Scams Masquerading as Hacks: A Crypto Plague — The ZBexchange Case

Crypto fraudsters have developed a very peculiar brand of scam.

Crypto fraudsters have developed a very peculiar brand of scam.

Pretending their project has been a victim of a hack, they buy themselves time to scurry away into the sunset with the silverware

Last year, while busy databasing crypto crimes, I came across a hack.

As is the procedure, I dove into it to try and understand what went down and produce a detailed breakdown for our crypto crime database — that we made public so that security researchers could freely use it.

The ‘hack’ occurred on August 2nd, 2022, wiping out $5 million from the crypto exchange ZBexchange, which has been operational since 2013, initially known as CHBTC.com and launched in China.

The hack was reported in newspapers as such.

But by the time I looked into it, one month and half later, it was hard not to suspect that no hack actually took place.

That the hack was no more than a smokescreen for an exit scam.

With terrible consequences for ZBexchange users who were left by the thousands locked out of their assets.

This story is not a one-time type of event.

Earlier this year while reporting the worrying trend of scammy projects using the legitimacy of crypto security auditors like Certik, and Hacken to hide in plain sight, we discussed how DeFi AI used the very same fraud technique, even down the the very verbage used by ZBexchange to announce the fake hack.

In this article, we have chosen to rewind a bit in time and explore, as a case study, how the ZBexchange exit scam — still widely reported as a hack — unfolded.

The “Hack”

Source: ZBexchange website

On August 2nd, 2022, the self-dubbed ‘World’s Most Secure Digital Asset Exchange,’ ZBexchange, took to Twitter to announce, amidst an onslaught of hacks during the 2022 Summer, that there was a need for temporary maintenance, and withdrawals would be suspended.

Source: ZBExchange Twitter

Few hours later, a new announcement is made about the “failure” of their “core applications.”

Source: ZBexchange twitter

Which in the crypto twitter language, used by crypto firms, clasically means “We have been hacked,” but we won’t admit to it.

The next day, Blockchain security firm Peckshield picks up on it and reports a wallet drain of almost $5 million.

Source: Peckshield Twitter

The genius of the whole operation is that they didn’t even need to say we have been hacked, for dozens of article to be published by highly respected crypto newspapers such as Coindesk and Cointelegraph reporting the ZBexchange situation as a hack, and explaining away why their users couldn’t withdraw their funds no more.

If you were here during the summer of 2022, you will probably remember that it was the summer of hacks. Just days before the ZBexchange “hack”, the space was hit back to back by hacks that wiped out more than $200 million from the space.

So it was easy for the ZBexchange hack to be lost in the noise, and soon to be forgotten.

And that’s exactly what happened.

By the time, I went to look into it, the ZBexchange had been long forgotten, their users were drowning in despair, although the red flags were already there just days after the “hack.”

The Red Flags

The Initial Red Flags —

Red Flag #1 — Since the “hack” no more Twitter post or reply where coming from the ZBexchange team when they used to post about every 2 days.

You will have to take my words on that, and for what will follow.

I stumbled upon the story, and subsequently their Twitter account just one day or so before their Twitter account was suspended.

Source: ZBexchange Twitter Account

Probably due to mass reporting by ZBexchange thwarted users as many of them were actively trying to deplatform the app by flagging it.

No explanations were given by ZBexchange on why their Twitter account was suspended on their Telegram page.

The screenshot from their Twitter account were taken by me just before all disappeared.

Red Flags #2 — No “hack” post-mortem was posted on either of their platforms in the following days and weeks.

Not every Web3 firms who has been hacked publish a post-mortem, although it is part of a Web3 etiquette of sort, nevertheless, when the hack implies withdrawal being suspended for an indetermined amount of time, it is a non-negotiable due to their users.

Red Flags #3 — Apparently deposits were “reallowed” not withdrawals. Theory being that they never actually stopped the deposit function.

Source: Twitter

Red Flags #4 — No more activity on Linkedin since the hack — you will also have to take my words on this one since their Linkedin page was taken down.

Source: ZB exchange Linkedin — Screenshot taken in September 2022

Mails and messages were also left unanswered, reported then ZBexchange users on the company’s Telegram.

Red Flag #5 — Although they keep updating their website announcement page (up to November 2022) not a word had been said about the return of the ability to withdraw. No ZB executives came forward to speak about the situation.

Red Flag #6 — Their Telegram account was a sight to behold. The person in charge then, “Hayuze”, either gaslighted, ignored, deflected, or banned community members in the name of “fud” or served unhelpful “Soon Sir” to anyone asking for their funds.

Anyone looking at that would have a hard time not alleging that there was not ever any maintenance taking place and no hack even remotely happened.

All just looked awfully like a sham.

ZBexchange, Shaddy Business and Shaddy Execs

This, of course, invited a deeper dig into what ZBexchange was.

Trying to find intel about the people behind the exchange, I stumbled upon this thorough report made by Hacken back in 2018 about ZB exchange having allegedly engineered trade volume performance.

TL;DR: ZBexchange faked trading on its platform and engaged in wash trading as well.

What of ZB executives then?

By the time of the hack, the CEO Omar Chen had already quit his post in June 2022 to become “A Freelancer in Dubai “tired and willing to retire,” as he reported himself on his Linkedin account that has since then disappeared.

Source: Omar Chen Linkedin

No news of a newly appointed ZBexchange CEO has been announced since then.

The vice-president Aurora Wong seemed to has been active as ZBexchange VP at least until August 5th, 2022 — 3 days after the “hack” — as proven by an article about her taking the stage on August 5th, 2022.

Right Pic — Source: ZBexchange

Side Note #2: Of this article seems to only remains this screenshot. It seems it was taken down after we used it as a proof of her activity as ZB VP post “hack” back in September 2022. I completely forgot to store the link to this article, probably thinking back then that I could find the link to it if needed though a simple google search.

All mention of her activity as ZBexchange VP has apparently been wiped out from her Linkedin profile, in her experience area and personal post about it were taken down. Since the ZBexchange “incident” she has also been tightly lipped on this platform, with no activity recorded except a like in a post in 2022.

Source: Aurora Won’s Linkedin

Her last recorded activity was as a speaker at the AIM Summit in DUbai in November 2022.

Source: Crunchbase — Screenshot taken in September 2022

Like ZBexchange ex-CEO Omar Chen, she is apparently now based in Dubai.

Omar Chen and Aurora Wong were the faces of the exchange in the years before the “hack.”

Now, just for the fun of it, I also digged into Jimmy Zhao, co-founder of the exchange.

I could trace back his activity with ZB at least until 2018 when they developed their activities in Malta, the same year he opened a new exchange ZBX in the very place.

Unsurprisingly, he doesn’t refer to his past as a founder of one of the oldest crypto exchange on his linkedin page, and also lives in Dubai.

Very peculiar additional piece of news though.

In 2022, there were at least two news report about him becoming an @infosgmchain advisor for Blockchain platform SGM Chain. He was quoted in those articles about his thoughts on his new job: “As a contributing strategic advisor to SGMCHAIN, Jimmy Zhao said, ‘I am confident that SGMCHAIN, with the leading blockchain Mainnet now recognized universally and officially for its rigorous and secure blockchain solutions such as DID, the NFT market, and Metaverse will become the leading global blockchain ecosystem. I look forward to actively advising and supporting investment and global growth strategies.’”

Issue is he was never ever recruited as a SGM Chain advisor.

And SGM Chain made a point to share this information on every social media platform they owned.

Detect exploits and prevent losses in real time, protect against security, governance and financial risks.