This template has been specifically prepared for the AFK con job, but it can be used for other scams as well. Any question, please feel free to leave comments below.

COMPLAINANT: xxxxxxxxx
ID NO.: xxxxxxxxx
Address: xxxxxxxxxx
Phone: xxxxxxxx
E-Mail: xxxxxxxx

On September 10, at around 7:40 at night (UTC), more than $ 12 million were stolen by the anonymous developer team of the decentralized finance platform (DeFi) AFKsystem.finance (practically all the funds deposited with the platform).

On a personal level, cryptocurrencies were stolen from the complainant for an amount of approximately $ xxxxxxxx (€ xxxxxxx). 

The website (afksystem.finance) was immediately taken down, as were all associated social networks, Telegram, GitHub and Medium accounts, although:
• Twitter account remains:
https://twitter.com/AFKSystemFi/with_replies.
• The Medium account can be accessed in cache:
http://webcache.googleusercontent.com/search?q=cache:153DRVFwOecJ:https://medium.com/@afksystemfi&hl=es&gl=es&strip=1&vwsrc=0
• And users have saved a copy of the Telegram group chat of the AFKsystem platform that is provided in a folder that contains a ZIP on the USB that accompanies this document.
Despite the perpetrators having deleted the Telegram accounts along with the chat, photos are also sent, which an affected user rescued, of the pseudonyms accounts of both platform administrators.
In order to operate through Telegram, it is necessary to register a phone number that is surely still stored in the Telegram database.

The following is also alleged, in documents enclosed to this document (copy of these contained in the USB, documents 1 and 2):
• the ownership of the EXCHANGE account (user xxxxxxxx and CN xxxxxxx) from which I made deposits in my virtual portfolio,
• deposits made from my virtual portfolio to the affected platform,
• that the last assets I deposited were not withdrawn,
• that the Masterchef contract where the funds were deposited (0xBb3f43008e277543353588Ca2A4941F12e3CaCC0) has been emptied,
• and the amount of the tokens that were deposited in the platform at the time of the theft since the contract still recognizes the balance in favor of each affected user as if they were still there (the reality is that when trying to withdraw, there is an error as there are no funds left to return to users).
This is because it was emptied "through the back door" [detailed in attached documents].

In recent days, several members of the affected community have been collecting information on how the perpetrators altered the code of the contracts and the movements made with the stolen capital between digital wallets until they found an account associated with the centralized exchange platform MEXC (mexc.com) located in Singapore and that has a KYC user identification system, in the same way, several have users tried to contact BINANCE (Cryptocurrency Exchange) in relation to other movements or to collect information from Twitter, Telegram, GitHub or Medium such as access IPs, associated phones, etc.

Users also have transaction information on how the theft was carried out by altering the contracts. All, or a large part, collected in a Twitter thread published by the Obelisk company that was conducting the audit of the altered contracts:
https://twitter.com/ObeliskOrg/status/1436493898180931588 (especially relevant when including portfolios and intermediate contracts that are not mentioned in the rest of this document).

An account of the event timeline is also published here.
And the independent platform RugDoc:
https://twitter.com/RugDocIO/status/1436440660517793798

Some users are also in contact with private cryptographic forensics (cipherblade.com in the United States) to investigate the identity of the participants in the theft.

The wallet 0x56Eb4A5F64Fa21E13548b95109F42fa08A644628, on the Ethereum network, has been marked as a participant in the theft after contacting the blockchain exploration platform (EaaS) Etherscan.io.

This wallet was the one that received, from the Polygon blockchain network in which the AFKsystem platform operated, all the funds stolen by the developers (once already converted to ETH and stablecoins) and then deposited them in the Tornado.cash application ( from the Ethereum network) that allows private transactions, at which point users lose track of the stolen funds.

However, in relation to the aforementioned MEXC exchange platform, there is evidence of transactions carried out from an account on said platform to a virtual portfolio, which is the one that later financed the portfolio that created the native token contracts and other contracts of the AFKsystem platform.
In this sense, MEXC has forms to request assistance and access to the personal documentation of users by authorities or legal entities.

The portfolio outlined in the following link is the creator of the contracts:
https://polygonscan.com/address/0x0a301bdf8c02d19d8204712d9ef10fa38c6109e7
and the one that transferred 8M of $ in ETH (after converting the funds) and 3M in stable (DAI) to the wallet 0x56Eb4A5F64Fa21E13548b95109F42fa08A644628 within Polygon, which then migrated the funds from Polygon to the Ethereum network, where it was marked as a participant in the theft (mentioned above).

Reviewing the  creator address of the contracts, we find the following portfolio:
https://polygonscan.com/address/0x4d527d4a6c56eb7f9f0ee26c50e003cb7f683ee7

This second portfolio is the only one that has sent funds to the portfolio that created the contracts on the AFKSystem platform. In turn, this second portfolio has  received funds from MEXC.com, where users must have had to pass a KYC control:
https://polygonscan.com/tx/0x4d1768f54d2f6cf4583ff14686d888bcb264dc542540dc0f20bcb1641260c674

The way MEXC works, like Binance, is as follows: a user of the platform sends a transfer order to a virtual wallet, then their funds go to MEXC and MEXC forwards them from their wallet to the destination wallet. Therefore, the wallet 0x51e3d44172868acc60d68ca99591ce4230bc75e0 (MEXC Wallet) is the wallet of the platform itself and, within the MEXC platform itself, the information of the account that ordered this transfer and the personal data of said account or how it was financed is saved. .

The portfolio 0x4d527d4a6c56eb7f9f0ee26c50e003cb7f683ee7, which is the one that financed the creator of the AFKsystem contracts,  (Sep-16-2021 07:24:56 AM + UTC) made a transfer through the Polygon network (https: // polygonscan .com / tx / 0xa3ab37c8d79d339b147aaac23fdef4d25f61f537de8fbd6f26ea2262a876272c)
sending funds to wallet 0x85ABFe0297C60f7559B6a85e5461E5F71bEb8D87, which in turn sent them
(https://polygonscan.com/tx/0x12aaff2c511faef5024dfd47fbd55362307875db381140b0663b5f002fdb19fb)
to the 0xd70250731a72c33bfb93016e3d1f0ca160df7e42 wallet with almost $ 5 million of MATIC.

In turn, the intermediate wallet 0x85ABFe0297C60f7559B6a85e5461E5F71bEb8D87, within the Ethereum blockchain, has received funds from HUOBI (another Exchange platform such as MEXC and Binance) since the beginning of 2020 and has not made many transactions (just 50 since it was created):
https://etherscan.io/txs?a=0x85ABFe0297C60f7559B6a85e5461E5F71bEb8D87

Account received funds from Binance:
https://etherscan.io/tokentxns?a=0x85ABFe0297C60f7559B6a85e5461E5F71bEb8D87

The timeline of events is detailed in the following article published on Publish0x website.