the world’s economic problems and bank the unbanked.”

Hours before the price of BTC dropped from $7,100 to $6,500 in December 2019, Chainalysis had published a report claiming that 20,000 BTC [now worth $183 million] and 790,000 ETH (now worth $18 million) were likely controlled by PlusToken scammers. 3 months after the report came out, the price of Bitcoin and subsequently the entire cryptocurrency market witnessed a massive flash crash along with the traditional market. BTC plunged to $3,850, ETH to $88 and speculation was rife that Plus Token scammers might have liquidated more than $100 million.

While some found solace in pointing fingers at plus token scammers, others had eyes only on the worsening negative global macro factors.

Plus Token: a scam like no other

Plus Token was/is a Ponzi Scheme, perhaps, the biggest in the industry so far. People behind such a humungous scheme managed to solicit $2 billion worth of cryptocurrencies from users, mainly across China and Korea.

Plus Token offered investors high yield on their investments, about 9-18%, and this return would increase as their investments did. With users segregated into tiers, based on their investment, one of the many reasons why Plus Token took off was due to their “referral strategy”, which gave users a huge reward.

Another reason why people believed it to be true was the illusion of sustainable business that they maintained. The funds received by new investors were distributed among old and already existing users as rewards. Chainalysis’ report stated,

“While we tracked $2 billion worth of various cryptocurrencies that victims sent to the PlusToken scammers, some of that money was paid out to early investors, presumably to maintain the illusion of high returns while PlusToken presented itself as a legitimate company.”

As of June 2019, six people closely related to the scam were arrested and since then, funds have been on the move over regular intervals. On June 24, the scammers used more than 5000 wallets to move scammed ETH and split the balance with each wallet containing 100-200 ETH.

Speaking with AMBCrypto, Alex Svanevik, Data Scientist and CEO of Nansen, stated that this was done by the scammers to “obfuscate the funds”.

“200 ETH is low enough not to show up in the top balance rankings of websites like Etherscan. Also, some have speculated that 100 ETH matches the largest Tornado.Cash pool. Tornado won’t have the capacity to process all of these funds though.”

Tornado Cash is a mixer purpose-built to anonymize transactions and is quite similar to Bitcoin mixers, which are generally used by hackers to mix the scammed tokens to avoid being detected by exchanges or OTCs.

Although Chainalysis’s report hinted that the March flash crash could have been caused by Plus Token, it was never confirmed. In the report, Chainalysis showed that ~23,000 BTC was transferred to exchanges, including Huobi and OKEx well before the drop on March 08.

Chainalysis

The report added that “PlusToken liquidations are likely not the cause of the price drop”. However, the issue was that exchanges and OTC desks were still accepting these coins, allowing scammers to liquidate them.

On this topic Svanevik told AMBCrypto:

“You can still track them with the right tools, but it does make it more inconvenient. An exchange might use the obfuscation as an excuse if a Plus Token wallet deposits and makes a trade on their platform. But there’s no good reason for an exchange not to have good enough on-chain analytics tools to detect Plus Token ETH being deposited.”

A looming question however is: “it’s 2020 and why are scams as huge as Plus Token still successful.”

Why did they fall for this?

Regardless of any scam’s modus operandi, the very idea of attractive returns could seem to be a lucrative opportunity. While the Plus Token scammers are trying to obfuscate stolen funds by sending it via thousands of addresses and using privacy methods [Wasabi, CoinJoin, etc], this should be a lesson to all the new entrants and the existing ones alike.

Simple research into the project or the token would be enough to understand the motive of the project. Perhaps, sticking with the top 20 cryptocurrencies would suffice but the investors would have to forego the low APY on their investments.

Svanevik opined that such scams were a “dark cloud over the whole industry” and that the “community plays an important role in weeding them out”.

“One benefit crypto has vs scams in legacy finance is that funds can often be traced, as long as the seed wallets are known. An ordinary person following some best practices can mostly avoid tracing, but a scam stealing billions of dollars won’t go unnoticed.”

Your feedback is important to us!