JPEX Event Security Report: 28 Associated Addresses to Watch Out For

Author: Web3Traveler

The recently concluded TOKEN2049 event showcased the vibrant world of Web3, while also revealing lurking crises for practitioners in certain aspects.

On September 13, the first day of the conference, the booths were bustling, but after the Hong Kong Securities and Futures Commission (SFC) issued an announcement that evening, silence fell instantly, and by the next day, the booths were deserted. The announcement pointed out that the cryptocurrency exchange under JPEX had not obtained the necessary licenses and had not submitted a VATP application. This news attracted widespread attention, and since then, JPEX has experienced difficulties in withdrawals. Meanwhile, users have been reporting to the police, with the number of affected investors exceeding 1,600 and the amount involved approximately 1.2 billion Hong Kong dollars.

According to Senior Superintendent Kong Hing-hun of the Hong Kong Police Commercial Crime Bureau, JPEX is suspected of conspiracy to commit fraud, actively promoting so-called services and products to the public through advertisements, social media, various platforms, and influencer KOLs, touting "low risk and high returns" to attract investors. This incident has drawn significant public attention and further highlights the urgency of compliance and risk prevention in the cryptocurrency industry.

Last night, I noticed that the OKLink on-chain security team had taken notice of this incident and issued a detailed security report, collecting relevant information based on publicly available data and analyzing the flow of funds involved. After research and data mining, the following preliminary analysis results were derived based on existing public information:

1. Timeline Restoration

JPEX is a centralized exchange that was named by the Hong Kong SFC on September 13 for not being licensed and for having suspicious promotional methods. Subsequently, JPEX users reported being unable to withdraw their assets, and the incident is still unfolding. Based on comprehensive media reports, the timeline of the entire event is as follows (all times are in Beijing time):

● Around 5 PM on September 13: The Hong Kong SFC warned JPEX "unlicensed"

● Around 6 PM on September 13: JPEX stopped withdrawals

● Around 6:30 PM on September 13: JPEX issued a response, claiming the SFC was maliciously suppressing them

● Around 1 AM on September 14: According to social media user feedback, JPEX withdrawal limits were restricted to 1,000 USDT, with fees as high as 999 USDT

● Around 1:30 AM on September 14: JPEX allegedly began transferring assets

● Around 3 PM on September 14: At the TOKEN2049 venue, JPEX's booth had no staff

● Close to 4 PM on September 14: In the JPEX user group, some users claimed JPEX was still operating normally (referring to the ability to withdraw 1 USD, and the app had not stopped running)

● At 5 PM on September 14: Regarding JPEX users' claims of being unable to withdraw funds and that JPEX had raised the withdrawal limit to 1,000 USDT with a withdrawal fee of 999 USDT, meaning users could only withdraw a maximum of 1 USD, the SFC stated to the media that it had referred the matter to the police for follow-up

● At 7:30 PM on September 14: JPEX responded that users with urgent withdrawal needs could fill out a form to apply for "priority withdrawal," and reduced the withdrawal fee to 980 USDT

● At 8:30 PM on September 14: Anonymous tipsters reported that JPEX's "Blockchain Building" was deserted

● At 10 AM on September 15: JPEX users reportedly received scam messages (after submitting the "priority withdrawal" form, they were asked by the platform to "invest 30% first to withdraw the full amount"), and the Hong Kong police launched an investigation

● At 1:30 PM on September 15: Taiwan's BitoGroup issued a statement, clarifying that its exchange BitoPro had no business relationship with JPEX Group and its subsidiaries

● At 5 PM on September 15: JPEX stated that withdrawals had to wait for a response from the SFC, which later indicated it had never contacted JPEX

● In the evening of September 15: The Hong Kong police stated that the Commercial Crime Bureau was following up on the incident and called for complaints related to JPEX to be reported electronically

● At 10 AM on September 16: The Commissioner of Police, Siu Chak-yee, stated that 83 reports had been received regarding the JPEX case, with an amount involved of approximately 34 million Hong Kong dollars

● In the evening of September 17: JPEX announced the removal of all trading from its financial management page

● In the morning of September 18: The Hong Kong police arrested Lin Zuo, suspected of being involved in the JPEX case, who had actively promoted JPEX to the Hong Kong public

● On September 19: The police arrested 4 men and 4 women on charges of "conspiracy to commit fraud," and another 7 arrested individuals were granted bail pending trial, required to report to the police in mid-October

2. Discovery and Marking of Related Addresses

Through comprehensive analysis of on-chain data and user complaints, the OKLink on-chain security team successfully identified other addresses related to the platform and marked 28 verified related addresses with a "scam" label to facilitate the prevention and monitoring of the flow of involved funds.

(Platform-related addresses - labeling situation)

3. Analysis of Fund Accumulation in Platform Addresses

Based on the platform addresses, the OKLink on-chain security team conducted an in-depth analysis of the fund flows of key addresses, identifying the accumulated funds and transfer records of critical addresses. The analysis indicated that as of September 19, 2023, the total balance of JPEX's on-chain addresses was approximately 9.686 million USDT, distributed across 19 different blockchain addresses. Among them, the top two addresses for fund accumulation held a total of 5.244 million USDT, accounting for 54%, with funds relatively concentrated.

The fund accumulation situation for addresses with balances greater than 10,000 USDT is as follows:

4. Tracking of Fund Flows

Based on observations and analysis, since September 13, JPEX platform users have been unable to withdraw normally, which may have led to significant fund outflows thereafter. After the transfer of funds from JPEX's on-chain addresses, as of September 19, approximately 5.274 million USDT remained on-chain. Among them, 5.11 million USDT was concentrated across 8 blockchain addresses, while the remaining funds were stored in smaller amounts across multiple blockchain addresses, with some funds already transferred to exchange accounts.

The association of funds in JPEX platform addresses is as follows:

Some fund flow diagrams are as follows:

The above content does not constitute investment advice and is for sharing purposes only. When engaging in on-chain interactions, we as users need to not only enhance our awareness of prevention but also pay attention to the underlying reasons, understand the principles and context involved. Thanks again to the OKLink security team for their report on this incident, which is worth our repeated reading and learning.