Note: This article was originally published on Medium but was censored. If you have experienced similar censorship then consider using WeUseCoins by submitting a pull request with your content. Credit to Trace Mayer for suggesting I repost here and continuing to be a champion of our industry with Proof of Keys.

HitBTC's response to this publication is Baghdad Bob worthy.

How HitBTC engages in selective scamming and appears to hold only a single digit percent of the cryptocurrency their order books suggest. An analysis of how HitBTC’s very structure is deliberately designed for selective-scamming and what the blockchain firms and cryptocurrency users can do to remove this blemish from our industry.

TL;DR

There are thousands of times more posts on Reddit, Twitter, and other social media platforms from individuals with funds locked on HitBTC than all other exchanges combined. HitBTC alleges these locked funds are due to "AML", but this is an outright lie. HitBTC demonstrates a single digit percent solvency.

HitBTC's wallet addresses hold a single digit percent of the holdings they should have, based upon the liquidity presented on their own platform. These Tweets provide the TL;DR evidence of HitBTC's insolvency being induspitable and extremely alarming.

HitBTC is panicking about this article as mass-exit and capitulation looms. With enough community action, we can strike the death blow and not wait for an exit scam or intervention from authorities. If you reading this (yes, you!) shares this publication, you'll most likely prevent someone from being victimized -- and might even make 2020 be the year we cure the cancer that HitBTC is to our industry.

Preamble

HitBTC presents themselves as an “innovative” exchange offering extensive (misleading) claims regarding their security, solvency, and history. To those not doing deeper due intelligence, HitBTC would appear to be an exchange that offers competitive trading fees, easy registration (with no KYC requirement), listings of coins found in few or no other places, and high liquidity/trade volume — and while all of these will be dissected later, the core point to start is that it’s no wonder that a consequence of the 2017 bull market was an influx of individuals seeking to trade on platforms that (purportedly) demonstrate those attributes.

Late 2017 onward, the blockchain industry has had it’s public perception and confidence consistently under assault by countless instances of fraud, including many large scale exit scams — some of which included exchanges. By now, most are familiar with the QuadrigaCX fiasco — in which the alleged death of the exchange’s owner resulted in the sudden loss of access to custodial assets. As an analyst, the QuadrigaCX situation presented two realities to me most may overlook:

1: Even if QuadrigaCX had not been insolvent (which they were), exchanges will claim to be solvent and expect their unverified word on this to suffice.

2: Exchanges will claim to be secure, even lying about use of multisig .

Most even loosely involved in cryptocurrency, by now, have the wherewithal to realize that involving themselves (or, specifically, their assets) with anonymous teams is a recipe for disaster. Nearly everyone is aware of situations like Bitconnect, one of many examples of an anonymous team ultimately making numerous unsubstantiated claims (such as having a “trading bot” that created the alleged profit for investors) that ultimately proved to be untrue.

While having public-facing team members does not warrant a blank check of perception of legitimacy for blockchain projects (if QuadrigaCX is any indicator), by now, it is certainly well understood by many in the industry that if a team is anonymous, there is almost certainly rough times ahead.

Not all coins with anonymous teams are scams, but most scams have anonymous teams. -- Reza Jafery

Purpose of this publication

HitBTC is the longest-running and potentially largest scale criminally fraudulent entity to ever exist in the blockchain industry. It is my assessment the only reason HitBTC has been able to enact their scheme is due to being a “wolf in sheep’s clothing” in an environment where people don’t ask enough questions.

The purpose of this publication is to educate the public and ultimately serve as a call to action for cryptocurrency users and the wider blockchain industry. While I wish I could say these issues will end with HitBTC, the reality is they won’t; HitBTC is one of many examples of entities in the blockchain industry that must be eradicated, whether via being made irrelevant by consumer decisions, intervention from authorities, legal action, or some combination thereof.

That said, solving the HitBTC problem sets a precedent for preventing the likelihood, frequency, and scale of similar problems in the future. While the bear market has done wonders in weeding out many scams and shitcoins, it has not weeded them all out — and a potential future bull market is an enabler for these problems to recur, potentially in larger scale. However, if the industry and general public won’t stand for HitBTC now, similar future fraud is made more difficult in the future.

As a firm believer in blockchain technology, I often compare the current state of our industry to the internet in the early-to-mid 90s.

In the early/mid 90s, many people simply didn’t feel safe on the internet. Fraud was rampant, and the perception was that little would be done in instances of fraud. Much like cryptocurrency is described as the “wild west”, the internet was perceived in the same way. Many events, initiatives, and circumstances took place to overcome this barrier, some of which included better training for law enforcement, regulation, industry leaders establishing initiatives and best practices (beyond the scope of what they were forced to do) and consumers speaking with their money. Every category just described fits snugly with the modern blockchain industry and things that will need to take place prior to mass adoption.

It’s not 2011 anymore. Let’s pretend we’ve been an industry for a few years and do a little self-policing of ourselves and our businesses.

This article is going to call out a slew of misleading statements, namely under the categories of AML/Risk/Compliance, HitBTC states as justification freezing customer withdrawals when, in reality, nothing substantiates this. I’ve already established a track record for calling out Wall Street Journal journalists for LARPing as “investigators” — so it’s fitting to call out HitBTC staff for LARPing as proficient in fighting fraud and laundering… especially when they enable it and conduct it themselves.

To the theme of the above, I operate on a level of objectivity that is required in my role as an investigator. When the facts presented in, for example, the ShapeShift/WSJ fiasco were what they were, I presented them as such — ultimately, defending ShapeShift. If the facts regarding HitBTC (or any other entity mentioned or otherwise described in this publication) are what they are, well, my analysis will be what it is. Point being: if HitBTC was able to factually demonstrate rebuttals to subjects addressed in this publication or elsewhere, my stance would change. Spoiler: HitBTC isn’t going to do that.

This article is not representative of any other entity I am affiliated with; all views expressed are mine and mine exclusively. I’m glad I’m getting this out of the way, because HitBTC isn’t going to be the only one having some truthbombs dropped upon them.

This article is also not about any direct or anecdotal experience I’ve had with HitBTC. The contents of this publication are based upon publicly available information as well as my personal assessment as a blockchain, forensics, security and investigative professional — no confidential or private matters are the basis for this publication.

HitBTC’s “Perfect Crime”: How?

No crime is “perfect”, but there are numerous characteristics of HitBTC (as an exchange, entity, and team) which, combined with the current environment of the blockchain space, have enabled this mass-scale fraud to be made possible. So what would entice a potential cryptocurrency trader to register on and use HitBTC? How many cryptocurrencies are listed on HitBTC and why? What transparency does HitBTC show and what does the industry need? What standards does our industry need, and how does the “average person” help the industry in reaching those standards?

Volume and Liquidity:

"It is also easy to show that HitBTC volume is almost entirely fake." — Bitwise’s report

HitBTC’s reported volume on CoinMarketCap and similar websites demonstrate what seems to be too good to be true metrics, which has fallen under scrutiny from other analysts. While I could write extensively further on this topic, Bitwise’s report (as well as HitBTC’s predictable buzzword-filled response that didn’t provide any evidence-based counterpoints) speaks for itself. Predictably, no external audit or verification of HitBTC’s volume has been conducted, and you can rely on that never taking place.

Trading Pairs and Listings:

HitBTC offers over 800 trading pairs, which combined with (alleged) high volume and liquidity is an attractive aspect for obsessive day traders. Digging deeper, though, demonstrates this quantity of trading pairs isn’t to benefit cryptocurrency traders, but for HitBTC to line their pockets.

Of course, any exchange benefits from trading taking place on their platform — whether this is a BTC/ETH pair on a highly compliant exchange such as Coinbase, or the Bitconnect (BCC)/BTC pair on HitBTC. There is a fundamental difference between these two that must be dissected.

Responsible exchanges that have the best long-term interests of the industry in mind will never list a cryptocurrency like Bitconnect, an outright Ponzi scheme that was assessed as such well before their exit scam. It was only after Bitconnect’s exit that HitBTC delisted BCC.

Responsible exchanges conduct due diligence on any asset that they may list on their respective platforms. This is why more reputable exchanges, such as Binance, did not list Bitconnect. Responsible exchanges will often periodically conduct periodic reevaluations of assets listed on their platform and delist assets that fail to maintain authentic development and integrity; point being is that even under a hypothetical that HitBTC was initially under the impression Bitconnect was a legitimate operation (which, in and of itself, would not instill confidence in HitBTC’s competence) it’s impossible to say HitBTC was naive to Bitconnect’s inevitable fraud months prior to the exit scam. Perhaps it is not surprising that an anonymous team had no hesitation in listing an asset generated by another anonymous team.

Responsible exchanges will not list scam assets like BCC not only because they have the long-term interests of the industry in mind, but they also care about their customers. Even though some of their customers may want to profit in the short term by trading these shitcoins, the responsible exchanges don’t want their customers to lose their money (which it will always be the case that more lose than gain with scam coins) — or at least not on their platforms.

Responsible exchanges will not be blinded by the short-term greed of obtaining profit via trading fees. This is a responsible stance that cryptocurrency traders and the entire industry should reward responsible exchanges with by giving them business — and should punish irresponsible exchanges by not giving them business.

This isn’t limited to just trading fees, though. Much public controversy stemmed from listing fees, even for reputable exchanges like Binance. HitBTC is alleged to charge $250K for a listing in this document — which may seem extremely expensive, but considering that:

1: Larger exchanges, at the time, were often charging seven figures

2: Shitcoins could easily raise eight figures or more during ICO alone, rendering a $250K cost to “check the block” of an exchange listing negligible — and instead of dropping $2M+ on, say, a Binance listing (presuming the project would even pass Binance’s due diligence, which is unlikely) this enables the shitcoin ICO to simply pocket more money

3: HitBTC’s publicly presented volume would seem extremely attractive to any project, legitimate or illegitimate, for that price

4: The general public tended (and still tends) to not heavily scrutinize which exchanges cryptocurrencies are listed on, as (at least for the day-trading types) they simply want to trade their shitcoins

Obviously, a $250K cost to list does not reflect an amount of work an exchange is doing to implement any cryptocurrency. HitBTC conducted aggressive outreach to projects to close as many of these listings as possible with little or no due diligence on them — in short, listings on HitBTC were an easy way to make a ton of money for next to nothing. HitBTC takes it a step further with some legal word-twisting: it’s not a “listing” but an “integration”, making it somewhat easier to delist (or, more accurately, threaten to delist for erroneous reasons/extort) projects that were foolish enough to pay HitBTC once.

HitBTC isn’t alone here: LAToken conducts similar actions, with an even more aggressive outreach campaign consisting of numerous “Business Development” staff shotgun-blast cold-messaging team members on Telegram in attempts to get these projects to list on their platform; ironically the same methodologies that impersonation scammers have utilized to defraud individuals and businesses of tens of millions of dollars. Who can blame them — after all, why conduct reasonable safeguards to combat fraud such as correspond via properly configured email when there is cash to grab?

A message regarding listing my token’s IEO on LAToken (I’m not the founder of any token, despite being an adviser for some projects.) This productive member of society wanted to list “my” token on LAToken — well, more accurately, this was an impersonation scammer from Nigeria, but LAToken staff conduct outreach in the exact same initial way.

LAToken has listed numerous projects that have soft-exited, and that anyone with a shred of investigative talent would have predicted as doing so with a few hours of due diligence prior to executing a listing agreement. While LAToken is a notable mention regarding “industry problems”, HitBTC is still, by far, the historical worst offender. LAToken is merely cited as an example because they do have a public-facing team, and the point should be made that even exchanges with public-facing teams will happily list shitcoins (primarily inevitable soft-exits) to line their pockets. This problem won’t go away with HitBTC.

Every time a project exit scams (whether outright exit scam or soft-soft-exits), it turns off many people from the blockchain industry as a whole — whether those that experienced financial loss or their circle. Platforms like HitBTC and LAToken directly and indirectly enabled these losses and set our industry backward (in many ways, but specific to this topic) by listing these shitcoins.

Key takeaway? Exchanges that demonstrate scrutiny of what assets they list have both the industry and your best interests in mind. Exchanges that conduct aggressive outreach and demonstrate no due diligence on projects (despite even having claims of doing so) need to be made irrelevant.

Public-facing

Would an appropriately managed and non-fraudulent exchange require a team to be anonymous, or is this even a sane question to ask? Carlos Matos seems to know the answer.

HitBTC claims the reason their team is anonymous is for purposes of “security.” Somehow, entire teams from other blockchain firms, to include all executives from all major reputable cryptocurrency exchanges, seem to be fine with being public figures.

HitBTC’s old forums often had customers asking questions about this topic. It’s no mystery why their forum never quite seemed to relaunch.

Cointelligence’s inquiry to HitBTC regarding this topic went predictably unanswered. Apparently, if no exit scam has taken place for five years, or somebody doesn’t have a direct experience with HitBTC’s fraud scheme, there’s no need to answer the question posed. This sort of question-evading isn’t tolerated in politics — why do we tolerate it in our industry?

While there is certainly security risk with being a high net-worth individual (or having, hypothetically, assess to significant assets) — there have been only a handful of events entailing physical attacks upon cryptocurrency exchange staff, and typically, of smaller exchanges. Some core points here:

1: If an exchange is utilizing security practices such as multisig, such attacks are moot (in context of stealing custodial assets) anyway, entailing such (unlikely and historically insignificant) attacks to be on the individuals net worth or perhaps extortion/ransom.

2: With a “normalized” trading volume of nearly $26M USD (as per CoinGecko)for HitBTC observed at the time of writing, this would entail $18,200 in trading fees for HitBTC — on what seems to be a low-volume day. Take the nearly $335M trading volume reported by HitBTC/pre-”normalized” and you’ve got nearly $235K. Either of these figures is vastly higher than HitBTC’s daily burn rate could possibly be — all costs, to include technical and staffing. HitBTC has the money to spend on physical security if they genuinely feel they are at risk. (Protip: it’s a facade.)

3: Major figures in cryptocurrency, whether Vitalik (Ethereum) or CZ (Binance) seem to be doing just fine being highly public-facing. This is for a combination of two reasons: there isn’t anywhere near as much of a threat as HitBTC is trying to pretend there is (and, coming from a security guy that often needs to tell people they’re not being safe, that should say much) — and that ultimately negligible cost could ensure threats, actual or perceived, are mitigated.

4: Any benefit (exaggerated or legitimate) to the physical safety of cryptocurrency exchange staff is outweighed multiple times over by the risk to public safety anonymous teams pose by nature. Put simply, if one wants to get into this line of business, they should accept the fact that it’s (going to end up being) a public expectation they are public-facing.

In reality, the HitBTC team is anonymous because when (not if) the day of reckoning comes — whether that is being insolvent to a level they can’t continue the selective scam charade or it is action from authorities — nobody is willing to put their identity behind a fraudulent operation.

In fact, it’s quite possible that the anonymity is so nefariously pre-meditated that even if authorities and/or the legal system pursued HitBTC, they’d be facing a myriad of on-chain obstacles (laundering) and business structural barriers. That’s bad news for the public if true — as it means that prospects for restitution are grim: a lengthy and resource-intensive process would be likely.

There is at perhaps a small silver lining in the HitBTC peculiar structural cloud for me, since it’s somewhat less likely (based upon HitBTC’s anonymity shenanigans) I’ll be facing a lawsuit over this publication, as it would put the identity game at risk — and likely result only in HitBTC finally getting the scrutiny they deserve for their criminally fraudulent activity.

It’s not libel or slander if the statements are true and fighting fraud. Please do try to sue me, HitBTC. (It's worth noting that in the weeks since this publication went live, I haven't been hit with a lawsuit -- but I have been creeped on by some of HitBTC's "business partners." Kinda makes one ponder about how aware they are about HitBTC's fraud...)

HitBTC’s other likely retort to this? They’ll pick another blockchain project’s team, such as Monero, that is anonymous. Apples and oranges: Monero isn’t holding client funds. While this isn’t to say (either way) if anonymous teams make sense under some circumstances, in the circumstance of being a custodial exchange, it does not make sense whatsoever — unless the sense is malicious intent.

HitBTC’s other-other likely retort to this? HitBTC might claim they have had some “reps” at, for example, conferences. These reps are in no way, shape, or form in any level of control of the company (if these “reps” are even employed by HitBTC at all, and aren’t just event shills) and served only as a facade of legitimacy. These reps are no different than the Bitconnect reps present at the hype party.

KYC

HitBTC is the only centralized exchange that does not require KYC upon signup for accounts with no limitations. HitBTC claims to “encourage” users to submit KYC documents to “avoid eventual verification procedure in the future.” This is the perfect “excuse” to freeze accounts for random insistence on an initial KYC process — behavior that, quite literally, no other exchange exhibits, and is a core component in their selective scamming scheme (more on that later).

Regardless of anyone’s personal opinion on KYC requirements (a divisive issue) one thing that should unite “both sides” is this: it’s absolutely batshit insane that an anonymous team would ask for to dox yourself to them. There are no words to describe how insane not only that very request is, let alone how depressing it is that our industry hasn’t called out that insanity. recent furor regarding Poloniex and customer data, perhaps the only reason the realities of HitBTC’s KYC situation aren’t discussed is that those realities have gone on so long that it’s considered “normal.”

Imagine being asked to verify your identity by submitting identity documents to people that (want to or already) hold your money and won’t reveal who they are to you in 2019. Seriously. This is happening. This is a thing that is actually happening.

At best, HitBTC’s gathering of KYC is to assist them in determining the risk/reward in their selective scamming process: if they see a selective-scamming victim is in a jurisdiction where law enforcement and legal professionals aren’t as spun up on cryptocurrency, they’re more likely to never return the cryptocurrency. Were KYC implementations truly focused on AML, HitBTC would have low deposit/withdrawal thresholds for non-KYC’d accounts, if present at all — the fact KYC is asked for after-the-fact is an “interesting coincidence”.

And here is the golden goose, as per HitBTC’s Terms of Use:

HitBTC takes no measures to proactively enforce restricted persons from registering on and utilizing their exchange, such as preventing ranges of IP addresses from registering in the first place. While such measures obviously won’t prevent disqualified persons from registering via VPN (just ask any American cryptocurrency edgelord on Reddit about how they’re handling the Binance/Binance US situation), such measures are negligible in effort to implement and demonstrate the service’s genuine intention to enforce their Terms of Use.

I've seen on dozens of occasions prospective HitBTC users asking if US citizens are permitted to use their exchange on Twitter and Telegram. Not even once have I seen HitBTC say no. For an "exchange" LARPing as "industry standard" in compliance, you'd think they'd know the answer to one of the most basic questions. Reality: HitBTC won't tell them no because it's less selective-scam victims.

HitBTC doesn’t take such preventative measures because it reduces the width of the top of their selective-scamming lead funnel — fewer registrations means fewer potential victims. Further, I’m aware of several cases in which Americans registered on HitBTC and had funds frozen and ultimately returned (since they were influencers that caused massive PR damage) — after completing the “KYC process.” This means that American citizenship was shown to HitBTC, which would technically make them ineligible for use of HitBTC’s exchange, yet HitBTC didn’t seem to care for their own Terms of Use.

At a minimum, you’d expect HitBTC to lock their accounts for Terms of Use violation after these incidents — but that was never done, of course, since it would reduce HitBTC’s fraudulent cashflow. (In a loose sense, this example alone is technically money laundering and enabling money laundering, though, obviously, there are multiple and far worse bits of evidence already unearthed and potentially unearthed relative to this technicality.)

Withdrawal Fees

HitBTC is known for their disproportionately high withdrawal fees. Exchange withdrawal fees are primarily intended to finance the associated transaction fees, with perhaps a small percentile of withdrawal fees being seen as acceptable for the exchange to pocket as part of compensation for running their service. HitBTC’s withdrawal fees not only are grossly disproportionate to the actual transaction fees for nearly every cryptocurrency supported on their platform, but exceed industry norms, often by no joke of a multiplier.

The disproportional withdrawal fees on HitBTC are yet another attempt to funds taken from HitBTC customers. While if HitBTC was a legitimate operation, I’d simply opine that these withdrawal fees were “their business” — it’s clear that these withdrawal fees are one (of many) elements to offset the solvency issues by discouraging withdrawal and ensuring that even customers they don’t select for selective scam finance HitBTC’s fraud further.

If you’re considering depositing assets to HitBTC (and the rest of this publication doesn’t dissuade you from doing so by premise of the risk of your funds being locked for no reason), here is a handy resource that compares HitBTC withdrawal fees to those other exchanges.

Pro tip: if you’re doing the smart thing and getting any assets off HitBTC, several assets like ATB, ELE, and DOGE (DOGE mentioned due to likely having higher legitimate liquidity) may be viable routes for you.

HitBTC DOGE volume (due to customer exits) is likely to noticeably rise soon.

Solvency

HitBTC’s accounting team, doxed above.

Before delving into the selective scamming section of this publication, which is the section that will inevitably generate the most attention, it is critical to describe the issues regarding the solvency of cryptocurrency exchanges, as it directly relates to how HitBTC enacts their scheme.

It is possible to do an estimate of an exchange’s solvency status based upon known hot and cold wallets of exchanges relative to exchange volume. While this is not a 100% metric, it’s a starting point when no other methodology less an actual solvency audit exists:

Credit to Coinfirm on the above statistics.

As discussed regarding QuadrigaCX, the exchange was insolvent well before the alleged death of their founder. QuadrigaCX is not alone: many other blockchain projects have taken funds from investors or customers and used them for unauthorized purposes, whether this is exchanges taking custodial assets for their personal use or ICOs mismanaging investor funds to conduct transactions well outside the scope of the proposed Use of Funds in their whitepapers.

Both these fraudulent exchanges and fraudulent ICOs “bank on” the general public not scrutinizing them, as in order to “prove it”, one would likely need to hire both a blockchain forensics expert and an attorney to subpoena various services. Both these fraudulent exchanges and fraudulent ICOs make misleading and vague claims to mislead the public when confronted with suspicion. Having had served as an expert on numerous cases regarding suspect ICOs, I’ve described these tendencies in excruciating detail on a number of occasions that would depress anyone trying to be optimistic about the blockchain industry.

As part of the administrative team for Crypto Defenders Alliance, as well as somebody that truly desires mass adoption of blockchain technology, I continue to advocate for and applaud blockchain companies that demonstrate initiative in problem-solving instead of waiting for regulators to force their hands.

Two great examples of this are Kraken’s Proof-of-Reserves and Bitbuy’s Solvency Audit, both of which are viable methods to demonstrate solvency. These initiatives were not demanded by regulators, but Kraken and Bitbuy took time and money to make it happen because they believe their customers (or potential customers) deserve that level of transparency. You can bet that this will be a measure that exchanges that want to remain relevant within the next 3–5 years will all be taking, provided that you speak with your money.

No exchange, to include HitBTC, has an excuse to fail to execute a solvency audit. While solvency audits are not widely conducted (yet), it’s probably a safe bet that most major exchanges with good reputations would pass these audits. There isn’t a snowflake’s chance in hell that HitBTC would conduct such an audit, and the results would inevitably be highly damning.

During the last Proof of Keys, HitBTC was predictably struggling. This year is no different, with HitBTC demonstrating minimal balance relative to volume.

Bitfi executives stated “this is not like fractional reserve banking; this is just stealing your money” — and that’s more accurate.

In fact, even armchair Reddit investigators have discovered HitBTC having more of a given asset in order books than they have in known holding wallets. Part of me wishes I had the time-bandwidth to perform my own forensics, as the results would be… intriguing.

My solace is that even more ‘intriguing’ results would come from subpoenas or seizures, should that day come. (Post-publication, I performed a small amount of this sort of analysis, which is included towards the bottom of this publication as an update.)

Another possible response from HitBTC would be something to the tune of “some exchanges stake custodial funds.” There is a big difference between staking customer funds (standard banking practice) and spending customer funds — the latter depletes them and entails fractional reserve (or, more accurately, insolvency.)

Trying to think of any other possible half-hearted response from HitBTC (which feels like initiating mass ritualistic brain cell suicide), HitBTC (probably wouldn’t have thought of this themselves, but let’s address it anyway) might claim that many of their hot and cold wallets are just not publicly known for “security reasons”. This does not follow the practice of practically every cryptocurrency exchange which provides these addresses to blockchain explorer sites and other databases.

There is precisely zero security risk in HitBTC publicly disclosing their wallet addresses, particularly if their claimed utilization of multisig is legitimate. HitBTC could easily rebut this publication (as well as other criticisms and allegations against them) by verifying ownership of wallet addresses which reflect trading volume and liquidity represented on their platform.*

(*There are some technicalities here — first being that the proper way to disprove an allegation of insolvency would be an actual solvency audit. HitBTC might attempt to claim their liquidity is based upon some backend trading hence why wallets won’t reflect balances, but the disproportional assets of those balances offsets that possible excuse.)

In the current status quo, exchanges that haven’t done solvency audits are late adopters. In a more mature industry, exchanges that haven’t done solvency audits would be automatically presumed to be conducting suspicious activity — actually, they’d likely not exist at all. But it’s up to you, the exchange user, to make this expectation a reality.

So what is HitBTC doing with customer assets?

Short answer: obviously, not what they should be doing as a custodial exchange. The obvious answer is “lining their pockets” and “yoloing.” You can bet that the insolvency of HitBTC has financed lavish lifestyles for those at the top of the HitBTC scheme. Beyond that, your guess is as good as mine.

If I had the time-bandwidth, I’d probably start poking around a bit more at their cold/hot wallets. I did take a quick peek at their Ethereum wallets and noticed a disproportionate amount of interaction with the WETH smart contract — a disproportionate amount that tells me, without even comparing trading volumes, based on my extensive experience on cases of this nature, it’s pretty likely HitBTC staff have and are day-trading customer funds — poorly.

HitBTC’s operations are little more than an attempt to draw in “fresh blood” to fuel a couple of different engines: their burn rate for lavish lifestyles of those running this fraud, and the burn rates for other categories, such as for the selective-scamming victims that caused enough fear (of financial loss) to HitBTC to get their money back.

This isn’t far removed from how a Ponzi scheme like Bitconnect operated — the structural similarities (support staff, PR team providing misleading statements and half-hearted addressing of critiques, shills, and anonymous figures at the top profiting handsomely) between Bitconnect and HitBTC are certainly presented.

Every blockchain project I’ve had this suspicion about (misappropriation of funds, namely in day-trading and other forms of what is for all practical purposes gambling assets that don’t belong to them) has, once investigated, had what were once my suspicions become fact. Perhaps, in the future, I’ll do some blockchain forensics on this and share some tangibles.

Or perhaps HitBTC will send signed messages from wallets with balances appropriate for their order books...

The slam-dunk: HitBTC’s selective scamming

As shared in the prior section, there was a spike of public reports regarding HitBTC locking customer funds during Proof of Keys. It doesn’t take an investigator to see the forest for the trees here: a spike in locked funds on HitBTC during proof of keys doesn’t mean there was a spike in suspicious activity. There is no correlation between Proof of Keys and suspicious activity — unless that suspicious activity pertains to HitBTC themselves.

Brutal honesty: it shouldn’t take an extensive blog post of this nature to connect the dots for our industry. Find any other exchange with a Reddit as riddled with fraud/frozen asset complaints as HitBTC’s -- you can't. Find any other exchange with as many accounts commenting on Tweets about the same — you can’t. That, in and of itself, should’ve been exposure enough for most to suspect the reality of a selective scamming scheme.

It seems that only when cases receive extensive followup from HitBTC customers that show actual interest in filing suit or creating large amounts of public PR damage (and subsequent impact on HitBTC’s fraud revenue) that many of these “AML cases” with HitBTC are resolved. Take for instance this story, where an “AML case” had sat for five months and was quickly remedied after said case was described at a conference.

When it will impact HitBTC’s “bottom line” (if such a financial phrase is even appropriate to describe income generated from fraud), HitBTC will “resolve” the issue. Riddle me this: name one other exchange that suddenly caved after a months-long “AML case” due to bad PR. You can’t.

This selective scamming has become so frequent that Reddit actually banned HitBTC’s account. Name any other exchange that had that level of action (banned from Reddit due to complaints and suspicion) — you can’t.

HitBTC’s likely retort? “Compliance.” Don’t worry, I’ll tear that apart in a following section.

So what does getting selective-scammed by HitBTC look like?

1: It starts with a HitBTC user being unable to withdraw funds and opening a support ticket.

2: HitBTC will respond to the ticket, generally providing some vague timeline. Sometimes they adhere to the timeline and follow up; more often, they do not.

3: After the victim follows up, HitBTC may further extend the timeline, or ask for some “identity documents.”

4: The victim provides “identity documents” and then is given another timeline (again, typically resulting in the victim needing to chase them down — HitBTC is hoping these victims forget/go away.)

5: HitBTC will extend the timeline for varied reasons, such as their “security department” needing more time to review the situation.

6: If the victim continues to “pester” HitBTC, HitBTC will then respond requesting some “additional information” — such as the creation of a video or taking of a selfie, and then request further time.

7: HitBTC will then (presuming the victim continues to keep pressure) follow up with a further delay or timeline.

8: HitBTC will then (again, presuming the victim continues to keep the email/ticket chain active) come up with an additional request. I have seen dozens of examples of these requests, few of which maintained relevance to any perceivable element of HitBTC’s purported reasoning for freezing the pertinent withdrawal. (HitBTC likely has a “playbook” of these requests for stalling purposes.) Many of these requests are entirely erroneous in nature.

9: HitBTC will continue this charade until either the victim gives up, enabling HitBTC to abscond with the cryptocurrency, or until enough pressure (typically, via PR that affects their money more than the money that they’re attempting to steal from the victim) is placed. I’ve seen HitBTC continue this charade for cases spanning over eight months, and those are just the ones I’m aware of — stringing victims along with a little dose of hopium. In such examples, I’ve seen HitBTC request the same documentation multiple times — perhaps laziness in the “support representative” looking at their script of excuses to delay further.

Ultimately, this is a ploy by HitBTC to make customers get frustrated, give up, and cut their losses. Since many do so, HitBTC keeps the assets — rinse, repeat. For the minority of would-be victims that do succeed in getting HitBTC to give them their assets back, what HitBTC is actually doing is selectively scamming other customers — “robbing Peter to pay Paul”, so to speak.

HitBTC will often ask the selective-scam “winners” (those that succeed in making HitBTC believe that not returning that customer’s cryptocurrency will result in more financial loss to HitBTC than the level of assets initially stolen by HitBTC) that they refund to delete or edit their public posts in order to mitigate their PR damage. The perceived hope from “resolving” the “AML concern” is a piss-poor attempt to paint (what is in reality their) selective scamming as something it isn’t.

When positive statements about HitBTC aren’t coming from “grateful” would-be victims getting their assets back, it’s likely those positive statements are coming from fake accounts in efforts to repair a (justifiably) damaged image of HitBTC.

HitBTC’s pre-existing public responses on these topics

HitBTC published a blog post titled “Proof of Silence. Does communication matter?” — which is highly ironic, considering often the only “Proof of Silence” is their “support team’s” response to tickets from customers they are selectively scamming. Of all statements, HitBTC claiming “there are no irregularities in platform’s performance or balance sheet” demonstrates the combination of deceit and lack of substantiating evidence that one could expect from HitBTC across the board.

HitBTC includes many gems of statements in this blog post, such as that they “focus on security of the custody” — well, considering they’re unarguably insolvent, they haven’t. HitBTC further states they “haven’t been hacked” — but if “not being hacked” is the metric to be used when determining whether or not to use an exchange, this industry has far worse problems. It’s unsurprising that deceptive and malicious actors may demonstrate decent cybersecurity practices — I haven’t exactly cased many scammers or hackers that had cybersecurity poor enough to enable funds to be stolen back from.

HitBTC further suggests that “rumors and unfounded allegations are mostly spread by non-professionals or being paid for.” Par for the course, this is backed by exactly 0 evidence. Based upon the reality that HitBTC customers that are selectively scammed aren’t willing to front the costs for an attorney, I can assure you they’re not going to pay (substantial amounts, if at all) for a smear campaign. The public posts from HitBTC users that have funds locked are all very real.

Numerous public figures, such as John McAfee (like him or hate him) have spoken out criticizing HitBTC — and I find it unlikely they had financial interest in doing so. On the contrary, there are numerous posts with clear HitBTC shill accounts (click account usernames — most are suspended by now) that aim to mislead the public into thinking people have a positive perception regarding HitBTC.

Desperate times calling for desperate measures, HitBTC?

HitBTC cherry-picks “AML cases” (interesting choice of words) in their blog post, stating these cases were resolved within “3, 12, and 33 days respectively.” If HitBTC is willing to share that level of data, they should have, by premise, no issue in sharing the complete data set of quantity of “AML cases”, whether they were resolved, and dates. They won’t. Most of HitBTC's "AML cases" go unresolved.

HitBTC outright fabricates AML successes in this blog post, stating their “AML team” (which, in likelihood, barely or doesn’t even exist) “were happy to uncover posts on darknet websites advising to ‘never use hitbtc’.” As somebody with both extensive experience with the dark web and as somebody known as one of the most knowledgeable regarding cryptocurrency laundering methodologies, I’ve never seen such sentiment (avoiding HitBTC) from criminals — in fact, HitBTC is a viable laundering platform due to a lack of KYC requirement.

The only reason it HitBTC isn’t as utilized for laundering (and, rest assured, HitBTC is still statistically more presented in laundering than most exchanges) is the selective scamming — perhaps the only reason another exchange with similar no-KYC account generation such as Huobi is more favored for laundering.

HitBTC claims to not only have numerous compliance team members, but to have identified posts on dark web forums suggesting their platform is seen as too compliant for laundering. Anybody that works in AML, Compliance, investigations, or a related field in this industry will tell you that’s laughably absurd.

HitBTC states that they have seen “bad actors using fake documents or counterfeit materials for verification purposes.” While this does take place in the industry, it is nowhere near as common as HitBTC alleges within the context of quantity of “AML cases” they are presented with. To suggest that the quantity of events of this nature experienced by HitBTC is somehow disproportionately higher to other cryptocurrency exchanges without basis is bullshit.

Further, HitBTC would have a requirement to keep internal documentation on these incidents and notify law enforcement — I’d bet all I have that if HitBTC had their records audited, these “AML cases”, as described, would be exponentially over-stated in both quantity and legitimacy. If HitBTC were teleported to a courtroom right now and had full access to their internal records, they would absolutely not be able to explain, on the spot, why they froze so many withdrawals. Giving a deceitful and insolvent entity like HitBTC an opportunity to fabricate stories doesn’t change the inevitable truth of what the clear reality now is.

I know methodologies of fraudsters/launderers very well, having had investigated more than I’d like to recollect. I state with confidence that HitBTC locking the funds of a fraudster (which would typically be stolen shitcoins; no competent fraudster will wash substantive sums of BTC/ETH through HitBTC in one pass) isn’t going to ruin their day. It’s unlikely this happens often, and the reaction from someone laundering stolen shitcoins would be “oh well” — and eating the loss. Anyone want to place a bet about what HitBTC does with these locked funds, in the potentially rare cases of fraudulent activity being identified (or, more likely accurate, HitBTC accidentally catching a launderer in their selective scamming dragnet)?

If you think that HitBTC is keeping those assets in some form of account, ready to provide to the victims of theft, I’m happy to place a wager on you being wrong. HitBTC simply pockets those assets — in essence, HitBTC profits off laundering. Their very structure enables this by design.

HitBTC states that law enforcement requires them to freeze user accounts or balances. This is one of the only true statements in their post, but HitBTC shares it to grossly misrepresent the nature of the overwhelming majority of frozen assets. Such requests constitute, at most, a low (likely fractional) single-digit percent of frozen HitBTC assets. Even for a legitimate exchange, such requests from law enforcement will reflect infrequent occurrence, as by the time law enforcement is involved, the funds are typically withdrawn.

HitBTC does comply with law enforcement requests — it would not be within their interests to fail to do this. A centralized exchange that does not comply with law enforcement requests would simply become the next BTC-e; HitBTC knows this. Complying with law enforcement requests in and of itself doesn’t make an exchange legitimate, but self-preserving.

There is an extensive amounts of well-founded public scrutiny on HitBTC, such as this article regarding what many perceive as HitBTC extorting Bitcoin Private. HitBTC is quoted in this article as stating (regarding Proof of Keys and user withdrawals being frozen) “these temporary, safety-related withdrawal freezings are a direct consequence of our international KYC and AML measures. These rules exist and apply to us and everybody, 24 hours a day, 365 days of the year.”

Go ahead and name one exchange that has a single-digit percentile of the locked funds claims that HitBTC has — or had this many issues around Proof of Keys. You can’t.

Suddenly, KYC and AML measures result in a spike of withdrawal freezing? That's not how it works.

While most exchanges will have some level of KYC and AML measures (to include internal ones which, in fairness, are best left undisclosed publicly) — I highly doubt HitBTC is a client of any major forensics/KYT solutions provider. In fact, I highly doubt much, if any, KYC/AML measures exist at all with HitBTC, within the context of “heuristics to identify suspicious transaction behavior and freeze suspicious accounts/withdrawals.” I challenge HitBTC to have a trusted third party review such procedures, which they certainly won’t do.

To cement my point, I challenge anyone with the free time, curiosity, and funds to lose to make a couple of accounts on HitBTC: withdraw funds from a KYC’d exchange such as Coinbase — say, $100 — and withdraw funds from a mixer or darkweb shop — say, $99 — and watch which gets frozen. You (at this point most likely) won’t be surprised.

HitBTC staff wouldn’t be able to recite or substantiate anything that would constitute “suspicious activity” — whether it is blockchain activity (sources of funds by exposure) or other metrics (certain email domains, IPs, regions, etc.) I’m highly doubtful such “AML measures” exist at all, though you can bank on HitBTC scrambling to fabricate some as a result of this publication.

HitBTC’s responses to entirely reasonable questions and criticisms always consist of one or two core themes: evading the question outright, or providing answers based upon entirely irrelevant justifications.

On Yavin asked the “tough questions” (or for any legitimate exchange, questions that would never exist at all) to HitBTC and this resulted in the types of retorts you’ll see from HitBTC, whether about past criticisms or about this publication. To On’s credit, his description of HitBTC embarrassing themselves with these “justifications” is nothing shy of brilliant — Nigerian scammers come up with better stories than HitBTC’s.

Yet nothing has been done to shut down HitBTC. Why?

Despite all of the public outcry, nothing of substance has taken place against HitBTC. Many losses are too small to be viable for lawsuits. Some particularly tilted ex-customers of HitBTC have tried to crowdfund a lawsuit with no success.

Frankly, it’s my assessment that effort was doomed from the onset: while I am not an attorney, as an expert witness that has worked with many, I know a little bit: such a lawsuit is likely to cost a lot more than the stated goal of $10,000. You’re likely looking at a base price tag of $35–40K plus 30% contingency and that’s presuming items like discoveries and subpoenas have an average turnaround/quantity of obstacles. (Attorneys, do feel free to comment with your take on this!)

As somebody that gets messaged nearly every day by victims of cryptocurrency scams/hacks, an unfortunate reality of most of these victims is they have no desire to pay anything upfront. The risk a law firm would take in representing HitBTC victims is the same risk my investigative firm would take in working pure-contingency cases, and when there are more clients willing to pay upfront than can be serviced, it simply makes no business sense. It’s hard to justify working on something that isn’t even technically a “delayed payday” since it’s entirely unknown how much money “they” (they being a scammer/hacker for an investigative firm to case, or HitBTC in the case of an attorney) have left or the difficulties in obtaining it. While in either case, it’s likely the answer is “enough money to make it sound appetizing”, it’s just sub-optimal.

HitBTC has a mailing address in Hong Kong, entries in Wikis claiming European presence, a registration in Chile, a UK mirror company, a registration in Estonia, and the list is ongoing. Without taking more than a few moments to go down this rabbit hole, I can already tell you this is a deliberate effort to make service of documents, discoveries, subpoenas, and (obviously) holding specific individuals accountable nothing shy of a nightmare. While it’s not uncommon practices for businesses (especially in blockchain, and especially exchanges) to have company structures that may seem unconventional, HitBTC’s is not even remotely comparable to anything that operates in a legitimate capacity.

HitBTC “banks” on this. HitBTC is aware that it would likely ultimately require quite more money to chase them legally than someone that’s already experienced loss is willing to put up.

(That being said — if any of the independently wealthy want to have the long-overdue legal book finally thrown at HitBTC, I know several extremely well-qualified attorneys I’d be honored to introduce you to, and you’d have the eternal respect of the industry, and I’d happily work with them as an adviser.)

As discussed regarding HitBTC’s “compliance”, they’re compliant with law enforcement requests — just enough to have stayed below the radar — or perhaps, at least below the radar prior to this publication… time will tell which route (law enforcement, legal, or financial via industry irrelevance) will cause HitBTC’s demise, but I propose we don’t wait for government(s) to intervene or somebody to finance legal intervention (though if either happens, great!) — let’s stop being bystanders and permitting apathy to result in fraud and, consequently, set us backwards on the path to mass adoption of blockchain solutions.

Call to Action

I solemnly swear it is possible that cryptocurrency traders realize the long-term health of the industry/mass adoption of blockchain technology is more important than dumping shitcoin bags on an exchange they know is insolvent. I hold these truths to be self-evident, that HitBTC’s assets and liabilities are not equal, that cryptocurrency users are endowed with unalienable Rights, that among these are transparency, security and solvency from firms in the industry, and the pursuit of a mature industry.

HitBTC’s selective scamming is only the “perfect crime” as long as the blockchain industry and cryptocurrency users permit it to happen.

This publication is designed to be a public service announcement where content and any opinions expressed are solely my own. I had the privilege of collaborating with MyCrypto on The Sim Swapping Bible, which was extremely warmly received by the public and presumably resulted in more than a few people preventing heavy losses.

If this publication doesn’t achieve the goal of eradicating HitBTC, but at least achieves the goal of sparing a few people from experiencing devastating losses, it’s still a win — though I’m hopeful that the industry will rise to the challenge I present.

While I wish I had the time-bandwidth to do some extremely in-depth analysis of some technical details (such as trading volume) or quantifying some elements of this (such as quantity of “locked funds” posts for HitBTC relative to other exchanges), the reality is that I can’t invest that level of time into this publication. (That being said, if any readers have strong research or statistics they’d like to see included in this publication, I warmly encourage you to contact me.)

Thankfully, there is some really strong work from others already existing on this topic, such as Coinfirm’s analysis/Cointelligence’s articles.

Here is your homework, conveniently broken down by demographic:

Exchanges: Start setting higher standards among yourselves. Don’t wait for regulators to tell you that you need to do solvency audits. Do it because it is the right thing. Do it because it sets a precedent for our industry to be seen as more mature. If you can afford to spend six figures on marketing and business development, you can afford to spend five on a solvency audit — whether you outsource it or do it (in a verifiable method) in-house. Speak with your money, not your words. Besides solvency, I see some of you consistently at/in AML/Compliance events/groups, and some of you consistently not. This includes no-cost events/groups. In the medium-term, expect to be considered late-adopters unless you show initiative in these areas. In the long-term, expect to be irrelevant unless you show initiative in these areas.

Blockchain companies: Stop doing business with “companies” like HitBTC that demonstrate excessive shady behavior combined with needless anonymity. This wouldn’t be tolerable in any mature industry. Speak with your money, not your words. Looking at you, Bequant, Changelly, etc.

Influential/key figures: Stop being afraid to pipe up. Stop being afraid of being “controversial.” It’s absolutely unacceptable it took this long for someone to call out HitBTC and educate the public. We need to do better. It’s not too late: sharing this publication would be a solid start, as your exposure will result in someone reading this and not getting scammed by HitBTC. In your case, speak with your words, because your words carry weight that, as a third order effect, carries money.

'Coin Metrics' websites: Delist HitBTC, or you’re enabling them to continue the charade of legitimacy — and, by proxy, you’re an accomplice in their scheme as well as enabling fraud. Some of you already have tarnished reputations and would do well to heed this advice; looking at you, Coinmarketcap.com.

Anyone with funds locked on HitBTC: At this point, unfortunately, the best bet may be to fulfill a baseline level of HitBTC’s requests — say, KYC (as much as it’s an unjustified ask, and as much as I advocate for data privacy, thinking middle-ground strategy here.) If they fail to return your funds within 1–2 weeks citing a laundry list of excuses, I think the play at this point may be to tell them you’re going to file a law enforcement report.

Don’t continue their “compliance” charade — HitBTC will fear needing to answer to authorities and being unable to cite a reason for their “AML case.” Do not threaten a lawsuit unless you’re going to actually push forward with it, as HitBTC has heard these threats and it’s unlikely to be effective; it may even be counter-productive, as HitBTC may presume you’re “all bark and no bite.”

It’s safe to presume that less and less “AML cases” with HitBTC are going to entail recovery as HitBTC becomes more and more insolvent. While law enforcement may take a while to act, that length of time may be equal to how long some HitBTC “AML cases” have gone on. And at the end of the day, would you rather work with public-facing people with your best interests (or at least justice) in mind, or work with the people that stole your money in the first place?

Beyond compelling HitBTC to justify each “AML case”, more law enforcement reports filed against HitBTC will bring higher levels of attention against them. Here is a handy list of where to file a law enforcement report for cryptocurrency crime.

Cryptocurrency investors/traders/everyone else: The brunt of the responsibility is on you. Speak with your money, not your virtue-signalling. Stop waiting on regulators. Stop waiting on “powers that be.” The most immediate and effective way to end HitBTC’s fraud (as well as, generally speaking, foster an environment conducive to mass adoption) is through your actions! Namely, this includes steps to enact a formula:

Less deposits and volume on HitBTC (resulting in fewer trade fees and fewer selective scamming victims) + less custodial assets (due to withdrawals) = spike in “AML case” incidents (making HitBTC’s insolvency all the more obvious) = catalyst to intervention on HitBTC or exit by HitBTC

1: Withdraw your funds from HitBTC now. The likelihood of future withdrawals succeeding will continue to decrease as the public becomes more aware of the necessity of avoiding HitBTC. You can safely presume that effective the day this publication is released, you’re in a race against the clock and statistics to successfully withdraw funds from HitBTC.

2: Don’t deposit any further assets on HitBTC under any circumstances whatsoever. From this point forward, you’re either part of the solution or part of the problem. Don’t fall to temptation to make some arbitrage trade (which is likely another method HitBTC utilizes to ensnare deposits and selectively scam) or offload some shitcoin bags: instead, find another exchange, DEX, or (with appropriate due diligence, of course) sell your bags OTC/P2P. Not only should you not risk becoming a selective scam victim, but if you’re contributing liquidity/fees to HitBTC, no matter how small, you’re perpetrating the problem. In short: don’t let your greed get the better of you thinking “it’s just a small amount”, because I can assure you many others will think the same way. Bystander effect is a barrier to solving the HitBTC problem, the precise type of problem which is a barrier to mass adoption of cryptocurrency.

3: Share this publication wherever you feel it would potentially stop someone without this knowledge from becoming a HitBTC user — and, consequently, become a possible selective-scam victim. This could be Telegram groups discussing which exchanges to use, Reddit posts, or HitBTC’s “favorite” — drop it into replies to their Tweets. (A note for Medium: preventing fraud does not constitute “brigading.” It is likely that HitBTC will attempt to report this publication with that “violation.”) Hit HitBTC where it hurts — their pockets. Translate this into different languages and spread it to hit as much of HitBTC’s customer (or potential victim) base. Make it impossible for HitBTC to have any public posts (where they intend to lure in more victims) without the facts surrounding their fraud not shortly trailing. Bonus points if you join HitBTC’s Telegram (https://t.me/EN_HitBTC) and send the link to other users. They "love" that :)

4: Report HitBTC’s accounts as fraudulent anywhere they exist. Their Reddit was already revoked; let’s ensure HitBTC has any other platforms they may utilize to mislead new cryptocurrency users are minimized. Report their Tweets (as what HitBTC is doing is a direct violation of Twitter’s Financial scam policy) and ditto their Facebook posts. Report their Bitcointalk account — after this publication, there is no reasonable counter-argument to banning HitBTC from there unless Bitcointalk moderators want to allow scammers to post freely. It's disgusting that crypto YouTubers can be batted off en-masse, or this publication can be censored on Medium, but HitBTC has still has some free reign to utilize certain social media platforms to recruit victims.

5: Make it trend — announce loud and proud that you’ve withdrawn assets from HitBTC if you have, or that you spared a potential victim. I give carte blanche creative liberty to the cryptocurrency community to get this topic trending, but it’d make me grin ear-to-ear to see #sHitBTC trending — and I highly encourage using that hashtag if sharing this publication. If every Reddit/BTT thread and every Tweet had #sHitBTC and this publication linked, it’s pretty likely the problem will solve itself. Make it impossible for anyone to utilize HitBTC without knowing the facts presented in this publication — and if they still elect to utilize HitBTC, well, their actions speak for their character, and if they’re scammed, it’s a lot harder to feel bad for them.

There are plenty of other efforts the public can take to put an end to HitBTC. One great example would be gathering data on the amount of “AML case” withdrawal freezes reported on HitBTC relative to other exchanges — were this data all centralized, it would create some interesting hard statistics that could quite possibly draw attention from the right entities. To the public: the ball is now in your court.

We have the choice to make HitBTC irrelevant, but it requires participation from the majority of the industry — big or small, person or business, rich or poor. Should we succeed in routing out HitBTC, we send a clear message to other would-be fraudsters, and we foster a more welcoming environment for potential cryptocurrency investors and adoption of blockchain solutions.

Alternatively, we have the choice of allowing HitBTC’s inevitable response to this, with a bunch of buzzwords and feel-good “we care about providing top service to our customers and take compliance seriously” — while addressing zero of the claims with anything tangible, to allow eyes to gloss over. We can allow this to perpetuate and go yet another year with this cycle, proving that no amount of facts and public knowledge outweighs the apathy of our industry, which only proves we’re years away from being a mature industry.

Which of these two outcomes we see depends on everyone’s actions, including you.

You determine whether or not HitBTC exists this same date next year. Go.

Update 1 (December 16th, 2019):

HitBTC seems to be in a bit of a panic after the publicity this publication has received. Many have withdrawn funds, and predictably, the quantity of HitBTC selective-scam cases report on social media has spiked. HitBTC’s wallets continue to dwindle, with their BTC holdings under 90 BTC at time of writing. Many coins are mysteriously “down for maintenance” on HitBTC — which likely means HitBTC is liquidating them for BTC.

There has been extensive backlash against HitBTC, to include in their own Telegram. Predictably, HitBTC’s admins (or paid shills, more accurately) are skirting the solvency question:

Pro tip: liquidity is not solvency. Citing CoinMarketCap liquidity is not even close to answering the solvency question, and at this point, it’s overwhelmingly obvious that HitBTC thinks people are too stupid to know the difference: their admins have been given a (laughably absurd) “playbook” and the excuses are running dry.

Update 2 (December 19th, 2019):

This publication has really picked up steam over the past days, being shared on crypto news sites. Predictably, #sHitBTC is (poorly) attempting to play off the obvious with embarassing copypasta canned responses:

Obviously, a response published months ago doesn’t address this publication. Nor do any of #sHitBTC’s response even remotely resemble answers a legitimate company would provide.

If no other points are to be addressed, the following alone is telling:

1: The number of claims about frozen accounts at HitBTC is an indescribable multiplier above the claims about frozen accounts at all other exchanges combined. This is not KYC/AML “industry standard practice” — and this point alone should be warning enough even for the uninitiated. For the initiated, a review of HitBTC’s correspondence with their victims doesn’t even remotely resemble correspondence in legitimate AML-based locked asset situations.

2: #sHitBTC predictably does not address their solvency. It would take minutes to send signed messages from wallets with adequate balance.

Some firms associated with HitBTC, such as Bequant and CMC, have been informed of or even reached out to discuss this issue — often initiated by HitBTC’s request! They express varying levels of concern, however, echo HitBTC’s request for “evidence.”

Reality: if “evidence” is to be defined as proving HitBTC isn’t filing reports with authorities on AML cases, that would require legal action.

If “evidence” is to be defined as showing all of HitBTC’s wallets and balances, that would be an action HitBTC needs to take. What I can, and may soon do, is publish what wallets are known for HitBTC — likely to be a significant portion, which demonstrates, by ratio relative to other exchanges, horrifyingly low balances and clear insolvency.

Not a single person has come to HitBTC’s defense publicly. It’s quite telling.

Some in the community have taken to ensuring this information is shared in HitBTC’s Telegram chat (which is a depressing yet amusing series of messages about locked funds; go figure). Par for the course, #sHitBTC admins are enacting a “no FUD” rule and recently added a bot that will ban you for even saying the word "scam." That's a healthy dose of paranoia!

Kudos to the cryptocurrency community for getting this shared on multiple news sites, translated into numerous languages, and taking up arms. HitBTC is in a panic. Let’s deliver the death blow.

Update 3 (December 20th, 2019):

HitBTC is growing panicked, having had not only added a bot to their Telegram group that bans people for even saying the word “scam” and bolstering their admin presence, but bolstered their admin presence and seem to have set up shifts based upon this publication and the numerous news sites it was shared on. Many would question HitBTC in their Telegram and get banned immediately after refuting nonsense answers. HitBTC certainly won’t see this big reveal coming, but I’m sure you’ll all love it.

Here's about 45 minutes of forensics on HitBTC's wallets relative to liquidity:

Update 4 (December 24th, 2019)

Medium (or whichever inadequately trained staff member) opted to take down the original post, likely after HitBTC’s numerous burner accounts reported it. Considering zero of the reasons (‘doxing’ being one of them, which is highly ironic) the publication was removed by Medium are valid, I’m reposting this publication on WUC. I request all that shared the Medium link for this publication to re-share this new (and permanent) home, as we were getting extreme traction (hundreds, perhaps thousands of re-Tweets, top thread on R/Cryptocurrency for weeks, etc) -- certainly, traction enough for HitBTC to panic. Let's show them Wu-Tang!