How Fraudsters Exploit Online Promotions: Real Cases and Lessons

"薅羊毛" (literally “shearing wool”) refers to using tricks to turn small benefits into larger gains, often by exploiting promotional activities on internet platforms or by taking advantage of system vulnerabilities.

With the rise of online promotions, a group of users known as “羊毛党” (wool‑stealers) has emerged, who systematically collect coupons, points, or free memberships for personal profit.

Case 1: Charging a video‑membership account for nearly 90 years

A man illegally used software to bypass an app’s lottery limits, repeatedly earning points and converting them into video‑membership credits, ultimately extending his account’s validity to the year 2111, a total of over 90 years.

The suspect, identified as Fang, was arrested in Chongqing; he used illegal software to bypass the app’s draw‑limit, repeatedly redeeming points for services such as QQ and iQIYI, causing losses of over 10,000 CNY.

Case 2: Reusing a single coupon nearly 7,000 times

In August, an app’s “new‑user recharge discount” was attacked; 168 accounts from 32 IPs performed 6,900+ recharges, exploiting a coupon loophole. Police later arrested 11 suspects across several provinces.

Case 3: Game‑promotion cash‑out fraud

Criminals used a custom cheat program to bypass a game’s reward system, creating 154 accounts, linking them to four bank cards, and cashing out over 10,000 CNY.

International example

Former Microsoft software engineer Vladimir Kvasuk was sentenced to nine years for stealing over $10 million in digital‑currency vouchers by exploiting a system vulnerability and framing a colleague.

While many “薅羊毛” activities are harmless and simply a way for users to enjoy promotions, using illegal means—such as stealing personal information, bypassing security controls, or exploiting software bugs—constitutes criminal behavior under the penal code.

Authorities advise that users should only use their own legitimate information to claim coupons and avoid any technique that violates a platform’s security or terms of service, as the consequences can be severe.