TLDR:
During regular forensic analysis of thousands of exchanges, NOMINIS recognised BitHarvest.io well known mining platform as having entered the exit phase, based on behavioural activity in line with other ‘slow rug’ scams. Since - Bitharvest appears to have been reported for phishing.
This particular case reinforces the importance of monitoring shadow funds as well as confirmed illicit funds. Systems that exclusively track dirty money fail to pick up cases of illicit shadow funds ,and would therefore fail to flag the wallets belonging to bitharvest.
Introduction
When users attempt to access BitHarvest’s flagship website today, they are met with a phishing warning.
NOMINIS began investigations into the behaviour demonstrated by the mining platform weeks ago - which we believe reflected a deeply concerning pattern typical of slow rug pulls. Shortly after our investigation, Bitharvest has been reported for phishing activity.
This report details the behaviours NOMINIS recognised as suspicious, why we believe the okatform entered the exit phase, and the importance of shadow fund recognition in your compliance platform, to ensure wallets belonging to suspicious platforms are also flagged.
NOMINIS regularly performs the structured forensic analysis of the on-chain infrastructure powering thousands of exchange platforms, in order to enrich the NOMINIS database, known for its detection and attention to shadow funds, as well as formally defined ‘illicit funds’. The structural opacity demonstrated by some exchanges; their behaviour patterns, and manipulation of users, affects the risk score that associated wallets earn in the NOMINIS platform.
BitHarvest emerged as a critical case study of such red flags- not simply as a potential phishing platform, but as a platform that has entered an active exit phase.
Prior to the website’s closure, upon logging in to the BitHarvest platforms, users are automatically presented with an administrative statement, titled ‘BitHarvest Statement on Bitcoin Core v30 and the Latest Asset Transition Solution’’. This notice appears inside the transactional interface itself, triggered when users log in, to manage or withdraw funds.
The message claims that ‘Bitcoin Core v30’ protocol upgrades have fundamentally altered the network’s structure, increasing data load ‘50,000’ times’ and requiring extensive adaptation across mining pools and nodes. Citing these supposed technical constraints, the platform announces an ‘Asset Transition Solution’.
Further in the notice, BitHarvest outlines how user mining devices, booster products, and balances will be recalculated and converted into BTC tokens and Loyalty Credit. The original value is re-denominated into internal instruments rather than preserved in withdrawable assets.
Users are informed that USDT and BTC balances will be converted into WC (Wallet Credit), explicitly described as ‘non-transferable’. Other balances are converted into BTH at internal ratios.
The pivot announcement goes into details of these newly introduced tokens, BTH, the ‘native token of a HarvestAI Layer-1 ecosystem’ complete with DAO bonds, burn mechanisms, and exchange integrations’, LC, a transitional internal asset used for purchase offsets, and WC.
WC includes a phased withdrawal unlock schedule: 10% per phase, beginning months into the future for certain users. Each account is limited to partial withdrawals per phase.
So; instead of allowing users to withdraw deposited BTC or USDT, BitHarvest converts balances into internal accounting units. Access is restricted through time-based unlocks. Liquidity is replaced by platform-controlled credits.
A later announcement from the administrative team of BitHarvest suggest a value change of BTH, which will be valued at $0.000000001, beginning February 1st, 2026.
What this pattern shows us
This behaviour is a clear restructure of user assets. The pattern mirrors known exit phase mechanics observed in prior mining platform collapses:
Rather than disappearing overnight, the platform transitions users into a ‘synthetic’ ecosystem, with phased unlock schedules, to prevent an immediate mass exodus. Internal tokens maintain the appearance of value continuity, while messaging on the interface speaks of upgrades and innovation.
These are signs of a ‘slow rug’.
It is now NOMINIS’ understanding that BitHarvest has been shut down - given users inability to access the site. This is a concerning advance given the situation for the funds of users remains unknown, and perhaps inaccessible.
The Compliance Implication - the Shadow Risk
From a compliance standpoint, this case illustrates a central truth of crypto markets: legitimacy is not determined by presentation, but by transaction behaviour.
The exchange may appear professionally branded, with a structured upgrade announcement, but original deposits suddenly become withdrawable, and balances are forcibly converted into internal credits.
This case does more than illustrate the mechanics of a potential exit phase. It exposes a deeper structural weakness in how risk is typically assessed in the crypto ecosystem.
Historically, AML frameworks in crypto have primarily focused on identifying “dirty money”, proceeds derived from clearly criminal activity such as ransomware, drug trafficking, fraud schemes, or darknet markets. These flows are reactive in nature, traceable after a crime has occurred, and often predictable laundering patterns.
However, cases like BitHarvest highlight a different and more complex category of risk.
Screenshot from the NOMINIS platform, screening a known BitHarvest wallet. This wallet transactioned almost $200,000 over the span of just two weeks, as recently as January 2026, before the mining platform’s abrupt closure.
Dangerous flows don’t necessarily originate from criminal predicates; some originate from shadow funds: capital that may begin as legitimate economic activity, but it strategically redirected, layered, or structurally manipulated in ways that destabilise markets, evade oversight, or entrap users inside controlled, opaque ecosystems.
In the BitHarvest case, the key concern is not whether incoming deposits were sourced from criminal activity. The critical issue is that user-held, publicly transferable assets are being converted into internally governed credits and ecosystem tokens under a centralised transnational protocol, as part of a slow rug scam. From a compliance standpoint, this changes the nature of the risk entirely.
Traditional compliance tools are designed to detect dirty money and their risk models are triggered by exposure to predefined illicit categories. If a wallet does not directly interact with those sources, the risk score often remains low.
In a case like BitHarvest, that approach can fail.
If deposits originate from ordinary retail users and backend wallets do not directly touch sanctioned entities, legacy systems may classify the service as low risk. Structural changes, such as freezing withdrawals, converting BTC and USDT into internal credits, or consolidating treasury funds are not necessarily captured by tools focused purely on criminal origin.
Shadow risk operates differently. The concern is not where the money came from, but who controls the infrastructure and how that control can be exercised.
Additional screenshot from NOMINIS platform, risk screening a BitHarvest wallet used from June to July 2025. Over 4 weeks, this wallet transacted over $2 million in wallets involved in the scam platform, rendering the funds illicit. The blank shadow funds demonstrate a lack of this wallet address mention anywhere on the clear or deep web, further reinforcing the importance of using a screening platform that accounts for shadow funds, as well as known illicit assets.
NOMINIS’ ongoing investigations focus on infrastructure mapping, backend wallet clustering, and long-term liquidity monitoring across brands. By combining on-chain behavior with intelligence sources, shared treasury systems and structural shifts are identified early. This ensures that shadow infrastructure risk, not just dirty money exposure, is reflected in client risk assessments, giving clients not only the power to accept or reject funds within their own policy, but with the highest quality resources available.
All research content and accompanying reports are provided for informational purposes only and should not be relied upon as professional advice. Accessing these materials does not create any professional relationship or duty of care. Readers are encouraged to consult appropriately qualified professionals for guidance. We uphold the highest standards of accuracy in all the information we provide. For any questions or feedback, please contact us at contact@nominis.io.
.jpg)
