13 Billion RMB Vanished: The Collapse of the Xinkangjia DGCX Scam

In May 2023, the platform launched the DGCX Xinkangjia Big Data Exchange, claiming to be “the official sub-station of the Dubai Gold and Commodities Exchange (DGCX) in China,” and declared partnerships with multiple state-owned enterprises such as PetroChina and COSCO Shipping. The platform used forged contracts, official letters, website screenshots, and other materials to back its claims and reinforce its image as a “legitimate enterprise.”

In reality, the platform had no affiliation or business relationship with DGCX. The entire qualification system was a disguise under the banner of “international finance.” The real DGCX has issued multiple public statements denying any authorization or cooperation with this platform and warning users to beware of impersonators.

A message allegedly left by founder Huang Xin in a user group after fleeing overseas was circulated widely. Although the content cannot be independently verified, it has further fueled the anger of investors.

“Hello, comrades! This is Mr. Huang. I’m already overseas. Everyone’s intelligence is matched to their wealth. Since your wealth didn’t match your intelligence, I had to correct that mismatch. I simply took away the wealth that didn’t correspond to your IQ. I hope you can thank me for that — be grateful. Remember the lesson I’ve given you.”

MistTrack On-Chain Analysis

Regarding the fund flow of the DGCX Xinkangjia project, we used the anti-money laundering tracking and analysis system MistTrack (https://misttrack.io/), developed by SlowMist, to trace the relevant on-chain addresses. On-chain behavior suggests that the project may have constructed a complex multi-layered fund structure, with funds entering through centralized entry points, then flowing out after multiple transfers — exhibiting typical characteristics of a Ponzi scheme on-chain.

So far, we have identified around 800,000 user deposit addresses, involving a total fund volume of approximately 1.5 billion USD. It is important to note that this section’s data is based on technical analysis and exploration of public on-chain information and does not represent the complete fund path or the final facts. The statistical results may contain errors and are for reference only. Some conclusions are based on current on-chain behavior and do not constitute legal fact. Further data and multi-party verification are required.

1. User Fund Inflow

Analysis shows that the sources of funds were almost all from centralized exchanges’ hot wallets. These funds were then distributed to many addresses in round-number amounts (e.g., 1,000 or 2,000 USDT). Considering that the project required users to join using USDT, and users needed to convert RMB to USDT before recharging to a specified address, we infer that the project may have collected RMB from users, then withdrew USDT in bulk from exchanges and distributed it accordingly. These round numbers align with the project’s so-called “membership fee” model, and indicate possible deposit behavior. The platform likely adopted a centralized coin custody and address allocation system, whereby addresses used to participate in the project were assigned to users, who did not control the private keys themselves.

2. Internal Fund Aggregation

After receiving USDT, multiple “user addresses” would transfer funds through one to two layers into aggregation addresses controlled by the platform. These aggregation addresses exhibited the following characteristics:

• Significantly more incoming than outgoing transactions
• Aggregated funds from multiple “user addresses”
• Subsequently transferred funds to new “next-hop” addresses

These behaviors suggest that these addresses may have served as “relay layers” or “aggregation nodes” to consolidate “recharged funds” or “membership fees” from users.

3. Withdrawals and Handling Fees

Aggregation addresses would transfer funds to one or more other addresses. Some of these addresses were active for only 1–2 days, possibly indicating rotation after funds were used up or to reduce the risk of blacklisting. This short-cycle, high-frequency operating model also suggests a maintained “rhythm” in fund operation. Regardless of complexity, most funds ultimately returned to user deposit addresses on exchanges, in a one-to-many pattern — indicating possible user profit withdrawals.

More notably: in most transactions, the amount received by the destination address was about 10% less than the amount sent (e.g., 800 USDT sent, 720 USDT received), possibly indicating the existence of a “withdrawal handling fee.”

4. Permission Authorization Mechanism

Further on-chain analysis revealed a large number of custom permission authorization activities between TRON addresses. Some of the addresses involved in fund aggregation granted custom permissions to 3–5 other addresses, typically with a threshold of 3, and enabled actions such as Transfer TRC10 and Trigger Smart Contract (commonly used for TRC20 token transfers).

Such custom permission authorizations appeared repeatedly among the aggregation addresses and the authorized addresses, as shown in the table below:

This indirectly suggests that the primary addresses (aggregation addresses) and the authorized addresses likely belonged to the same entity. In the context of tightly interwoven fund flows, we have reason to suspect that the project operators implemented a batch authorization control mechanism for operational efficiency — resembling the platform’s internal permission management structure.

Scam Model

This project appears to be a Ponzi scheme with a “Ponzi core + MLM structure”, using virtual asset investment as a pretext, with stablecoins as the payment vehicle, and raising funds through a referral-based membership system. Its specific methods included:

1. Multi-Level MLM Referral Mechanism

To drive recruitment, Xinkangjia established a military-style 9-tier structure: Commander, General, Division Leader, Brigade Leader, Regiment Leader, Battalion Leader, Company Leader, Platoon Leader, Squad Leader. Clear promotion standards and rebate ratios were set. For example:

• A participant who paid to become a member and referred 3 people would be promoted to Squad Leader, earning 10 USDT per referral
• To become a Commander, one needed a team of nearly 20,000 and 50 direct referrals, earning 150 USDT per person plus a monthly salary of 12,000 USDT

This model showed a classic pyramid-shaped referral path, incentivizing participants to continually recruit subordinates and driving constant capital inflows via rewards.

2. Fake Trading and Backend Manipulation

Xinkangjia’s website and app displayed various fake trading interfaces, including for gold, crude oil, and indices. It claimed to provide international market data and real-time P&L updates, guiding users to deposit USDT for high-leverage trading. In fact, all account data was controlled entirely by the backend.

3. High Returns and Rebate Lures

The platform claimed to use big data technology to conduct futures trading in the Middle East in gold, oil, and forex, promising investors returns as high as 2% daily. For example, a member investing $100,000 could earn $2,000 per day, or $60,000 per month. Catchphrases like “3-day break-even,” “double in 7 days,” “100% profit sharing,” and “VIP insider arbitrage signals” were used to attract users to keep investing. The platform also regularly fabricated withdrawal screenshots and investment “earnings leaderboards” to create a sense of “real profit” and drive herd mentality.

4. Ever-Rising Withdrawal Barriers

According to investor reports, on June 25, Xinkangjia began experiencing withdrawal failures, and the next day the system officially crashed. The platform claimed that it had been defined by regulators as involved in tax evasion, leading to full account freezes. To withdraw, users had to:

• Pay a 10% tax on their holdings
• Queue for 30+ working days for withdrawals over 100,000 RMB
• Earn 1% daily interest on their balance after tax
• Accumulate at least 100 USDT before becoming eligible to withdraw
• Pay a 50% withdrawal fee

Just before the rug pull, the platform launched a new bait campaign: “Invest 500,000 and Get a Tesla,” which was actually intended to lure users into increasing leverage before the exit scam. In the final 48 hours before collapse, the platform allegedly used Tornado Cash to transfer around 1.8 billion USDT into accounts of a Cayman Islands shell company.

In fact, before the platform collapsed, multiple local public security and financial authorities had issued risk warnings. These included the Pingshan County Public Security Bureau, Yangshan County Public Security Bureau, Taojiang County Public Security Bureau, Heyuan Rural Commercial Bank, and the Hunan Provincial Financial Office, all of which stated that the platform was suspected of illegal fundraising and high-risk transactions.

However, due to its invitation code–based registration, viral growth in WeChat groups, and offline promotional seminars, along with buzzwords like “national project” and “SOE partnership,” the platform heavily penetrated lower-income and elderly demographics. As a result, large amounts of funds continued to flow in even after regulatory warnings. It is reported that some of the platform’s core technical staff and top agents have been taken into custody by public security authorities. Several asset accounts involved have been frozen, with about 120 million RMB in funds seized.

Conclusion

The DGCX Xinkangjia incident is a typical case of digital financial fraud combining digital assets, Ponzi schemes, and MLM mechanics. The core of such operations lies not in innovation, but in precisely leveraging on-chain payments + offline promotion, dressed in foreign credentials and fake government endorsements to fabricate a sense of cross-border legitimacy.

SlowMist reminds all users:

• High returns come with high risks. Legitimate financial products will never promise short-term, high-yield returns — let alone use claims like “double your money in 7 days” to lure investors.
• Referral-based earnings are essentially MLM. Any platform that requires you to recruit others in order to earn is very likely a Ponzi scheme relying on new funds to stay afloat.
• Don’t blindly believe in packaging and publicity. Contracts, screenshots, state TV appearances, luxury cars, celebrity photos — these can all be forged. What truly matters are robust fund security mechanisms and third-party oversight, not appearances.

The collapse of Xinkangjia is a painful lesson paid for with real money by countless investors. It was not the first, and it won’t be the last. In an age of information overload and increasingly sophisticated scams, we must remain rational, improve financial literacy, and always question things that seem “too good to be true.” Any platform that offers high returns and requires recruitment to earn profits should be treated with extreme caution.

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.