This is the english translation of this article, written by Paolo and published on 21 november 2022.
Just like we did with the Uefa affair and Money Dust, we also tried to follow the money in the CMG case. This led us to at least two very interesting wallets. We discussed about the CMG case, or Capital Media Group, in this article. In summary, it is a company that, in exchange for an upfront payment, offered the opportunity to earn through a dedicated app. In reality, this structure was used to conceal the old Ponzi scheme fraud.
How we followed the money
The scammers used the TRON blockchain to move the money and payments to and from users were exclusively in USDT. Some users in our Telegram group for CMG victims have provided us with the wallet addresses to which they sent and received money.
Here is where the first problem arose. Addresses for making deposits were multiple so the same user could be asked to send USDT to one wallet at one time and to another wallet at another time. The same applied to payments, which were made from different wallets.
At the following link, you can see how we tracked the wallets. Due to the high volume of transactions, we prioritized the movements of larger amounts.
In at least six of the deposit addresses, the money, after being moved through several wallets, mostly converged into the following one: TbyFb59jf9BjbYRdYzxPApfLFhcjk8dAV1.
At this juncture, the funds take diverging paths. On one hand, they traverse through an intricate labyrinth of transactions, with a significant portion flowing into an Okex wallet, and another portion directed towards the following wallet: Tcz47XgC9TjCeF4UzfB6qZbM9LTF9s1tG7.
On the other hand, a substantial amount of USDT appears to be deposited into a Binance hot wallet.
The most recent report originated from a user who was instructed to deposit funds into the following address: TuoLfiUmVqbcVqkEBXWUMBG6JHvucCmkan (the purple one on Miro). Deposits to this wallet are infrequent and typically amount to no more than a few thousand euros. It is reasonable to assume that these deposits are associated with attaining VIP ranks 3, 4, or similar. However, the outgoing transactions are far more intriguing: all transpired within a week and were primarily directed towards two addresses.
One of the addresses is the previously mentioned wallet Tcz47XgC9TjCeF4UzfB6qZbM9LTF9s1tG7, which currently holds over 52,000,000 USDT. The other one is the Okex wallet mentioned earlier.
The movement of these funds roughly coincides with the days when the platform stopped making payments and started requesting further deposits. It is likely that the scammers, driven by haste, immediately transferred the money to an exchange they use. Most importantly, these transactions confirm the tracking previously conducted from other wallets.
Does the money only come from CMG?
Certainly, the money we have found is not all the funds collected by the scammers. In fact, many USDT have been moved multiple times within an intricate labyrinth of transactions that is difficult to trace. However, we have certainly uncovered a portion of the money.
Are these the funds of CMG investors? Most likely not, or rather not only. Among the various wallets involved in this tracking, many were found to be moving several million dollars. It is more probable that CMG was just one of the many systems the scammers have devised.
As further evidence of this, in recent days, many users have been reporting the presence of websites that are virtually identical to CMG. Therefore, it is highly likely that CMG is just one piece of a much larger ecosystem than one might think.
And now what?
We have identified at least part of the stolen funds. They are located in two exchanges that require users to go through KYC (Know Your Customer) procedures, which involve submitting identification documents to comply with anti-money laundering regulations. Therefore, it would be possible to associate names with some of the wallets in question, and moreover, the exchanges could potentially freeze these funds.
However, for this to happen, the justice system would need to act swiftly. Therefore, our invitation to all the victims is to report the scam immediately. Report it right away.
If you have also fallen victim to this fraud, you can join our Telegram group.
Furthermore, if you have any materials to send, you can use the email address [email protected].
