VOOZH about

URL: https://www.explainx.ai/blog/anthropic-alibaba-claude-distillation-25000-fake-accounts-2026

⇱


← Back to blog
πŸ‘ Anthropic vs Alibaba: 25,000 Fake Accounts and 28.8M Claude Exchanges

Related posts

Jun 25, 2026

AI Token Black Market: How Claude and Codex Get Resold at 70–93% Off

After Anthropic accused Alibaba of a 28.8M-exchange distillation campaign, HN and X revealed the supply chain underneath β€” Chinese resellers offering Claude at 70–90% below API list, Codex at 1–5% of official cost, and labs buying reasoning traces. Greg Kamradt called it "obvious in retrospect."

Jul 1, 2026

Leaked Claude App Strings Tie Fable 5 to Usage Credits and ID Verification

App strings showed Fable credits gated on verification before restore. Fable 5 is live July 1 β€” how credits and ID checks may still work.

Jul 1, 2026

Will Fable 5 Rate Limits Reset When It Returns? July 1 Access Guide

Fable 5 is live July 1. June 13 limits reset during ban; credits may still apply. Sonnet 5 raised limits. GPT-5.6 broad access around the corner.

TL;DR: Anthropic accused operators linked to Alibaba's Qwen division and companies like DeepSeek of running nearly 25,000 fraudulent accounts that generated over 28.8 million interactions with Claude β€” aimed at distilling coding, reasoning, and planning into competing Chinese models. Anthropic called it the largest extraction campaign detected to date and briefed U.S. lawmakers and White House officials. On X, @GregKamradt said the underlying token black market was "obvious in retrospect"; @pmarca replied "Cyberpunk AF."

Short-form breakdown of Anthropic's allegations against Alibaba, Qwen, and linked Chinese AI labs over fraudulent Claude account farms.

What Anthropic alleged

According to Reuters and CNBC (June 24, 2026), Sarah Heck, Head of Policy at Anthropic, sent a June 10, 2026 letter to Chairman Tim Scott and Ranking Member Elizabeth Warren on the U.S. Senate Committee on Banking, Housing, and Urban Affairs.

πŸ‘ Anthropic June 10, 2026 letter to Senate Banking Committee β€” largest known distillation attack by Alibaba Qwen operators, 25,000 fraudulent accounts, 28.8 million Claude exchanges April 22–June 5, targeting agentic reasoning and software engineering

Anthropic describes distillation attacks as systematic, industrial-scale efforts to harvest American IP and repackage US frontier capability without bearing original R&D costs. The letter frames the Alibaba campaign as the largest known distillation attack Anthropic has detected β€” targeting agentic reasoning, software engineering, and long-horizon tasks specifically.

ClaimDetail
Fake accounts~25,000 fraudulent accounts
Volume28.8 million Claude model exchanges
WindowApril 22 – June 5, 2026
TargetsAgentic reasoning, software engineering, long-horizon tasks
OperatorsAffiliated with Alibaba / Alibaba Qwen
Prior campaignsDeepSeek, Moonshot, MiniMax β€” ~16M exchanges via ~24,000 accounts (Feb 2026 blog post)
Capability concernPRC labs reaching Mythos Preview-level capability faster via extraction

πŸ‘ Anthropic letter page 2 β€” distillation erodes US technological edge; Alibaba on Pentagon 1260H list; NSTM-4 and NSPM-11 whole-of-government response; attacks continue despite executive branch efforts

The letter ties distillation to national security: if PRC labs reach Mythos-caliber models through extraction, advanced cyber capabilities could deploy against US government and companies. Anthropic cites Project Glasswing as a US defensive program that has helped harden cyber posture β€” the same Glasswing context behind Mythos testing and the June 12 export controls.

Distillation here means using a frontier model's outputs β€” and often chain-of-thought reasoning traces β€” as training signal for a cheaper rival. You do not need weights; you need volume, diversity, and persistence.

Alibaba did not immediately respond to Reuters' request for comment in published reports.


June 27 β€” Mythos cyber narrative vs bot-farm blind spot

The distillation letter landed before the June 12 Fable/Mythos suspension, but the two stories collided publicly on June 27, 2026 when trending coverage juxtaposed:

Washington framingOperational reality
Mythos too capable for public release; cyber demos alarm lawmakers~25,000 fraudulent accounts ran 28.8M exchanges undetected (Apr 22 – Jun 5)
Export controls protect national securityBot farms used dynamic IPs, reseller APIs, and subscription arbitrage
Federal pre-release access needed (Garbarino demo via Punchbowl)July 8 ID verification targets fake accounts β€” separate from EAR

Neither side is fully wrong. Real banking vulnerabilities exist β€” security firms disclose ACH and transaction-initiation bugs regularly. Controlled demos can show exploit paths without proving Mythos can drain arbitrary live accounts on demand. Likewise, Mythos-class cyber and bot-account detection are different engineering problems; failing one does not invalidate the other, but it complicates the political case for a global API shutdown.

For Fable restoration: the letter strengthens Anthropic's argument that identity verification matters for US-first return, while export-control opponents cite the same letter as evidence the ban overshoots operational risk. Status hub: Is Fable 5 back? β€” answer remains no on June 27.


How this trended on X

Grok's X summary (June 25, 2026) framed the story as a fast-moving news item: Anthropic's disclosure, lawmakers briefed, penalties still unclear.

Notable posts:

The through-line: builders already suspected capability leakage; Anthropic put numbers on it.


Hacker News: the supply chain underneath

The HN thread on Anthropic vs Alibaba exploded because tristanj explained how cheap Claude access scales β€” not just that labs want traces.

Core mechanics (summarized from the top comment):

  1. Chinese resellers offer Claude at 70–90% below official Anthropic API prices.
  2. They pool Claude Max subscriptions, use payment fraud, and route via proxy APIs.
  3. They resell model output and reasoning chains to Chinese labs β€” subsidizing cheap tokens with trace sales.
  4. Claude and ChatGPT are blocked in China; VPN + foreign cards push users to resellers (中转站 / transfer stations).
  5. Example pricing cited: yunwu.ai allegedly advertising Opus-class access at ~93% off list API rates.

That comment is the bridge between headline geopolitics and developer economics. We captured the full HN screenshot and reseller playbook in AI Token Black Market: Claude Resellers at 70–93% Off.

Important distinction from HN debate:

ActivityWhat it is
Token resellingCheap inference via subscription arbitrage β€” ToS gray area, consumer-facing
DistillationTraining competitor weights on harvested outputs β€” industrial IP extraction
Anthropic's Alibaba letterFocuses on the latter at scale β€” 28.8M exchanges

Many HN commenters argued the two overlap: resellers log everything and double-dip β€” margin on tokens plus payment from labs for training data.


Why Anthropic added identity verification

Anthropic's layered defenses β€” geoblocking, phone verification, credit cards, live biometric KYC β€” map directly to bot-farm economics.

From the HN thread:

"These resellers operate tens of thousands of bot accounts, which is also why Anthropic introduced identity verification, to slow down the onslaught of bots."

Commentators also note evasion: residential proxies, ID verification as a service in low-income countries (~$30/account), and human prompt farms if automation fails.

Our export-control coverage ties the same week to Fable 5 / Mythos 5 restrictions β€” different lever, same war: keep frontier capability from becoming commodity training data.


DeepSeek, GLM, and the price war

HN users debated whether Chinese labs are "winning on merit" or riding subsidized Claude access.

tristanj argued DeepSeek permanently cut V4-pro API prices 75% because resold Opus tokens undercut them β€” Chinese open-weight providers forced to match impossibly cheap frontier access.

Counter-arguments on HN:

For builders, the practical takeaway: ultra-cheap Claude endpoints are a trust problem β€” wrong model, logged prompts, no DPA, sudden cutoffs.


Policy and penalties

Anthropic's letter asks Congress for three measures:

πŸ‘ Anthropic letter page 3 β€” Sarah Heck recommendations: threat intel sharing between US labs, export controls on advanced compute, penalize PRC distillation; Anthropic blocks commercial Claude access in China and for PRC-headquartered subsidiaries

  1. Threat information sharing β€” legislation enabling deeper collaboration between US government and frontier labs, plus clarified antitrust guidelines so labs can share PRC attack tactics without legal risk
  2. Export controls on advanced compute β€” close loopholes (smuggling networks, offshore data centers) PRC labs use to run distillation at scale
  3. Penalize PRC lab misconduct β€” make distillation costlier via the US economic security toolkit; Anthropic states it does not allow commercial Claude access for entities in China or subsidiaries of PRC-headquartered companies

The letter references NSTM-4 (Trump administration OSTP memo on distillation) and NSPM-11 (national security enterprise partnership with private AI companies for threat sharing and red-team exercises). Despite those whole-of-government efforts, Anthropic writes that distillation attacks remain widespread among PRC AI labs.

Open questions X and HN keep asking:

@aleabitoreddit summarized the mood: "Feels like this is kind of known by now... but there's been no real penalties enforced yet. We'll see."


What this means for Claude users and builders

If you use official Claude

If you build agents

If you follow AI geopolitics


Timeline

DateEvent
Feb 2026Anthropic flags smaller distillation campaigns (DeepSeek, Moonshot, MiniMax)
Apr 22 – Jun 5, 2026Alleged Alibaba/Qwen campaign β€” 28.8M exchanges
Jun 10, 2026Anthropic letter to Senate Banking Committee
Jun 24, 2026Reuters / CNBC publish; HN thread surges
Jun 25, 2026X trending; Greg Kamradt "black market" thread; Grok news summary
Jul 8, 2026Anthropic identity verification policy (scheduled)

Related reading

Primary sources: Reuters β€” Anthropic vs Alibaba Β· CNBC Β· Hacker News #48667495 Β· Greg Kamradt on X Β· YouTube Short


Alibaba allegations are Anthropic-reported unless independently verified. Reseller pricing claims come from HN/X community reports. This article is analysis for developers and policy readers β€” not legal advice.