Ep. 36: China Tech is Risky Business – Pinduoduo’s Hack and DJI’s Corruption Scandal

In episode 36 of TechBuzz China, co-hosts Ying-Ying Lu and Rui Ma talk about the dirty, risky, and more unseemly aspects of China tech, primarily focused on two stories that grabbed headlines recently: the “hack” at Pinduoduo, and the corruption scandal at DJI. Although the incidents differ greatly from each other, they have come on each other’s heels and our co-hosts decided to bundle them together for an episode, reflecting what’s buzzing within the tech community in China right now.

Rui and Ying-Ying begin by focusing on the Pinduoduo story. This past week, the company lost millions of dollars to hackers who redeemed coupons for about $15 for about $0.06. At one point, it was rumored that the platform lost over $3 billion in just a few hours, and users wondered if the company would go bankrupt. Pinduoduo has denied these rumors and insists that actual losses will be less than $1.5 million. However, what exactly happened? How did Pinduoduo decide to handle the issue, and what were the ramifications of these actions? How extensive was the damage to both the company and its stock price?

Next, our co-hosts shift their attention to a scandal that has rocked Chinese tech this week: the unearthing of over $150 million in losses due to internal corruption at leading drone maker DJI. Incredibly, the “chain of corruption” was unearthed by accident while the company was upgrading its management process late last year. One by one, Rui and Ying-Ying list and review the methods by which employees colluded and completed their dirty deeds. They share about how DJI handled the situation: very publicly, by sending out a letter to its 14,000 staff around the world. Why did they take this approach?

Listen to find out: How unusual– or not– are these two stories in the landscape of China tech? How are businesses getting scammed by China’s “black-gray” industry, in which people are committing fraud at a massive scale? How was it that DJI, a decacorn known for its world-class quality, with anti-corruption systems in place, was able to be brought to its knees by a group of criminal employees? Are there more scandals these days… or is there simply more transparency around events when they do get reported or disclosed? What are some of the other high profile cases that have come up recently? As an investor or entrepreneur in China, what do you need to know about these risks?

As always, you can find these stories and more at pandaily.com. Do let us know what you think of the show by leaving us an iTunes review, liking our Facebook page, and tweeting at us at @techbuzzchina to win some swag! Thanks also to our listeners over at our partner, dealstreetasia.com.


(Y: Ying-Ying Lu; R: Rui Ma;)

[00:00] R: Hey Techbuzzers! Today we have a relatively short and sweet episode for you as things gradually ramp down in preparation for Chinese New Year. We’ll have one last episode for you next week before the entire Pandaily team and all of China takes off for the Year of the Pig celebrations.

Y: The Year of the Earth or Dirt Pig, 土猪, actually. So in that same spirit, we are going to talk about some of the dirty, risky and more unseemly aspects of China tech, primarily focused on two stories that have grabbed headlines recently — the “hack” at Pinduoduo, and the corruption scandal at DJI.  

R: There’s actually been a slew of these, including one announced literally just now as we are writing the episode, involving the co-founder and Chief Scientist of Roadstar.ai, an autonomous driving startup that raised a $128mm Series A last year.  The guy apparently falsified results, accepted kickbacks, and withheld IP. Shady stuff.

Y: Although the incidents differ greatly from each other, they’ve come on each other’s heels and we thought, why not, let’s bundle them together for an episode because it’s definitely what’s buzzing within the tech community in China right now.

R: Note, the stories we are gonna talk about and the risks they represent are by no means unique to Chinese tech companies, but they do happen in this market with regularity, and whether you’re an investor or entrepreneur, you might want to listen on and hopefully avoid their same fate.  What are we waiting for? Let’s get started!

[1:56] Y: Hi everyone! We are TechBuzz China by Pandaily, powered by the Sinica Podcast Network!

R: We are a weekly podcast focused on giving you a peek into what’s buzzing within the tech community in China.   

Y: We uncover and contextualize unique insights, perspectives and takeaways on headline tech news that don’t always make it into English language coverage. So you can be smarter about the world of China tech.

R: TechBuzz China is a part of Pandaily.com, an English language site that tells you “everything about China’s innovation.” I’m one of your two co-hosts, Rui Ma.

Y: And I’m your other co-host, Ying-Ying Lu. We’d like to acknowledge our partners DealStreetAsia and SupChina, creator of the Sinica Podcast Network! In addition to Techbuzz, you can also find Sinica which covers current affairs, NuVoices on women, the business-oriented ChinaEconTalk, and the Caixin-Sinica Business Brief from China’s leading business magazine. Check these out!

R: One last thing before we get started, if you enjoy listening to us, please take the time to leave us a rating or review on iTunes, Facebook or wherever you get your podcast!

[3:12] R: Pinduoduo, if you’ll remember, is the current darling of China e-commerce, having reached a valuation of $23Bn and an IPO on the NASDAQ within three years of its founding, a story that we detailed back in Episode 17. It’s a social e-commerce app that’s founded by an ex-Google engineer and prides itself on being very engineering-focused, having iterated to the current product through trial and error rather than some genius intuition about retail.

Y: One of the reasons the CEO Colin Huang gave for even going IPO, if you’ll remember, is, and I quote “we are a team of engineers and we haven’t dealt so much with the media. In order to establish our credibility, we need to go public. Going public allows us immediately to become more transparent.”

R: So imagine the utter embarrassment this past week when Pinduoduo lost millions of dollars to hackers who redeemed coupons for about $15 or 100 yuan each for just a few cents, actually, about 6 cents if you want to be exact.  These coupons were good for any item on the platform and were valid for one year. At one point, it was rumored that the platform lost over $3Bn in just a few hours and users wondered if the company would just go bankrupt.  Pinduoduo has since denied those rumors and insists that actual losses will be less than $1.5MM. But what exactly happened here?

Y: Details are a bit confusing, but according to Pinduoduo, this wasn’t a system vulnerability as widely reported but a malicious attack.  The team had created some special discount codes for audience members of a popular dating show that it had partnered with and was sponsoring, and the code allowed for each registered phone number to receive one $15 coupon. Supposedly, these codes were not available anywhere online, and were only promoted through this one and only offline channel, the TV show audience.

[5:18] R: But this was somehow discovered by 黑灰产团伙, or hackers and other criminals, who used phone bot farms to fake accounts and get thousands of these coupons, which they redeemed immediately for QQ coins and prepaid phone cards, which are liquid and so easily exchanged for cash, and have no expiration date.

Y: And then the rumor is that to cover up their tracks and muddle the situation, the hackers then spread the codes on the internet, where it quickly went viral in chat groups of millennial coupon clippers.

R: You see, a recent phenomenon in China, especially with all the subsidies that first banks then consumer internet companies are constantly doling out, is that there is a new term that’s cropped up, 薅羊毛, which is now internet slang referring to millennials and Gen Zs who are very tech savvy deal hunters.  I personally think this term, since it literally translates to “pull wool,” really means “fleecing these internet companies.”

Y: That’s right, instead of the consumer getting fleeced, it’s the company getting fleeced, and that was the dominant headline when this Pinduoduo news came out.

[6:27] R: What’s different this time is that Pinduoduo reported the incident to the police and do not intend on “honoring” the redeemed coupons, unlike in the past when for example, a bug on the China Eastern airline last November allowed customers to buy tickets for as low as $12, or when Tencent had a bug that allowed its video users to top up their subscription for substantially less than the face value. In these and many other instances, the company would just eat the losses, for which Tencent in that one particular instance was about $7mm.

Y: Pinduoduo, however, is not budging in its refusal to honor the coupons and have unilaterally frozen the orders. The company’s argument is that this was a targeted attack, and vulnerabilities in the system aside, the hackers are criminals and should be punished. While some customers are clamoring to be compensated, it’s not clear that they have any legal grounds to do so. Meanwhile, Pinduoduo is offering a $0.75 voucher that doesn’t expire for 50 years as an apology.

R: And indeed, actual hacking carries with it a minimum 5-year prison sentence in China, and even “merely” exploiting bugs can still result in a criminal prosecution.  Disseminating such information can also lead to charges, although unless at scale, most people are probably just going to be asked to return their  gains and won’t need to serve any actual jail time.

Y: So what this Pinduoduo news really did was heighten the awareness of both entrepreneurs and consumers to the existence of a flourishing hacker and deal hunting community.  Like anything else in China, where there are loopholes, or a way to realize economic benefit, there are organized attempts to take advantage of them.

[8:14] R: Some of these operations are almost, what I would call, institutionalized.  Of course there are hackers who just rely on technical knowhow to make money.  These might include bot farms where illegal SIM cards, often physically imported from Southeast Asian countries, other times it might be virtual, are being used to register multiple fake accounts to get deals. But there are also some low-tech organizations such as numerous QQ and WeChat groups whereby users pay a membership fee, say $5 or so, to get access to deal announcements, and some, by the way, sell actual software hacks to these members for a higher fee.

Y: Some of these groups are tens of thousands in membership, and mostly consist of students or working professionals in less developed cities. Once a deal is announced in the group, they can act quickly and swarm in en masse. For companies, this can be a real problem because promotions that were meant to attract new users are taken up instead by these 羊毛党, or coupon clippers.

R: So next time you see a Chinese company announce that their promotion was sold out in minutes, or even seconds, be wary that they might not have been all scooped up by real fans, but instead, by deal hunters who came in a swarm to get the smallest benefit.

Y: Luckily for Pinduoduo, the damage from this incident was limited, or so they say. The company seems to be weathering the storm well though, and its stock price remains stable, with even a slight uptick the past few days. Or maybe the incident just didn’t make as big of a splash in the market as it did in China. Especially around this time of year, when New Year’s promotions are rampant, companies would do well to make sure that their well-intended campaigns are not abused for ill-gotten gains.

[10:15] R: Hey Techbuzzers, a brief announcement here.  We want to introduce you to Pandata, Pandaily’s new database on Chinese tech companies. Pandata will give you a company’s business overview, employee count, founding date, other basic information, and of course, links to Pandaily’s existing coverage on it.  So there you go, check out Pandata, your guide to China’s tech world.

[10:44] Y: On the other end of the spectrum and unfolding with astonishing transparency is another scandal that has rocked Chinese tech this week, which is the unearthing of over 1 billion RMB, that’s 150mm USD or so, in losses due to internal corruption at leading drone maker DJI. What happened there?

R: Well, this was a result of an anti-corruption investigation DJI launched late last year after accidentally uncovering large amounts of irregular activity while upgrading its management processes.  That’s right, accidentally discovered. There was no whistleblowing and it could have just as easily gone on undetected for even longer.

Y: The probe found that a whole “chain of corruption” existed, and included staff from the R&D department all the way to procurement, which if you think about it, makes sense, because defrauding the company on this massive of a scale without detection probably involved some kind of cooperation, at least implicitly.

R: Unlike in many other companies, DJI took an unusually public approach to disclosing this matter.  Whereas most companies, especially Chinese ones, would have remained mum on the subject, DJI sent out a letter to its staff, which now numbers 14,000 people around the globe.

[12:09] Y: The letter starts off with expressing the management’s frustration at having to resort to this public shaming, because it’s a huge embarrassment, especially in Chinese culture. But they were forced to, because not only were the accused unrepentant, they apparently began to spread rumors inside the company. They claimed that they were being punished unfairly because of their long tenure and that this was a result of high level political maneuverings, of which they were victims.  

R: Thus, the management felt that they had no choice but to air the dirty laundry, and although the version we saw had the names blurred out, supposedly the original memo actually listed the names and departments of all those who had been found guilty, which is again, remarkable transparency.   

Y: And there were quite a few names listed. 29 people were immediately fired, and 16 were handed over to the authorities. The entire procurement department was turned over. How, you ask, could this happen?

R: Well, rather simply, it turns out.  The most obvious way is for those who are in charge of procurement to team up with suppliers and quote DJI a higher-than-market price, and splitting the additional profits.

[13:24] Y: And if the suppliers didn’t want to do this? Well too bad, you would just make up some BS reason to kick out those who didn’t want to play dirty with you. Claim their technology was subpar, or just fiddle with the technical requirements somehow. Those who remained would give you long-term kickbacks.

R: Or sometimes you did this by asking for prices that are so low that no normal supplier would participate.  When only one supplier, the one who is colluding with you, remains, you guys then raise the prices to DJI by claiming monopoly for this component and then you split the profits.

Y: The worst though, in my opinion, is not overcharging DJI, which does have margin to spare, after all, but using subpar suppliers. So this is where the R&D and QA departments come into play, where certain procurement folks were working with colleagues in these departments and purchasing from low quality suppliers. QA, for example, would then forego testing the supplies and sign off on things that wouldn’t have passed a real inspection.

R: And finally, the fifth way you could have screwed over DJI is to set up a phony company with friends and award the contract to said fake company at a high price, while subcontracting the business to an actual supplier, and pocketing the difference.  I definitely knew of people who did this in other industries in China. While this was the most safe in terms of getting caught because the least number of parties are involved, there is often a mismatch in cash flow that makes it difficult to take advantage of very large orders.

[15:00] Y: Rui you are sounding too much of an expert on this.

R: Well let’s just say the first industry I worked in upon arriving in China back in 2007 was real estate investing, so, if you think DJI had many suppliers to manage, think about what goes into building a hotel or a mall.

Y: Definitely. There are so many ways unethical employees could take advantage of the situation.   

R: And, unfortunately, many do.  The head of my real estate group was jailed for five years on bribery charges for violating the Foreign Corrupt Practices Act, and I later on had an EMBA classmate who worked at Goodyear who was jailed for embezzlement.  And I’m sure many of our listeners who do business in China or anywhere in the world, really, have some crazy stories to tell.

Y: Indeed, what’s important to note here is that DJI management isn’t naive — corruption is a long-standing issue in China, especially within the manufacturing sector where so many components and suppliers are touched.  DJI had what it thought were sophisticated internal checks in place to minimize these risks, or what it called a “protective firewall,” such as price checking systems and workflows that required multiple bidders, but clearly this system itself was compromised and circumvented.

R: So even being well aware of the risks and having a system in place, DJI still ended up with this situation where due to corruption, they were overpaying for the more expensive components in their drones by 20-50% and the cheaper components, they were being overcharged by 2-3 times.

[16:44] Y: This means that all 150mm USD lost was pure profit. This money could have been re-invested into the business or used to improve employee benefits, but went to line the pockets of dishonest employees instead.

R: As consumers though, how are we affected? Well, presumably DJI’s prices could have been lowered and the savings passed on if the materials used were acquired at their real costs, not the inflated ones.  Or maybe DJI would have just kept the profits, since it doesn’t seem like their current pricing strategy has dampened demand any. But the real risk is that their drones are outfitted with subpar components, which could be dangerous, since they are making pretty advanced flying machines after all?

Y: Company employees insist that this is not a real concern. Finished products are subject to strict quality assurance standards, I guess this must be a different team inspecting the materials when they come in, and the infiltration of inferior supplies supposedly just ate into DJI’s bottom line by causing more so-called manufacturing defects and lowering the yield. By the way, these indirect costs are not being counted as part of the $150mm. Meaning that true economic losses are probably even higher.

R: So let’s wrap this up and summarize for our listeners what we learned today.  I think the first thing that strikes me is that the first story we talked about, which was Pinduoduo’s coupon exploit, shows that there is a whole 黑灰产业, or black-gray industry, in China whereby people are committing fraud at a massive scale.  Whether that’s through completely illegal methods such as hacking, or through loosely organized interest groups of deal hunters, the end result is that businesses are getting scammed. This is definitely a risk you have to be aware of as either an investor or an entrepreneur in China. And it’s by no means restricted to tech.  In fact, Starbucks China had a similar situation happen to them in December and they also lost something like $1.5mm.

[18:58] Y: Right, and the second story, which I think was much scarier, of DJI uncovering widespread corruption in its supply chain to the tune of $150mm, shows us that even a decacorn that’s known for its world-class quality, with anti-corruption systems in place, can be brought to its knees by a group of criminal employees. DJI is learning from the experience and says that it will remain vigilant and this anti-corruption task force will become a permanent fixture. And that it expects to expose many other implicated employees in the months to come.  

R: It’s hard to say whether the scandals in China tech are getting more frequent, but it certainly feels that way because there seems to be a bit more transparency around the events when they do get reported or disclosed.  Maybe for this we can thank the sweeping anti-corruption campaign the Chinese government has embarked on in the last few years.

Y: Just in the last three months alone, there have been many high profile cases. In November, China’s Craigslist, 58, turned in a handful of high level executives for “massive bribery” to the police. Didi confirmed that it dismissed 80 employees for 60 cases of corruption in 2018. In December, Meituan announced that a senior executive in its food delivery business was under criminal investigation, as were 89 other employees.  

R: And the day after that, the head of Alibaba’s entertainment unit was announced as being sacked and under investigation for corruption.  What a string of announcements. Compare these news, though, to the lack of commentary when Baidu sacked eight executives a few years ago in an internal corruption probe, and also its youngest VP ever, originally thought to be a successor to Robin Li, resigned in 2016 also due to whispers of corruption.  Baidu refused to confirm these news publicly.

[21:00] Y: The optimistic view would be that even though it seems as if the pace of scandals is picking up, that’s actually because there’s more transparency in the system, which ultimately, we would hope, should lead to a better functioning business environment.

R: The pessimistic view would be … well, that it’s getting worse.  That as the China tech world gets more complicated and there are more stakeholders and a lot more capital than before, it’s going to be just as corrupt as the other industries in China.

Y: What do you think? Take our Twitter poll or email us and let us know!

[21:41] Y: OK, that’s all for this week folks! Thanks for listening. As a reminder, episodes will now be available every Friday instead of Wednesdays. We really enjoyed putting this together, and we are always open to any comments or suggestions. You can find us on twitter at thepandaily, at techbuzzchina, and my personal Twitter account is GINYGINY.

R: And my Twitter is spelled RUIMA. We’ll be back here the same time next week.TechBuzz China by Pandaily is powered by the Sinica Podcast Network. Pandaily.com is an English language site that tells you “everything about China’s innovation.” Our producers are Shaw Wan and Kaiser Kuo.