The Secret Token Underworld
407 segments
Chinese resellers are offering Claude
tokens at 70 to 90% below official
Anthropic prices. Now, I don't even know
what to do with that statement. What are
we even talking about? There's a black
market for tokens? Yes. Yes, there is.
There is an entire economy built around
this this black market, this gray
market, this shadow API economy. So,
we're actually going to go over who's
using it, why they're using it, how this
actually even works. How do they have it
at 70 to 90% off because I mean that
sounds kind of nice. Did they solve They
solved something we don't understand.
And also, I'm going to toss my little
hat into the ring and I'm going to give
you a reason why I think things are as
cheap as they are. I got my own little
personal theory that I'll unleash at the
end. All right, so to understand this
entire gray market universe, you have to
understand the fundamental unit.
Everything is around this idea of a
transit station. What this is is it goes
from the great country of China and it
takes in requests going to these transit
stations and then out they go to say
Anthropic or OpenAI and then pipe the
results back in back to the people
behind these intelligence iron curtains.
These countries that are not allowed to
access OpenAI or Anthropic because of
government restrictions. Now, you're
probably thinking this this sounds like
a VPN. It is. This is exactly how a VPN
effectively works. You from your
computer make requests, it goes up to a
VPN, the VPN then goes off and makes the
request and funnel everything back to
you. This is exactly the same thing
except for they do it through these
transit stations. Now, you're probably
saying, "Well, what's the difference
between a transit station and say open
router?"
Nothing. Just just just legality, that's
all. Well, and and also
fraud and and many other things, but but
effectively nothing. So, it's just good
to keep in mind when I talk about
accessing the data and everything, it's
all done through these transit stations
cuz I think it makes a lot of the rest
of the story make sense. So, this is
kind of the fundamental unit of this
entire black market economy. But before
we continue, hey, I'd like to say thank
you to the sponsors. Hey, is that HTTP?
Get that out of here. That's not how we
order coffee. We order coffee via SSH
terminal.shop. Yeah, you want a real
experience? You want real coffee? You
want awesome subscription so you never
have to remember again? Oh, you want
exclusive blends with exclusive coffee
and exclusive content? Then check out
Cron. You don't know what SSH is?
Well, maybe the coffee's not for you.
>> Terminal [singing]
coffee
in hand
living the
dream.
>> When you hear that the Chinese are using
these transit stations, your first
thought is Dario was right. They are
doing distillation attacks. Well, no,
no, no, actually, calm down. That's not
actually what's happening. The people
who are using it is people who want to
use the models to do something. Now, I'm
not going to say what they're doing is
actually good, but they're doing things
with the models, whether it's just
programming, building applications, or
scamming people. But the point is it's
not a distillation attack in itself.
Instead, it's actually representing real
work. People actually using these
transit stations to do something. But
this is where things kind of get
interesting. Like, how would a transit
station actually work? From this amazing
article, how to buy cheap Claude tokens
in China, it actually kind of goes
through what's going on at these transit
stations. Upstream are the resource
providers, account merchants who bulk
register or acquire Anthropic accounts
at scale. Now, you're thinking, how
would you bulk register thousands, if
not tens of thousands of accounts with
Anthropic? Well, luckily, there's this
other article that actually explains how
you could do exactly that. See, there's
three problems. Each account needs a
unique browser fingerprint, a unique
residential IP, and a way through phone
and ID verification. Browsers have moved
past Playwright plus stealth plugins to
anti-detect browsers. Now, I did not
know this that there was these
anti-detection browsers. And there's
actually quite a few of them right here
listed right here. In fact, there's a
bunch of headless ones that are actually
identical to operating as Chrome would
so that the receiver of these messages
can't actually tell if you are or are
not from Chrome. Which means that
defenders that have been fighting this
network layer for a decade, they've
lost. You can no longer tell from the
wire if you're actually getting
legitimate traffic or not. At least
that's what's kind of being claimed with
these anti-detect browsers. But what
about SMS? That has to be hard, right?
Well, no, actually that's the cheapest
defeat in the pipeline is phone
verification, it turns out. It turns out
you can get a whole bunch of SIMs for
pretty dang cheap. And you can also
acquire SMS numbers pretty dang cheap.
See, the thing I guess a lot of us don't
think about is that at one point in
life, SMS was a pretty good proxy for
personhood. One phone number belongs to
one person. That's just no longer the
case anymore. It's really cheap to get
phone numbers these days. It costs about
.8 of an Abraham Lincoln, a one penny, a
cent. I think them British call them a
pence. I'm not really sure. I don't I
don't I don't speak British, okay? I
don't speak British. In other words,
these transit stations, they rely on
these SS SMS services to kind of do
phone verification. But then there's a
second problem. What about ID
verification? That has to be harder,
right? Well, it turns out jumping into
this 404 article by Joseph Cox,
no, actually it's not that hard. In
fact, a Telegram organized site operator
pseudonym John Wick selling AI-generated
driver's licenses, passports, and
national IDs for $15 each, auto
composited onto plausible carpet
bedsheet backgrounds, claimed the
throughput up to 20,000 documents per
day. Which by the way, even at half of
that, if they did that for a year, is
$50 million.
Now, these passports, they were actually
really sophisticated because the
technical move that makes them pass is
the MRZ, the the dashes, the little
carrots, lines at the bottom of the
passports encoding personal data plus
three check digits and a global checksum
per ICAO 9303.
Apparently earlier they were getting
caught by these validations, but they
got so sophisticated, these backends
that would validate if this was a real
license or not or a real passport were
like, "Yeah, bro, these are actually
really good. You can get by a whole set
of ID verification just via AI." There
was a whole like meta getting all these
accounts stolen because all you had to
do was go to the meta bot and be like,
"Yo, bro, I'm totally this person."
Generated deep fake of you holding an ID
of the person that doesn't actually
exist and then the meta bot was like,
"Sure, that's totally cool. You're now
this person. Would you like to reset the
password?" And a whole bunch of people
got their accounts stolen. But,
sometimes you need real IDs. And if you
need real IDs, this is where the story
gets a bit uneasy how these transit
stations operate. Anthropic has started
implementing identity verification. You
need a passport and a selfie to use
certain features. This is where the
advantages of AI transportations from
the crypto circle comes in. By the way,
crypto ruining everything, classic
crypto. We're back to the stage of being
our most familiar KYC manufacturers
braving the risks of Ebola in Africa to
find locals to help with face scan
verifications and selling IDs. Buying a
smiling teeth photo from a local for $5
and selling it for $100 to a ByteDance
programmer at Zaichen Road in Beijing.
Other circles can't handle this kind of
hardship, but we KYC manufacturers in
the crypto circle can.
>> [laughter]
>> Yeah, bro, dude, they're so good, man.
Those crypto bros are so
They're just They're just braving the
conditions. Apparently there's even a
Worldcoin black market. I did not
realize that where they're actually
duping locals to scan their eyeballs and
then selling those black market IDs so
that you can be like, "Oh yeah, I'm
totally this person. I have my
Worldcoin. Yeah. I totally I I totally
am from Zimbabwe." So, one of the last
little spokes here is actual real
people. We're talking about real people
selling their IDs. Now, the crazy part
about this entire gigantic circle right
here is that there's tons of transit
stations. There's tons of SMS carriers.
There's tons of these AI-generated and
real people identification services. So,
to actually stop this stop this blob is
effectively impossible. These black
markets, these gray markets, they just
exist and you can take down one SMS,
it's not going to affect the the transit
station. It's not going to affect the
IDs. They all just keep on going this
this amorphous replaceable modular
system. I mean, it's a very
amazing feat of engineering as bad as it
is. Now, that's how they operate. That's
how these things work, but the real
question comes down to how are they so
cheap, right? Like, there has to be a
story behind it. Well, there's multiple
layers of fraud and let me explain. One
thing these transit stations do is they
actually use the Claude Max plan and
able to kind of create a pool of Claude
agents so that you can kind of route
traffic to to use each one of their
weekly limits. So, that way they get
cheaper tokens if needed. Now, that
obviously does not cut the cost to where
they really need it, but it gets really
close. It could possibly break them down
to even. But, that's not really the type
of fraud you were probably thinking
because that's not really where they do
a lot of the big stuff. But, the more
interesting way in which they save money
and allow for these cheap tokens is this
right here. Real money, fake models,
deceptive model claims, and shadow APIs.
If we go down here to page two, we see
the following. Alarmingly, our
experiments reveal significant
performance inconsistencies between
shadow APIs and the official APIs. On
high-risk medical benchmarks like
Med-QA, the accuracy of Gemini 2.5 flash
model drops precipitously from 83.82%
with the official API to approximately
37%
across all examined shadow APIs. In
other words,
they're saying, they're claiming,
they're showing you right here, "Hey,
you're going to get Claude Sonnet 4 6."
Now, you might actually just be getting
haiku. Maybe you're just getting Gemini.
Like, you don't actually know what
you're getting underneath the hood, and
this is really how they start cutting
those costs down. The other obvious one
is stolen credit cards and all that that
are used to pay for a lot of these
Claude Max plans that they're able to go
and run for some small amount of time
before they get caught. So, those are
effectively free money. But, the one
that I hate to say, the one that I can
already hear right now, Dario going, "I
knew it!" is that they take the data.
Cuz here's the thing, is these transit
stations, real people are trying to
solve real problems. Whether the real
problems are good or not is not up to
debate. It's that they're solving real
problems, and that means these question
and answer pairs that are coming back
out, these are real problems and real
results from high-end models. American
models, Frontier, Soda, all what is Soda
Deez Nuts? I'm not even really sure what
all that stuff means. But, nonetheless,
that's what's happening. So, they can
take these question answer pairs and
sell them to these Chinese labs to be
able to develop these open-source kind
of 6 months behind models. And this is
where the real money's at. This is where
the real gold is at. Is that these
transit stations actually get the best
thing of all, which is real data from
American companies. The good stuff.
Okay, this is pure, unadulterated Opus
4. They even probably got a little bit
of Fable. How much do you want to bet?
They probably even got a little taste of
that Fable.
But, now it's time for my theory. My
theory for how they make even more money
with all this. Now, you've probably seen
these tweets throughout the time talking
about how all these users of Twitter,
there's literally like thousands of
these tweets where they show like, "Oh
my gosh, oh you know, after like one
prompt, my weekly limit's completely
gone." And you're sitting here thinking
like, how how is Claude that bad? Like,
why would you pay money for that? Like,
all these people on the internet are
just so angry about usage limits. Like,
I wonder if there's there's something
wrong. Well, then you think about, well,
wait a second. What about Shai Halud
that happened, you know, about a year
ago? Shai Halud was a worm in NPM that
would self-propagate and steal all these
tokens.
And then you had Shai Halud 2, you had
Shai Halud 3. Really, what you're seeing
is that there's all these vibe victims,
as I like to call them, that have no
idea how computers
work and have been told over and over
again, "Hey, bro, you're a software
engineer now, okay? Your programming
language? English. Go get 'em, tiger,
okay? Yeah, you probably need like five
Claude Code Max subscriptions. Yeah, no,
no, you totally got this. It's totally
normal to run into your weekly limits
all the time. You got this, bro. Go get
'em. Go get 'em." And all of this just
like massive worm nonstop getting your
system hacked by these completely insane
dependency graphs that exist out there
that if you want to even just say hello
world on a website, you need to go and
download tens of megabytes of
JavaScript. Crazy, right? Like, I don't
know what times we live in, but that's
what's happening. Also, you got like
Arch Arch is constantly getting hacked
these days. PyPI? Oh, PyPI is hacked
these days. Like, everywhere you go,
every single one of these
ecosystems of package managers are just
fraught with worms and deception. And
so, how much do you want to bet there's
an entire class of people that are
effectively have their computers acting
like little mini VPNs for these transit
stations. Oh, you have Claude Code up?
We're going to spawn another little
Claude Code in the background and do a
little piece of work. Okay, hey, thank
you, not a big deal. Have fun with your
weekly limits, not a big deal. Right?
Like, they don't they don't want to
abuse it. They don't want to get it
taken from them. All they need to do is
just do it sometimes, just a little bit.
Hey, bro, just a little bit, you know,
like when the person's already active.
So, in case their session runs out, it
feels kind of crazy. I am completely
convinced that this is happening right
now, that there's millions of requests a
day that are through people's laptops
that they don't even know about because
they're software engineers now, okay?
And NPM's totally reasonable ecosystem.
So, there you go. That is the clawed
black market token 70 to 90% off. It's
absolutely wild out there. I'm going to
include a bunch of sources inside the
description. Go check them out.
It is an in-depth enterprise that's
going on. The name is the primogen.
Ask follow-up questions or revisit key timestamps.
This video examines the existence of a 'shadow API economy' where Chinese resellers provide access to premium AI models like Claude at significant discounts. The host explains the infrastructure behind these 'transit stations,' which bypass government restrictions, and details how they overcome hurdles like account registration, phone verification, and identity checks. Furthermore, the video uncovers how these operators cut costs through fraudulent means—such as swapping powerful models for cheaper, inferior alternatives—and highlights the lucrative practice of harvesting high-quality training data from unwitting users to improve competing models. Finally, the host presents a theory that everyday users, through compromised software dependencies, might inadvertently be powering this network with their own computing resources.
Videos recently processed by our community