For a while, everything seemed to be going incredibly well—too well—for Roger.
A middle-aged father of two from North Carolina, Roger had been invited into a secret crypto investing opportunity, and it seemed to be paying off big. He worked in the insurance industry and considered himself a reasonably informed investor, so it made some sense to dive into crypto, which many finance professionals at the time touted as the new frontier in digital investing. When Roger fielded an overture to join invite-only WhatsApp group, he thought he’d be able to cash in.
And so he did—or at least, it looked like he did. Over a month or so, his holdings increased 2,000 percent. Roger would soon find out that his gains were fictitious. He had been scammed, and more than $400,000—in real dollars—that he had poured into a supposedly legitimate cryptocurrency exchange called BitPlus were gone. (Fearing social sanction, Roger requested that we use a pseudonym in order for him to share his story and information about the people who defrauded him.)
Roger later discovered that BitPlus is part of a vast network of fraudulent cryptocurrency exchanges that are taking victims, many of them based in the United States, for tens of millions of dollars. He had been sucked into a so-called pig-butchering scam, which uses invite-only chat groups to funnel victims into doomed-to-fail investment schemes. These scams share a marked affinity with billion-dollar criminal operations being run out of China, Thailand, and Cambodia.
Pig-butchering scams are essentially confidence games, luring in investors by promising great rewards and exclusive access. The scams can play out for months, as their organizers cajole victims into putting more and more money into supposedly market-beating schemes. Chat groups provide an illusion of community and common purpose; they also exert constant pressure for participants to remain in the scam, and stay logged in to the chat. One common tactic, for example, is for scammers to demand fees to allow participants to withdraw their money to speculate on crypto trades. By the time the marks realize they’ve been conned, it’s too late. The scammers, and the money, are gone.
According to discussions with victims and analysis of on-chain blockchain data, these scammers are using popular stablecoins—tokens such as Tether’s USDT that get traded across far-flung crypto networks as a sort of provisional surrogate dollar—and major cryptocurrency exchanges like Binance and MEXC as clearing houses to launder the proceeds of their crimes. And much of their activity is happening in plain sight, on blockchain networks and easily accessible WhatsApp groups.
Popular
"swipe left below to view more authors"Swipe →
Such scams are distressingly common in a densely populated US crypto market. In examining Roger’s case, we discovered connections with nearly 100 Colorado-registered crypto companies. An astonishing 358 crypto companies are registered in the Rocky Mountain State—more than three times as many as operate in California, the runner-up. All of these entities have obtained Money Service Business registrations from the US Financial Crimes Enforcement Network. However, it appears that dozens of these firms are dubiously legal, at best.
Colorado Governor Jared Polis, a millionaire technology entrepreneur, has made crypto policy a priority, saying he wants to allow residents to pay their taxes in Bitcoin, Ethereum, and other tokens. In March 2019, Polis signed the Digital Token Act, which offered crypto transactions exemptions from traditional securities laws. Eight months later, the FBI arrested three men for perpetrating a $722 million cryptocurrency scam that was partially based in Colorado. Earlier this year, the FBI’s Denver field office warned that residents were reporting millions of dollars in losses to pig-butchering crypto scams.
The Colorado scam shows what happens when political and financial authorities open up crypto markets without considering investor protection. It also points to the scale of fraud still happening in crypto—even after rising interest rates and high-profile business failures sucked some air out of the industry—and how illicit funds run through both familiar mainstream exchanges and an obscure array of shell companies. Given the volume of money passing through scam networks like this one, it’s worth asking whether experts have underestimated the amount of crypto market activity devoted to fraud and money laundering. Cash is king, but crypto has become a second reserve currency for transnational crime. And a surprising amount of it runs through a post office box in a mail shop in downtown Denver.
Roger first learned about the trading scheme after he clicked on an Instagram ad. He joined a WhatsApp group with dozens of members; later on, he came to realize that many of the participants were bots or secretly part of the operation. The group offered daily crypto trading advice based on the research done by a supposedly brilliant economist named Professor Sean Johnson. The chat organizers directed members to a crypto exchange called BitPlus, which offered high-risk margin trading (essentially, the ability to borrow money to potentially make much higher returns). Roger quickly got involved, saying that he put $100,000 into an exchange account, which we verified via screenshots of his transactions and public blockchain data. But as he admits, he traded too aggressively on BitPlus—he didn’t follow the professor’s rules—and lost it all in one crazy evening of market volatility.
Roger reached out to “Daisy,” whom he had met through the WhatsApp group. Claiming to be Professor Johnson’s assistant, she had previously shown Roger how to deposit money on mainstream exchanges like Coinbase and Crypto.com, buy stablecoins, and then send the coins he traded to Bitplus. She offered a sympathetic ear.
“You know, she showed compassion,” Roger said. “She said, ‘I’m so sorry, you just didn’t follow our signals like you could have.’”
Daisy invited Roger to join a higher tier of Professor Johnson’s trading program, a coordinated group of whales—traders with at least $100,000 in their accounts who would supposedly buy a targeted cryptocurrency in tandem to drive up a given coin’s price. Roger wanted another bite at the apple, so he told Daisy that he would put together another $100,000—and that this time, he would really follow Professor Johnson’s instructions to the letter.
Roger deposited another $100,000 into Crypto.com, converted his dollars to USDT stablecoins, and sent the stablecoins to BitPlus, even though the former platform warned him not to do so. He watched his returns rapidly grow in his BitPlus account. He poured more funds in, draining his savings.
After he’d been in the program about six weeks, Roger’s account had grown to more than $20 million—or at least that’s what the user interface showed him. He told us that he wanted to withdraw half of it, to pay some bills and have some peace of mind. So he put in a request to Bitplus and a company representative promised that he would be able to initiate a transfer the next day. But instead he awoke to discover that his account was locked. It didn’t look good. “I just got this sick feeling deep down that this thing was a scam,” he said.
He got in touch with Bitplus representatives via WhatsApp. They told him that he needed to pay a 7 percent fee to transfer the $10 million. When he asked those representatives to take the money out of the much larger balance in his trading account, they offered elaborate excuses about why they couldn’t. They said he had to send them another $700,000.
Roger finally realized that he had been fooled. He had lost everything. And until that point, he had been a voluntary participant. “I was willing and complicit,” he said. A married father of two, with a son who had been recently diagnosed with skin cancer, he described the experience as “a major blow.”
Roger started investigating the people who had defrauded him. He discovered that BitPlus was registered in Colorado by a company called Zhongteng Accounting Co., LTD. Created in August 2020, Zhongteng Accounting is an obscure entity that has registered almost 1,300 companies in Colorado. The companies created by Zhongteng are registered to several “digital” PO boxes, one of which is housed at a print shop in Denver’s business district a few blocks from Coors Field.
Zhongteng favors official-sounding corporate monikers like American Financial Exchange Co., Ltd, Future Flying Group Inc, and World Plant Nutrition Institute. Others seem designed to echo familiar US firms, such as Blackstone (China) Fund Management, Co. Ltd. There’s one called Filecoin Foundation, which is apparently unrelated to the open-source crypto project of the same name. Some of the companies have been dissolved, and few look like they are real going concerns, but they all still are legally incorporated firms. Occasionally, a Chinese name appears among a company’s officers, but usually Zhongteng Accounting is the sole director. The crypto analytics firm CoinCub, which looked into Colorado-based crypto exchanges and shared its data with us, identified sixty Zhongteng-registered companies that obtained money service business licenses (MSB) from the US government. The fake crypto exchanges then proudly displayed their MSB certificates on their websites and claimed to be “regulated,” adding a patina of legitimacy to their enterprise.
Zhongteng’s MSB-registered corporations include a number of confirmed frauds. One of us previously identified BitDogEx, a fake crypto exchange that helped scam users out of $60 million in crypto. JPEX, which had formerly claimed to be one of Hong Kong’s largest cryptocurrency exchanges, recently collapsed after accusations of misappropriating $192 million in customer funds. At least 18 company employees have been arrested. JPEX has a Zhongteng-registered affiliate in Colorado. Several other Zhongteng entities with names like CoinSkyEx and Eonmir have been accused online of running pig-butchering scams like the one that entrapped Roger.
At least six major cryptocurrency exchanges have ties to the Zhongteng network—MEXC Global, Bitget, LBank, Phemex, Deepcoin, and CoinEX. All of them used Zhongteng-registered corporations, or corporations registered at the same address as Zhongeng’s, to obtain US MSB licenses. Together, these six exchanges supposedly account for around $5 billion in daily cryptocurrency trading volumes, or roughly 5 percent of the spot crypto market. (Crypto trading statistics are notoriously unreliable, juiced by wash-trading bots and other forms of market manipulation.) Bitget was recently in the news after its venture capital arm purchased a majority share in the cryptocurrency media outlet The Block for $70 million. The Block previously faced trouble when it emerged that fallen crypto mogul Sam Bankman-Fried secretly subsidized the publication and gave $16 million in loans to Mike McCaffrey, The Block’s CEO, to buy luxury real estate in the Bahamas.
It’s unclear who owns or operates Zhongteng Accounting, which itself is registered—of course—to a PO box in Denver. It’s also not clear if Zhongteng directly owns all of the companies it registers or sometimes acts simply as the registering agent, although it is often listed as the sole officer or director. Many of the registered entities appear to be engaged in the same scam and to use nearly identical websites and strategies for targeting their victims. And blockchain data demonstrates that at least one of the “legitimate” Zhongteng-affiliated exchanges, MEXC Global, has accepted millions in illicit proceeds from at least two known Zhongteng scams.
The masterminds behind the Colorado cons prefer that their victims pay them with stablecoins, blockchain tokens that are (in theory) backed by real-world financial assets like cash, US treasuries, and other liquid, stable assets. A stablecoin’s value is supposed to stay relatively constant, so that one Tether token, for example, is always worth $1. Tether, the largest stablecoin distributor, as measured by market capitalization, has more than $91 billion worth of tokens in circulation. Stablecoins are easily transferable and subject to little regulatory oversight. Scammers favor them for exactly these reasons.
Regulators have highlighted the potential risks posed by stablecoins. Last year, prosecutors from the Southern District of New York took over a long-running Department of Justice investigation into Tether. Wyominh Senator Cynthia Lummis recently called for Tether to be investigated for financing terrorism and enabling violations of US sanctions against Russia and terrorist organizations like Hamas.
“We cannot allow dollar-backed stablecoin providers outside the United States to have the privilege of using our currency without the responsibility of putting in place procedures to prevent terrorists from abusing their platform,” said Deputy Treasury Secretary Wally Adeyemo at the 2023 Blockchain Association’s Policy Summit. “And we cannot permit offshore financial services providers to use jurisdiction-evasion tactics to avoid complying with our laws.”
Once the scammers have their victims’ stablecoins, it’s time to launder them. After Roger transferred his tokens to BitPlus, the funds were transferred through multiple crypto addresses—which were easily tracked through blockchain explorer services that draw on public data. Ultimately, Roger’s laundered coins landed in two well-known exchanges, Binance and MEXC. Binance, the world’s largest cryptocurrency exchange, received at least $15 million from the BitPlus scam; MEXC received around $4 million. (BitDogex, the previous Zhongteng-associated scam one of us identified, transferred $13 million of illicit proceeds to the Zhongteng-affiliated MEXC exchange.)
Cryptocurrency exchanges claim to maintain Know Your Customer and Anti-Money-Laundering programs to promote investor confidence, and that they retain teams of investigators to ferret out bad actors. But the actual sophistication and resourcing of these programs varies widely. That makes it exceedingly hard to gauge whether a given exchange is pursuing genuine financial transparency, or using the reassuring language of internal oversight as a fig leaf to cover widespread fraud. Many crypto exchanges are in the habit of looking the other way at suspicious movements of crypto. Binance recently admitted to facilitating money laundering by a wide range of bad financial actors, from child pornographers to drug cartels to terrorist groups. As a result, the company has agreed to pay more than $4 billion in fines, and to undergo stricter monitoring from the US government. Its CEO resigned and faces time in US federal prison. The company may face additional charges in the future.
Some exchanges seem to know that these WhatsApp investment groups are engaged in shady activity. Roger says he initially tried using Coinbase to send funds to BitPlus—but Coinbase representatives thought that the transaction looked suspicious and denied the transfer. He called Coinbase customer support, which also refused. He says he then went to Crypto.com, the exchange that’s emblazoned its name atop the Los Angeles Lakers’ arena and commissioned those “fortune favors the brave” ads that Matt Damon might prefer you forget. Crypto.com was also hesitant to approve the transfer. “We strongly encourage you to read the scam awareness guide,” a customer support rep wrote in a chat. “If you would still like to send funds to this external wallet address, please provide us with your written consent that you understand the risks and take full responsibility for your transfers.” Unfortunately, Roger chose to go forward.
Between the scams we’ve examined and those unearthed by other news outlets, companies known to be associated with the Zhongteng Accounting Co. network have been accused of stealing at least $270 million. And this is likely a significant underestimate, given that we only have data for three of the 91 MSB-licensed entities registered to Zhongteng in Colorado.
Still, the overall trendline is clear: The cryptocurrency industry has made it much easier for criminals to defraud unwitting investors and launder the proceeds of their crimes. The combination of unregulated stablecoins and lax financial controls at exchanges enables the perpetrators of these schemes to bypass key protections in the mainstream financial system.
People are swindled for all kinds of reasons and with varying levels of sophistication. Some of the Colorado scam’s victims, like Roger, received warnings that they were going down the wrong path. But greed and the promise of free money are powerful motivators, and these scams work on the perception that they are bringing smart people into the inside of something exclusive that other smart people know about. It’s a club, and now you can be part of it.
But the club is not what it seems. “It may seem like there’s others going in there with you,” Roger said. “But in all likelihood, it’s just some bot.”
