Case File // CAC-2026-041 // Operator: AITech Wealth Management
The Arbitrage Bot That Only Ran One Direction: Tracing $84,200 Out of AITech Wealth Management
A software contractor in Austin connected his wallet to an “AI arbitrage” vault run by AITech Wealth Management. The dashboard showed 1.8% daily returns and climbed for eleven weeks. On-chain, every dollar he deposited left the contract the same hour it arrived.
The Entry Point
AITech Wealth Management marketed itself as a self-custodial arbitrage desk that captured price gaps across DEXes and shared the spread with depositors. It was built to reassure people who read code: a GitHub presence, a tidy whitepaper, an “audit” badge, and a live dashboard that ticked upward every few seconds.
Our client did what careful users are told to do — he kept custody and never shared a seed phrase. The only thing the site asked for was a token approval so the “bot” could trade for him. He granted an unlimited USDT allowance and deposited in three tranches over two months.
Where It Broke
The returns were never real. The dashboard balance was rendered from a JSON file AITech controlled — a number in a browser, not a position on a chain. Each deposit triggered a transfer to a router contract that swept the USDT to a collector wallet within seconds, then bridged it to Arbitrum.
The “withdraw” button called a function that emitted an event and updated the display but moved nothing. By the time he tried to pull his profits, the contract held no balance to pull.
The dashboard said I was up 31%. The blockchain said my USDT left the contract the same hour I deposited it.
The Trace
- Pulled the approval and transfer events
We exported every Approval and Transfer event tied to his address and confirmed an unlimited allowance granted to an unverified AITech spender contract.
- Identified the sweeper router
The spender forwarded funds within seconds to a collector wallet. Its bytecode matched a reused drainer pattern we had catalogued in two earlier matters.
- Clustered the collector
Co-spending heuristics tied the collector to four sibling wallets aggregating deposits from dozens of AITech depositors — a pooled operation, not a one-off.
- Followed the bridge to Arbitrum
Funds crossed a canonical bridge, then split: roughly half cycled into a mixer, the other half consolidated toward a single cash-out address.
- Froze the cash-out cluster
That address deposited to a regulated exchange. We filed a documented trace and freeze request; the exchange held the balance pending law-enforcement contact.
Outcome
Of the $84,200, we recovered $39,574 through the exchange freeze on the cash-out wallet. The mixed portion could not be followed with the confidence a recovery requires, and we told him so. A partial result, traced and documented end to end, beats an optimistic promise.
Red Flags in the Code
- A dApp requested an unlimited token allowance — legitimate protocols ask for the minimum, and you can revoke approvals.
- “Returns” were visible only inside the app, never reflected by an on-chain balance.
- The withdraw button always succeeded but never produced an incoming transfer.
- The vault contract was unverified and held an owner key that could move user funds.
- “Audited” was a logo with no linked report from a named firm.
Recognise this pattern?
If your loss looks like this one, send us the transactions and the platform. We’ll tell you honestly whether the chain still holds a trail worth following.
Request a Forensic Review