.svg)
.svg)
For Instructor
A major aspect of why this behaviour exists is large-scale purchases being made through sites like Taobao, and or Xianyu for example, where you will see many sellers offering "Transfer Station" or "Proxy Server."
When you do a search for an AI API, you will see hundreds of listings from various sellers with tiered packages based on a cost of one cent for 1,000 tokens, with the promise of providing all of the highest-level, (rate-limited) models from Anthropic and/or OpenAI with no limits to how many tokens you can use.
On the outside, everything appears to run flawlessly, as you are not using a web interface that is filled with ads or other clutter. Instead, the multiple sellers will provide an API URL that mimics an official OpenAI or Anthropic API endpoint. All you do is take this API URL, and then the corresponding purchased key, and plug it into your back-end or into your AI Code Editor, and it works as expected.
Many buyers will assume that the sellers are getting wholesale volume deals, and/or that the sellers have negotiated special wholesale agreements to purchase and use volume licensing agreements with the product suppliers as well.
To clarify, they are not.
How Is the Sausage Made
There is no magic corporate tier with 97% off a multimillion dollar supercomputing reduction off of the massive costs of running Compute-heavy models like GPT-5.4. So how do these transfer stations fill these MASSIVE token requests?
They have highly automated, and well-orchestrated fraud rings working for them.
The primary ways the sellers acquire the compute that they are then reselling to you are:
Free Trial Farming: Sellers will create scripts that generate thousands of email addresses and associated phone numbers to exploit the free trial credits offered by cloud providers and aggressively offer AI.
Stolen Cloud Accounts: There is an extensive black market for stolen AWS, Google Cloud, and Microsoft Azure accounts. Sellers will then use these hacked accounts to spin up access to the API and bleed the original owner of any funds.
The Dine and Dash: Sellers will set up legitimate business accounts with stolen credit cards, or exploiting invoice loopholes. They will run up to tens of thousands (or more) of dollars of API usage charges in a matter of hours, fully knowing the card will bounce (or the invoice will remain unpaid). By the time the AI company shuts down the accounts, the seller has routed millions of calls through the vendor's account and taken the money for themselves.
It's a never-ending game of whack-a-mole between OpenAI and Anthropic banning an hour's worth of keys, and the transfer station just shifts their proxy to another batch of fake accounts.
The Bait and Switch: You don't usually get what you paid for
Even though they have the accounts, running GPT-5.4 and Claude Opus at that level of transactions is logistically challenging. The transfer stations came up with a new method to circumvent these limitations. This is referred to as Model Swapping.
When you send a prompt to these proxy servers for "Claude-Opus," the server captures your request and then routes it to one of two places. On highly complex queries, the server may actually route your request to Claude. On less complex tasks (programming, boilerplate creation, or basic text summarizations), the server will silently redirect your prompt to a significantly less expensive open-weight (Chinese) model like Qwen.
Once the proxy server receives the response, it will format the response to be visually identical to a response generated by either Claude or GPT-5.4. Since the modern models like Qwen are more than capable of performing basic programming and reasoning tasks, you likely won't be able to notice a difference. While you think you're obtaining the most intelligent AI on the planet for a dollar, you're really using an open-sourced model that could have been run locally for a fraction of the cost.
Ultimate Price: Your Data
Here is the problem that is never mentioned: Using these 97% off keys as a security risk.
The requests you submit with the official API for OpenAI or Anthropic are encrypted while in transit and subject to strict enterprise data protection agreements. For example, OpenAI and Anthropic do not use the data from the API requests you submit to train their models. Additionally, they will not view any of the source code submitted when you use their APIs.
In contrast, every prompt you enter into the Cursor app or into the VS Code code editor passes through a transfer station hosted by an anonymous website.
Think about what you submit into Cursor or VS Code every single day: You are submitting:
• Proprietary source code
• Core business logic for your company
• Database schemas and architectural designs
• Additionally, you are very likely to have hard coded passwords, environment variables, and legitimate API keys in your project.
You have no control over or visibility into how all this sensitive data is logged, stored, and possibly parsed on physical servers that are completely out of your control. You’re literally giving a faceless third party (in a place like an illicit market message board) the keys to your entire digital world solely so you can save a little on compute costs.
These sellers then use this stolen data they’ve intercepted and mined from you, e.g., stealing AWS keys found in your code, to use them to run their own crime-proXY networks. They’ll also steal proprietary software that may have commercial value either for resale to a competitor or as leverage to hold you for ransom.
