Anthropic vs Alibaba: 25,000 Fake Accounts and 28.8M Claude Exchanges
Anthropic accused Alibaba Qwen, DeepSeek, and linked operators of running nearly 25,000 fraudulent accounts and 28.8 million Claude interactions to distill coding, reasoning, and planning capabilities — the largest extraction campaign it has detected.
TL;DR: Anthropic accused operators linked to Alibaba's Qwen division and companies like DeepSeek of running nearly 25,000 fraudulent accounts that generated over 28.8 million interactions with Claude — aimed at distilling coding, reasoning, and planning into competing Chinese models. Anthropic called it the largest extraction campaign detected to date and briefed U.S. lawmakers and White House officials. On X, @GregKamradt said the underlying token black market was "obvious in retrospect"; @pmarca replied "Cyberpunk AF."
Short-form breakdown of Anthropic's allegations against Alibaba, Qwen, and linked Chinese AI labs over fraudulent Claude account farms.
What Anthropic alleged
According to Reuters and CNBC (June 24, 2026), Sarah Heck, Head of Policy at Anthropic, sent a June 10, 2026 letter to Chairman Tim Scott and Ranking Member Elizabeth Warren on the U.S. Senate Committee on Banking, Housing, and Urban Affairs.
Anthropic describes distillation attacks as systematic, industrial-scale efforts to harvest American IP and repackage US frontier capability without bearing original R&D costs. The letter frames the Alibaba campaign as the Anthropic has detected — targeting specifically.
DeepSeek, Moonshot, MiniMax — ~16M exchanges via ~24,000 accounts (Feb 2026 blog post)
Capability concern
PRC labs reaching Mythos Preview-level capability faster via extraction
The letter ties distillation to national security: if PRC labs reach Mythos-caliber models through extraction, advanced cyber capabilities could deploy against US government and companies. Anthropic cites Project Glasswing as a US defensive program that has helped harden cyber posture — the same Glasswing context behind Mythos testing and the June 12 export controls.
Distillation here means using a frontier model's outputs — and often chain-of-thought reasoning traces — as training signal for a cheaper rival. You do not need weights; you need volume, diversity, and persistence.
Alibaba did not immediately respond to Reuters' request for comment in published reports.
June 27 — Mythos cyber narrative vs bot-farm blind spot
The distillation letter landed before the June 12 Fable/Mythos suspension, but the two stories collided publicly on June 27, 2026 when trending coverage juxtaposed:
Washington framing
Operational reality
Mythos too capable for public release; cyber demos alarm lawmakers
~25,000 fraudulent accounts ran 28.8M exchanges undetected (Apr 22 – Jun 5)
Export controls protect national security
Bot farms used dynamic IPs, reseller APIs, and subscription arbitrage
July 8 ID verification targets fake accounts — separate from EAR
Neither side is fully wrong. Real banking vulnerabilities exist — security firms disclose ACH and transaction-initiation bugs regularly. Controlled demos can show exploit paths without proving Mythos can drain arbitrary live accounts on demand. Likewise, Mythos-class cyber and bot-account detection are different engineering problems; failing one does not invalidate the other, but it complicates the political case for a global API shutdown.
For Fable restoration: the letter strengthens Anthropic's argument that identity verification matters for US-first return, while export-control opponents cite the same letter as evidence the ban overshoots operational risk. Status hub: Is Fable 5 back? — answer remains no on June 27.
How this trended on X
Grok's X summary (June 25, 2026) framed the story as a fast-moving news item: Anthropic's disclosure, lawmakers briefed, penalties still unclear.
Notable posts:
@GregKamradt — "obvious in retrospect but I had no idea there was a black market for tokens" — linking industrial distillation to everyday reseller pricing.
Cheap inference via subscription arbitrage — ToS gray area, consumer-facing
Distillation
Training competitor weights on harvested outputs — industrial IP extraction
Anthropic's Alibaba letter
Focuses on the latter at scale — 28.8M exchanges
Many HN commenters argued the two overlap: resellers log everything and double-dip — margin on tokens plus payment from labs for training data.
Why Anthropic added identity verification
Anthropic's layered defenses — geoblocking, phone verification, credit cards, live biometric KYC — map directly to bot-farm economics.
From the HN thread:
"These resellers operate tens of thousands of bot accounts, which is also why Anthropic introduced identity verification, to slow down the onslaught of bots."
Commentators also note evasion: residential proxies, ID verification as a service in low-income countries (~$30/account), and human prompt farms if automation fails.
Our export-control coverage ties the same week to Fable 5 / Mythos 5 restrictions — different lever, same war: keep frontier capability from becoming commodity training data.
DeepSeek, GLM, and the price war
HN users debated whether Chinese labs are "winning on merit" or riding subsidized Claude access.
tristanj argued DeepSeek permanently cut V4-pro API prices 75% because resold Opus tokens undercut them — Chinese open-weight providers forced to match impossibly cheap frontier access.
Counter-arguments on HN:
Open-weight GLM and DeepSeek are genuinely efficient — US providers also sell them cheaply.
Some resellers fake Opus with weaker models (system prompt: "you are Opus 4.6").
Distillation + resale can coexist — real Opus traffic for traces, fake Opus for margin.
For builders, the practical takeaway: ultra-cheap Claude endpoints are a trust problem — wrong model, logged prompts, no DPA, sudden cutoffs.
Policy and penalties
Anthropic's letter asks Congress for three measures:
Threat information sharing — legislation enabling deeper collaboration between US government and frontier labs, plus clarified antitrust guidelines so labs can share PRC attack tactics without legal risk
Export controls on advanced compute — close loopholes (smuggling networks, offshore data centers) PRC labs use to run distillation at scale
Penalize PRC lab misconduct — make distillation costlier via the US economic security toolkit; Anthropic states it does not allow commercial Claude access for entities in China or subsidiaries of PRC-headquartered companies
The letter references NSTM-4 (Trump administration OSTP memo on distillation) and NSPM-11 (national security enterprise partnership with private AI companies for threat sharing and red-team exercises). Despite those whole-of-government efforts, Anthropic writes that distillation attacks remain widespread among PRC AI labs.
Open questions X and HN keep asking:
Will there be enforcement beyond account bans and export controls?
Does Alibaba face legal or trade consequences, or is this naming-and-shaming?
Does distillation law apply when LLM outputs may not be copyrightable in the US?
@aleabitoreddit summarized the mood: "Feels like this is kind of known by now... but there's been no real penalties enforced yet. We'll see."
What this means for Claude users and builders
If you use official Claude
Expect more friction at signup — ID checks are anti-bot economics, not just security theater.
Max subscription pooling under resellers increases risk Anthropic tightens per-seat limits or weekly caps.
If you build agents
Coding agents and harnesses inherit upstream token economics — gray-market keys can poison evals and leak IP.
Alibaba allegations are Anthropic-reported unless independently verified. Reseller pricing claims come from HN/X community reports. This article is analysis for developers and policy readers — not legal advice.