In June 2019, the platform administrator’s closed down the PlusToken operations. This was abrupt and unexpected. Disguised as a high-yield investment program focusing mostly on investors based in Korea and China. They had promised their investors between 9% and 18% monthly return on their investments. This of course was a lie and the result was that the administrators and creators, managed to withdraw over $3 billion worth of cryptocurrencies, that involves bitcoin, ether and EOS.
Closing in on a year since they fled, we had a chance to speak to Chainalysis about their contribution to the international manhunt, to find those responsible for this scheme and to track down the missing crypto. We spoke to their Head of Research, Kimberly Grauer, to learn more about Chainalysis role in all aiding to return the money back.
Chainalysis is a blockchain analysis company. They provide compliance and investigation software to the world’s leading banks, businesses, and governments. They are experts in financial crime and blockchain analysis empower customers to derive insights they can act on.
When did you figure out that you wanted to track PlusToken, and why?
“We started tracking PlusToken in mid-August, shortly after Dovey Wan broke the news about the arrests of some of the administrators of the ponzi scam. We knew early on that this would be a big case, so got started as early as we could.”
“With such a big percentage of the circulating supply of cryptocurrency being involved in this scam, we knew those funds would be trying to exit through legitimate businesses. Using our software, we were able to follow the funds, and notify relevant stakeholders about the location and destination of those funds.”
How did you identify the PlusToken Wallet, and how do you track the wallet movements?
“We have identified hundreds of scams in our system. The process of identifying those scams involves doing lots of research on businesses that look suspicious. In the case of ponzi schemes, we typically look for the promise of consistent, high returns over a long period of time. In the case of PlusToken, we gained verification that this was indeed a scam with the release of the police documentation which Dovey Wan broke on Twitter in August.”
How do you keep track of bitcoins travelling through mixers?
“In the same way that we identify services, we can also identify mixers. In some circumstances, mixers can make it much more difficult to trace funds, but in some cases they are not as effective.”
Do you think the PlusToken had a significant impact on the lowered prices of bitcoin last fall?
“In November we found that a large inflow of funds to an exchange increases the price volatility on that exchange, and have verified this hypothesis with more recent research. This makes sense because a large inflow increases the supply of coins for sale on exchange order books. At the same time, traders heavily monitor on-chain activity, meaning that if they see a large flow of funds to an exchange, they may trade based on that information. This would only increase the volatility further.”
“Typically criminals with large amounts of illicit funds to launder will heavily rely on a well-connected network of over-the-counter (OTC) brokers. That OTC network can then more responsibly liquidate the funds by finding off-book buyers and sellers. But PlusToken involved such a large amount of funds, that it made it even more difficult to liquidate those funds without impacting prices.”
What do you expect from PlusToken in the coming months, will the dumping continue?
“Yes the dumping will continue, but we have our eyes on those funds! We already know that the criminals in possession of the funds are changing their cash-out strategies and destinations, and targeted OKEx more recently.”
How much of your technology is automated? How much is manual work?
“We refer to our process as ‘augmented intelligence’ because it involves both statistical and human analysis. In addition to real-time deterministic models to cluster addresses, our team of over 20 experts in cybercrime and counter-terrorism collect ground truth to ensure there is verifiable evidence behind every attribution.”
“Machine learning is often marketed as the killer solution for blockchain analysis, but it can result in false positives because it is based on probability. It’s fine for ad targeting where it’s OK to be directionally correct, but it’s not good enough when your data needs to be reliable and specific enough for people to make real-world decisions about risk, including customer relationships and law enforcement investigations.”
Are you able to track movements on the lightning network, and especially more privacy focused 2nd layer solutions?
“We are exploring the lightning network and other privacy focused solutions. We are, however, most interested in the services and off-ramps in the cryptocurrency space.”
Could your software be scaled to keep track of private retail holders, doing tax avoidance and such for nation states?
“Again, we identify services that accept cryptocurrency, and do not make any personally identifying attributions in our system. Customers can use our software to run their own investigations if they have enough contextual information, such as cryptocurrency addresses. This would likely be a collaboration between government/law enforcement, and several exchanges to follow the money and try to piece together a strong enough case to prove that tax evasion is occurring. “
Could your software be utilized in mass-surveillance schemes?
“No. We identify services and do not label individual users’ wallets and we do not share any personally identifiable information about cryptocurrency users with exchanges. For more information on how Chainalysis collects and uses service-level data, you can see our blog here: “
How much BTC do you estimate that PlusToken still hold?
“Unfortunately it would take us a bit of time to calculate this across cryptocurrencies and don’t have bandwidth to do it right now.”