Author: Lisa & Keywolf
Editor: Liz
Background
According to reports, on June 26, 2025, an online investment platform called Xinkangjia DGCX suddenly closed all withdrawal channels, and many users found their account assets frozen or cleared, with funds unable to be withdrawn. This incident quickly spread on social media platforms, attracting widespread attention. Although there is currently no authoritative agency releasing accurate data on the number of victims and financial losses, according to investors, the incident may involve a fund scale of up to 13 billion yuan, with the number of victims possibly exceeding 2 million.
According to some publicly disclosed information, as early as 2019, Xinkangjia sold oil filtration equipment worth 200,000 yuan to a certain enterprise, which was later packaged as 'signing a five-year strategic cooperation agreement with China National Petroleum'; in March 2021, this project began operations under the name Guizhou Xinkangjia Big Data Co., Ltd., despite the company claiming to have 30 million in registered capital, the actual paid amount was zero, and it had long been listed as operating irregularities, fitting the characteristics of a 'shell company'.
In May 2023, this platform launched the DGCX Xinkangjia Big Data Exchange, claiming it was 'the official branch of the Dubai Gold and Commodity Exchange (DGCX) in China', and self-proclaimed cooperation with several state-owned enterprises such as China National Petroleum and COSCO Shipping. The platform endorsed itself by publishing forged contracts, official letters, and official website screenshots to enhance its 'legitimate' image.
In fact, this platform has no affiliation or business relationship with DGCX; the entire qualification system is a disguise under the guise of 'international finance'. The real DGCX has publicly denied any authorization or cooperation with it multiple times and warned users to guard against counterfeit platforms.
It is rumored that founder Huang Xin left a message in the member WeChat group after fleeing overseas. Although this content cannot be independently verified, it was widely circulated within the community, further exacerbating investors' anger.
MistTrack on-chain analysis
In response to the on-chain fund flow situation of the Xinkangjia DGCX project, we used the anti-money laundering tracking analysis system MistTrack (https://misttrack.io/) under SlowMist to conduct an in-depth trace of the relevant on-chain addresses. On-chain behavior shows that the project may have constructed a complex multi-level fund structure, with funds flowing in from a centralized entry and then flowing out after multiple transfers, initially possessing common on-chain operation characteristics of Ponzi schemes.
Currently, we have analyzed and identified about 800,000 user deposit addresses, involving a fund scale of up to 1.5 billion USD. It should be emphasized that the data in this section is based on public on-chain information for technical analysis and mining, and cannot represent the complete fund paths and final facts of the project. The statistical results may have errors, and are for reference only. Some inferences are based on current on-chain behavior and do not constitute legal factual determinations, requiring further data support and multi-party verification.
1. User funds inflow
Analysis shows that the source of funds almost all comes from the hot wallets of centralized exchanges, and these funds are then distributed to numerous addresses in whole numbers (e.g., 1000, 2000 USDT, etc.). Considering that the project requires users to join with USDT, users must first convert RMB to USDT before depositing to the specified address, leading to the speculation that this may be the project collecting RMB from users and then uniformly withdrawing from the exchange to distribute USDT. These whole amounts align with the project's claimed 'membership fee' model, and there may also be the possibility of deposit behavior. The platform is suspected of using a centralized coin control and distribution of deposit addresses management method, meaning the platform provides users with addresses for participating in the project, and users do not directly hold the private keys.
2. Internal fund aggregation of the platform
Multiple 'user addresses' receive USDT, then transfer funds through 1-2 layers to aggregation addresses controlled by the platform. The aggregation addresses exhibit the following characteristics:
The number of income transactions is significantly higher than the number of expenditure transactions.
Aggregating funds from multiple 'user addresses';
Subsequently, transfer to a new 'next hop' address.
The above behaviors indicate that these addresses may exist as 'relay layers' or 'aggregation nodes', bearing the role of unifying the 'deposit funds'/'membership fees' from users.
3. Withdrawals and fees
Aggregation addresses will disperse funds to one or more addresses, some of which are only active for 1-2 days. It is speculated that funds on these addresses are rotated after depletion, or this may be to reduce the risk of being blacklisted. This short-cycle, high-frequency operational model also indicates that the project maintains a certain 'rotation rhythm' at the fund operation level. Regardless of how complex the paths are, most funds ultimately return to some exchange's user deposit addresses, showing a one-to-many form, suspected to be user profit withdrawals. More significantly, in most transfers, the amount received by the target address is about 10% less than the initiated amount; for example, sending 800 USDT results in receiving 720 USDT, which may indicate some form of 'withdrawal fee'.
4. Permission authorization mechanism
Through further on-chain data analysis, we also observed custom authorization behavior among a large number of TRON addresses. Some addresses involved in fund aggregation granted custom permissions to 3-5 addresses, usually with a threshold of 3, and could perform Transfer TRC10 and Trigger Smart Contract (usually used for transferring TRC20 tokens) operations.
These addresses involved in fund aggregation and authorized addresses have repeatedly shown such authorization phenomena, as shown in the table below:
It can be indirectly inferred that the main address (aggregation address) and the authorized addresses belong to the same entity, and under the context of closely intertwined fund paths, it is reasonable to suspect that the project operators adopted a bulk authorization control mechanism for the convenience of automated operations, which is closer to the platform's permission management approach.
Scam model
The project appears to be a fund scheme with a 'Ponzi kernel + pyramid structure', collecting funds under the pretext of virtual asset investment, using stablecoins as payment, and aggregating funds through a 'referral' membership system. The specific methods include:
1. Multi-level pyramid-style referral mechanism
To achieve the purpose of 'referrals', Xinkangjia established a 9-tier troop-like structure, from top to bottom: Commander, General, Division Commander, Brigade Commander, Regiment Commander, Battalion Commander, Company Commander, Platoon Leader, Squad Leader, and set clear promotion standards and rebate ratios. For example, after participants pay to become members and recommend 3 people, they can be promoted to Squad Leader, with a reward of 10 USDT for each successful referral; to become Commander, they need to develop a team of nearly 20,000 people and 50 direct subordinates, earning a referral reward of 150 USDT per person and a guaranteed monthly salary of 12,000 USDT. This mechanism presents a typical pyramid-type dissemination path, motivating participants to continuously develop subordinates and driving continuous fund inflow through promotion rewards.
2. Fake trading and backend manipulation
Xinkangjia displays various fake trading interfaces on its official website and app, including gold, oil, indices, etc., claiming to provide international market conditions and real-time gains and losses, guiding users to deposit USDT for high-leverage trading, while all account data is actually controlled by the platform backend.
3. High returns and rebate bait
The platform claims to use big data technology to conduct futures trading in gold, oil, and foreign exchange in the Middle East, promising investors returns of up to 2% daily. For example, if a member invests 100,000 USD, they can earn 2,000 USD daily, amounting to 60,000 USD monthly. 'Recoup in 3 days, double in 7 days', '100% profit commission', 'VIP internal arbitrage signals' are the main phrases used to attract users to continue investing. The platform also regularly creates screenshots of some successful withdrawals and investment 'profit rankings' to create an atmosphere of 'real earnings', forming a strong herd effect.
4. Withdrawal thresholds increase layer by layer
According to investor feedback, on June 25, Xinkangjia experienced withdrawal issues, and the next day confirmed a system crash. The platform's response was that 'the company was defined by regulatory authorities as tax evasion, and all account funds were frozen, unable to be withdrawn'. Users wanting to withdraw had to pay a tax of 10% on the holding amount, and withdrawals over 100,000 yuan required a wait of over 30 working days. After tax, daily profits could be 1%, and withdrawals could only happen after accumulating 100 USDT, with a 50% withdrawal fee. Before the collapse, the platform threw out a bait activity: 'Invest 500,000 and get a Tesla', which actually lured users to increase leverage investments, to deceive more money before the crash. After raising funds, Xinkangjia suddenly closed the withdrawal channel and customer service became unresponsive. It is rumored that the platform transferred about 1.8 billion USDT to offshore shell company accounts in the Cayman Islands through Tornado Cash within just 48 hours before collapsing.
In fact, before the platform collapsed, multiple local public security organs and financial regulatory agencies issued risk warnings, including the Public Security Bureau of Pingxiang County, the Public Security Bureau of Yangshan County, the Public Security Bureau of Taoyuan County, HeYuan Rural Commercial Bank, and the Financial Office of the Hunan Provincial Party Committee, all indicating that the platform is suspected of illegal fundraising and high-risk trading.
However, due to the platform's implementation of an invitation code system to control registration, extensively penetrating through WeChat group fission and offline lectures, along with phrases like 'national-level project', 'central enterprise cooperation', a large number of middle-aged and elderly groups and users in sinking markets have fallen into it, leading to a continuous influx of funds even after regulatory warnings were issued in various places. Currently, it is rumored that some core technical personnel and leading agents of the platform have been controlled by the public security organs, who have seized several accounts of involved assets, freezing approximately 120 million yuan.
Summary
The Xinkangjia DGCX incident is a typical digital financial fraud that combines digital assets, Ponzi schemes, and pyramid mechanisms. The core of such fund schemes lies not in innovation but in precisely utilizing a mixed model of on-chain payment + offline promotion, coupled with foreign fake identities and false government endorsements, creating a sense of cross-border legitimacy.
SlowMist reminds all users:
High returns come with high risks. Legitimate financial products do not promise high short-term returns and do not attract investments with 'double returns' or 'recoup in 3 days'.
The referral model is essentially a pyramid scheme. Any platform that requires you to recommend others to make money is highly likely to be a Ponzi scheme, relying on continuously absorbing new funds to maintain operations.
Do not blindly trust packaging and promotion. Contracts, official website screenshots, interviews on CCTV, luxury car displays, celebrity photos—these can all be faked. What is truly credible is the fund security mechanism and independent third-party supervision, not just surface excitement.
The collapse of Xinkangjia is a painful lesson learned by many investors with real money. It is not the first, nor will it be the last. In this age of information overload and increasingly complex scams, it is essential to remain rational, improve financial literacy, and actively question 'things that seem too good to be true'. Any platform that uses high returns as a gimmick and requires referrals to profit should be treated with high caution.