Author | Lisa
Editor | Liz
Background
Recently, the incident involving actor Wang Xing being scammed and brought to Myanmar has garnered widespread attention on the internet. The public is curious about the details behind the case. The SlowMist security team noticed that a screenshot of a chat log has been widely circulated on social media. The group in the screenshot is named “富府专群 需方上押 14000u,” and it mentions that Wang Xing has already been “onboard,” with a so-called guarantee fee of 14,000 USDT, along with a cryptocurrency address for receiving the guarantee fee: TAiv3gxSGkf7xWdEwWqoWgAB6FU4XV5HPn. Is the truth really as depicted in the image?
Detailed Analysis
To clarify the truth, the SlowMist security team began by analyzing the TRON address from the screenshot:
First, we conducted an online search for information related to the address TAiv3gxSGkf7xWdEwWqoWgAB6FU4XV5HPn:
We found several main Telegram channels, with the largest group having nearly 8,000 members:
- @fufugq:
2. @FUFU:
3. @TOTO:
4. @YAYA:
Next, we traced their message publishing channels and found that they had discussed the Wang Xing incident:
Then, we used the on-chain anti-money laundering tracking platform, MistTrack, to analyze the TRON address. The analysis showed that the address’s first transaction occurred on September 9, 2024, with the most recent transaction on January 12, 2025. The address has received a total of 2.22 million USDT, and its current balance is 91,000 USDT. The address has interacted with multiple malicious and medium-risk addresses.
By filtering the outgoing transactions from this address, we discovered that almost all of its outgoing transactions were directed to user addresses from a particular platform. We speculate that these user addresses might belong to employees of “富府.”
According to the timeline released by the Thai Immigration Bureau on January 7, Wang Xing entered Thailand at 3:16 AM local time (UTC+7) on January 3. He left Suvarnabhumi Airport at 3:40 AM and was subsequently out of contact around 11:00 AM. We analyzed the transactions starting from January 3 at 4:16 AM (China Time UTC+8) for the mentioned address TAiv3gxSGkf7xWdEwWqoWgAB6FU4XV5HPn:
- 2025–01–03 16:47:42 received 5,500 USDT
- 2025–01–03 22:28:33 received 5,500 USDT
- 2025–01–04 15:47:15 received 4,145 USDT
- 2025–01–04 16:25:57 received 5,500 USDT
- 2025–01–04 18:30:57 received 5,528 USDT
- 2025–01–04 21:19:00 received 8,289 USDT
- 2025–01–04 21:41:42 received 6,896 USDT
- 2025–01–06 11:31:09 received 6,908 USDT
…
No transaction matching the 14,000 USDT mentioned in the screenshot has been found.
Upon reviewing the original screenshot, we noticed that the chat time shows 02:46, while the image time shows 19:46. The discrepancy in time further confirms that the screenshot is fabricated. If the screenshot were authentic, the image time should have shown a range between 02:41 and 02:46.
Conclusion
The Wang Xing kidnapping incident itself has already stirred public emotions, and the spread of fake screenshots has further heightened public anxiety. The timeline in the screenshot and the analysis of the TRON address’s transactions confirm that the screenshot is fabricated and not directly related to the incident. This rumor serves as a reminder that maintaining a clear head and verifying information continuously is the best attitude when facing various types of information.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
