Money Changers that Front as Tech Companies (Part 2/2)
One can literally see big-name trading firms in the US, UK, Singapore or Hongkong taking in stolen victim funds from pig butchering scammers for cleaning.
This is a continuation of the discussion in Part 1:
Outline for Part 2:
Decentralization is the Word
DEXsters
Decentralization in Practice
The BTC bridge
Matchmaking is done on their servers
They choose their market makers and offerings
Voting through a “DAO”
Non-public relayers
Functions only through an app
The Word, Again
A Personal Eulogy
***
Decentralization is the Word
Almost every time someone or some organization says that their thing is ‘decentralized’, they likely mean that their thing is spread out to so many computers around the world, such that it is impossible for them to control their thing, and that they cannot control who uses their thing. Therefore, they cannot be responsible for bad actors using their thing. What a wonderful thing! If so. You might notice though that they still have to continue supporting it for the thing to work at all, and that they are still developing, investing, and even profiting from it.
In decentralized finance a.k.a DeFi, financial services are ideally automated without any third-party intermediary. Exchanging assets, sending payments, borrowing, derivatives, insurance, etc. can arguably be completely automated by using freely accessible programs on the blockchain network. Under this conception, the people who push such blockchain programs out into the network are mere software developers writing code and not providing financial services.
However, upon closer examination, the people behind many so-called decentralized blockchains, tools, and blockchains aren’t quite limited to just writing code.
Take for example Tron (blockchain), a payment network covered in a previous post.
Take for example Tornado Cash (tool), whose developers are alleged to not just be writing code but also conspired to run a business based on their creation (as anonymous relayers or “privacy enhancers”)1.
Take now for example Tokenlon (exchange). This will be an exercise in peeling off claims of decentralization.
DEXters
Decentralized Exchanges, or DEXs, run on smart contracts to execute trades directly between users, or more precisely, between wallet addresses. This means that users maintain custody of assets at all times; his asset was swapped in situ. Supposedly, no third-party entity temporarily holds or takes custody of the assets to be traded. Normally, any such entities would have been obligated by society to check their customers’ identities (Know-Your-Customer or KYC mandates) and stop the furtherance of any crime, being in such positions of trust and power.
DEX swaps are pseudonymous since no personal information or off-chain metadata is exchanged. In decentralized finance, the only KYC info needed is one’s wallet address. This fact really makes DEXs attractive to people avoiding KYC and in need of exchange services, like turning BTC and ETH into good-as-cash USDT. It is somewhat doubtful that it’s the “un-banked” masses with no acceptable IDs that are forming the bulk of legitimate demand for swapping cryptocurrencies on exchanges.
Should it be surprising that pig butchering scammers use DEXs like Tokenlon so much? Along with the convenience and utility, there is no need to give out personal information to use of Tokenlon. Meanwhile PBS victims and investigators who approach Tokenlon for help are invariably met with unhelpful responses. The refrain by Tokenlon is that they are a decentralized exchange or DEX and that they do not take custody of funds, so they cannot help.
When Tokenlon say they are decentralized, they imply, among other things, that they do not need to ask for KYC, because such requirements are inapplicable to DEXs like them.
Decentralization in Practice
If being decentralized is a spectrum, Tokenlon is quite far from being one. Tokenlon isn’t quite decentralized for at least six reasons that anyone can see, to be explained: 1) they operated a custodial BTC bridge, 2) matchmaking is done on their servers, 3) they choose their market makers and trading pairs, 4) its governance is concentrated, 5) they use private relayers, and 6) Tokenlon is almost only used through the wallet app by the ImToken company.
1) BTC bridge
While Tokenlon swaps on the Ethereum blockchain are non-custodial, i.e. Tokenlon does not hold user Ethereum assets, this is not true for their bridging service for converting Bitcoin into an Ethereum blockchain token. The BTC of users are sent to an address controlled by Tokenlon, which then issues to the user’s ImToken wallet the corresponding amount of imBTC (Tokenlon’s tokenized version of BTC on the Ethereum blockchain).
In most pig butchering scam cases where victims sent BTC, the BTC is immediately transferred to 3JMjHDTJjKPnrvS7DycPAgYcA6HrHRk8UG, which is Tokenlon’s BTC-imBTC bridge address. Many victims and investigators in the past had difficulties tracing where assets go next after BTC reaches this address.
According to Tokenlon’s instructions, up to 20 BTC (depending on spot price, $400,000 to over $1 million) can be converted into Ethereum tokens (imBTC) without triggering manual review by Tokenlon.
This BTC cross-chain service was suddenly curtailed for retail users with only 1 week notice in August 2023 and permanently ended by early 2024. Interestingly, such a momentous decision was undertaken without voting by the Tokenlon “DAO”2. Perhaps coincidentally, it came on the heels of the August 2023 news that Singaporean police arrested 10 ethnic Chinese suspects for laundering, by final tally, $2.8 billion in Singapore.
2) Matchmaking is done on Tokenlon servers
DEXs have been likened to automatic vending machines on the blockchain, where one can for example put ETH in to get USDT back out. It is doubtful however that a distributed vending machine analogy fits Tokenlon’s “automated over-the-counter desk” / matchmaking platform. Matchmaking in Tokenlon’s system3 is done off the blockchain and inside its servers i.e., not decentralized, even if final settlement of trades is done on-chain, i.e., decentralized.
Tokenlon brings buy/sell orders into their servers to find counterparties for their customers. This almost makes Tokenlon no different from competing centralized exchanges and information brokers that intermediate trades, except for the holding of assets. However, even though many other exchanges’ employees use computers and software, they don’t call themselves fully automated and “decentralized”.
One could imagine that taking Tokenlon’s servers off would stop its efficient matchmaking from functioning. Would it slow down if anti-money laundering controls were put?
Tokenlon is better called an aggregator, though with few select market makers (for definition, see next). Contrast this to the prototypical decentralized exchange, Uniswap, which runs on an “automated market maker (AMM) model”: only blockchain programs maintain the “liquidity pools” that users of Uniswap DEX trade with. Anyone can freely contribute assets to that liquidity pool in return for earning some of the trading fees. All of that is on-chain.
Note that I say ‘blockchain programs’ to mean ‘smart contracts’, and that I use ‘liquidity providers’ and ‘market makers’ interchangeably.
3) Tokenlon chooses its market makers and trading pairs
Market makers are independent players on exchanges that provide liquidity to traded assets, by being the always-available counterparty to trades. (Liquidity refers to the ease of trading an asset without affecting its market price, because lots of it are available.) Exchanges would be very sluggish without market makers, since not all end buyers and sellers of given assets may be available at all times at various price points. Hence while exchanges historically serve as physical meeting spaces for traders, market makers connect traders across time. Market makers often also trade on multiple other exchanges. They arbitrage and profit from the differences in market prices across time and place.
As seen in that Tokenlon Server, two figures above, Tokenlon facilitates user trading with an unknown but limited number of market makers. Aside from Uniswap, Sushi Swap and Curve Finance, Tokenlon does not disclose who the other market makers are. Interested market makers will have to contact Tokenlon and be onboarded, as in their technical documentation. Is having market makers apply first to the Tokenlon team done for quality control? That is Tokenlon gatekeeping the privilege of who gets to market-make on Tokenlon.
One can see in an early Tokenlon interface that some market makers are centralized exchanges themselves, like Binance and KuCoin.
As an aside: If one traces a lot of Tokenlon trades in pig butchering scams or looks at its top counterparties, one will see just a handful of trading firms, big and small, who are market-making on Tokenlon and supplying all the USDT, at tens of billions.
Now normally, market makers on traditional exchanges also have to have some KYC checks on their counterparties, to not inadvertently trade with a money launderer and clean the launderer’s money. Well, on the blockchain, one can literally see big-name trading firms from US, UK, Singapore or Hongkong directly taking in stolen victim funds from pig butchering scammers and cleaning it for them, via Tokenlon.
One has to wonder that with the one-way demand for billions of USDT that each of these trading firms are giving away to a small, unknown exchange in Asia, if they ever wondered why. They certainly have the budget for due diligence.
Along these lines, only a few cryptocurrency trading pairs are available on Tokenlon, partly because of who the market makers are on Tokenlon. Certainly, what trading pairs gets listed on Tokenlon is under Tokenlon’s control. The initial trading pairs on Tokenlon were curated by the Tokenlon team, and later pairs were added by Tokenlon upon DAO voting results. The DAO finally voted to delegate listing of pairs to the team following approved criteria.
4) Tokenlon Decentralized Autonomous Organization is tiny, and some members are whales
Notably, only a tiny, tiny fraction of all Tokenlon governance token holders —the Tokenlon DAO— participate in the voting of 40 Tokenlon Improvement Proposals to date. They averaged less than 80 voters per proposal. In any case, all DAO proposals have to be proposed, and decisions had to be implemented, by the Tokenlon team. Otherwise, they remain as mere opinion polls.
And some voters are whales (own disproportionate amounts of Tokenlon governance tokens, or shares) that makes them have the real say. They must be early investors, supporters and market makers known to the Tokenlon team.
5) Tokenlon has non-public relayers
Just briefly, relayers are used by blockchain protocol developers to subsidize gas fees for users of the protocol, to help promote it. Relayers pay for user gas fees to help successful trades. Like Tokenlon market makers, relayers are reimbursed from Tokenlon’s trading fees, as shown in the tokenomics model of LON below, affirmed and supplemented later by small DAO votes (36 participants). The tokenomics of Tokenlon will not be discussed here, but their own diagram is below.
If relayers are necessary for Tokenlon’s operation, there is no visible way for members of the public to become one of its relayers. Likely, current relayers are also parties known to Tokenlon, if not the Tokenlon team itself. It is also not apparent how anyone would want to be a Tokenlon relayer if there were no financial rewards.
6) Tokenlon functions only through ImToken.
The need for a centrally hosted website or app interface is a common counter to decentralization of DeFi protocols, including of Uniswap. It is possible, with enough technical proficiency, to directly call a protocol’s smart contracts on the public blockchain and bypass the centrally hosted website. However, this presents a high enough barrier for most crypto users that, in practice, virtually everyone uses pre-existing solutions.
Tokenlon does maintain a public interface that is accessible from other cryptocurrency wallet browsers. But using Tokenlon only makes sense through the ImToken app. The ImToken wallet app gives access to useful Tokenlon operations not available from outside the app, like: 1) the Bitcoin bridge service, as in above, and 2) the sending of swapped tokens to other wallet address, rather than back to the original address, as with most other (mainstream) crypto wallets.
Note: ImToken is a regular software development company. Its team maintains and regularly updates the features of their app, including the Tokenlon integration.
It is with these functions that scammers use to try to confuse crypto tracers, as crypto would go through a series of smart contracts and market makers. They even appear to sometimes even ‘wash’ their crypto back and forth by swapping it into various ETH tokens, ETH, imBTC, DAI, wETH, etc, to finally USDT, through Tokenlon.
The Word
Tokenlon is far from being popular and is just one of among more than 250 DEXs existing at this point, but it is disproportionately used pig butchering scams since 2021 and on, likely because of ImToken. Much of these are old news by now, as other blockchain investigators have earlier called out Tokenlon and its market makers / USDT suppliers (here and here). But the abuse of the term ‘decentralized’ as a regulatory shield still needs to be called out and hammered again and again, especially in nascent financial regulatory regimes in Asia.
Recently, other DEX developers physically operating in Southeast Asia (though officially incorporated in elsewhere offshore) have been used in pig butchering scams, like SWFT AllChain Swaps.
Crypto platforms have to balance minimizing criminal use while making their services customer-friendly. Unfortunately, many claim decentralization seemingly to absolve themselves from obligations and liabilities. Various regulatory bodies around the world have long taken positions that DeFi projects are not exempted just by name. There is a need to clarify what counts as decentralized and what ought to be expected from services that claim to be DeFi, to prevent them from becoming natural havens for criminality. Consider the billions demonstrably laundered through Tokenlon, enriching it and its market makers, as an example of an undesirable result of a DeFi experiment and a logical outgrowth of exempting DEXs from all regulations on what essentially is a traditional financial activity.
(Singaporean authorities hopefully have noticed. The Monetary Authority of Singapore had put the ImToken company on its investor alert list for lack of regulatory licenses, and have rolled out amendments to its Payment Services Act regulating money transmitters to include cross-border crypto transmitters.)
As seen with Tokenlon, the narrative that regulations are inapplicable to DeFi should be critically examined, as decentralization often ends up being a façade. Pig butchering scammers are using Tokenlon and other DEXs not because they are decentralized, but because they are unregulated.
***
Part 3 in this series should have been this, which probably went over many people’s heads the first time. Perhaps now it’s more understandable:
***
A Personal Eulogy
I’d like to put in here a personal eulogy of a fighter against crypto scams and pig butchering scam syndicates, who everyone should know: Miffy Chen. The world shockingly lost this hero.
She was really just beginning, yet she has already done so much-- in cracking crypto cases, raising awareness of scams, and repatriating and helping human trafficking victims of cyber-scam syndicates reintegrate back in Taiwan, almost all on her dime!
During our time with a nonprofit, GASO, back in 2022, Miffy was instrumental in preparing, explaining and successfully pushing lawmakers in Taiwan to budget resources for police departments to have cryptocurrency training and tools, as well as with helping judicial authorities there understand cryptocurrency cases. Taiwan, maybe even longer and more so that others, has been facing increasing numbers of pig butchering scam cases. Who knew that she just had a biology degree and background in the nonprofit sector (Justice Reform Foundation), prior to being a self-taught crypto investigator?
Her shocking loss was just too sudden, unexpected, and undeserved. Here’s an article
Crypto expert’s death to be investigated - Taipei Times
Below is a fuller accounting of her accomplishments in Chinese, as revealed now by another friend: 「反詐女王」陳梅慧國道喪命! 反詐組織成員嘆:台灣配不上她 ("Anti-fraud Queen" Chen Meihui died on the national road! Members of the anti-fraud organization laments: Taiwan is not worthy of her).
The recent US court decision lifting Tornado Cash protocol from OFAC sanctions designation shouldn’t affect the money laundering conspiracy charges against their founders.
Decentralized Autonomous Organization - a stateless, virtual community of pseudonymous Tokenlon governance token holders who are supposed to be its governing body. The ideal decentralized protocol would be community-owned, public infrastructures of finance, i.e., owned by no one / everyone.
Request-for-Quotes
you should send this to Zeke Faux at Bloomberg he follows Tokenlon's shenanigans