What is the reality of the gray economic sphere supported by '中转站,' an API proxy that allows Chinese developers to use Anthropic's AI models at about 10% of the official price?

Anthropic has excluded China from its Claude distribution network, but reports indicate that a gray market is thriving in China where Claude and Claude Code can be accessed at approximately 10% of the official price through overseas API proxies known as 'China Transfer Stations.' Users include individual developers, students, businesses, and resellers, and this market is not merely a means of circumventing access, but forms a supply chain linked to data collection and illicit transactions.

How to Buy Cheap Claude Tokens in China - by Zilan Qian
https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens-in

Due to the Trump administration's policies toward China, Anthropic excluded China from its supported regions and restricted account registration by cross-referencing phone numbers, overseas-issued credit cards, and billing addresses. In September 2025, it banned access to organizations, regardless of location, that are directly or indirectly owned by companies headquartered in unsupported regions like China, closing the loophole of using overseas subsidiaries. Furthermore, in April 2026, it introduced measures requiring users selected based on specific usage patterns or platform health flags to verify their identity with government-issued photo IDs and live selfies.

Even with these restrictions in place, access to Claude and Claude Code from China has not been completely blocked. On April 23, 2026, the White House published a memo warning that Chinese organizations were using 'tens of thousands of proxy accounts' to evade detection and conduct an 'industry-scale' distillation campaign against America's most advanced AI models. In February 2026, Anthropic also reported that a single proxy network controlled more than 20,000 fraudulent accounts in a coordinated distillation attack by Chinese AI research institutions.

Anthropic accuses Alibaba of 'distillation attack,' alleging over 28.8 million accesses to Claude - GIGAZINE

In reality, Chinese users not only have access to Claude and related tools, but can also often purchase tokens at about 10% of the official price. The intermediary for this is an API proxy called 'Zhongzuanzhan.' Zhongzuanzhan is the term used in the Chinese developer community to refer to an API proxy, which is an overseas server placed between the developer and Anthropic's infrastructure. When it receives an API request from a user, it forwards it to Anthropic as a communication sent from the Zhongzuanzhan's location, and then returns the response to the user.

Using Zhongzuanzhan, users can connect to Anthropic models without a direct contract. Payment can be made in RMB via WeChat Pay or Alipay, making it more convenient than direct use which requires a VPN or an overseas-issued credit card. Community repositories on GitHub and other platforms feature lists comparing Zhongzuanzhan services by price and uptime, indicating that both long-established providers and smaller services appear and disappear frequently.

Unlike API aggregation services that simplify developer use based on legitimate contracts, 'China Transfer Sites' involve intermediaries with unclear accountability in order to circumvent geographical usage restrictions. Upstream of the supply chain supporting China Transfer Sites are companies that register and acquire large numbers of Anthropic accounts, SMS authentication services that provide overseas phone numbers, and card payment providers and proxy networks that enable overseas payments. Furthermore, it is said that reverse engineers who look for loopholes in authentication and track changes in Anthropic's detection logic are also involved.

In addition to forged IDs and deepfakes, there are also reports of intermediaries luring people from low-income countries into providing real IDs and biometric authentication, as seen in the iris scan trading cases discovered in Cambodia and Kenya. While China's AI service registration system makes AI services provided without registration or security assessments illegal, small-scale online forums may operate without punishment.

The biometric information collected in this way, such as facial and iris scans, is not only used to pass the identity verification process for AI services, but is also being repurposed for fraudulent opening of financial accounts, forgery of employment records, and creation of deepfakes, potentially causing legal and social harm to the owners of the biometric information. It has also been reported that images satirizing the supply chain connecting identity verification service providers, forwarding service providers, and businesses dealing in stolen card information were being shared in a WeChat group for developers.

The operators of these intermediary information distribution channels not only provide API relay and payment functions, but also manage operations to keep up with Anthropic's fraud prevention updates, such as switching accounts before they are detected and distributing the load across multiple accounts.

The strength of the mid-supply chain lies in the fact that most participants do not manage the entire supply chain, but rather monetize by handling only a part of it, such as accounts, authentication, payments, relaying, and resale. Even if an AI company shuts down a specific mid-supply chain or account, if the upstream account supply and downstream customer demand remain, alternative services will quickly emerge.

The AI usage fee, which is 1 RMB (approximately 21 yen) per 1 million tokens—far cheaper than it should be—is based on a 'one fish, three meals' structure, where three types of revenue are generated from a single access resource.

The primary source of revenue is the profit gained from reselling usage slots acquired at a low price. By creating a large number of accounts with free credits, utilizing unused slots from others, taking advantage of discounts for corporations and educational institutions, or dividing and selling subscription plans to multiple people, access can be acquired at a lower cost than the regular pay-as-you-go pricing. Even if users are sold at a significantly lower price than the official price, the operator will still make a profit if the acquisition cost is even lower.

The second revenue stream involves downgrading the model's rank or increasing its usage in ways that are not easily visible to users. Even if a user specifies a high-performance model, the service may switch to a cheaper, lower-tier model or a different model altogether to respond. Furthermore, frequently switching accounts makes it difficult to maintain the context of the conversation, and if users need to resend past information, token consumption increases, leading to a larger total payment. However, it is considered difficult for outsiders to distinguish whether these model changes or increased token consumption are intentional or are simply side effects of the operational structure.

The third revenue source, and seen as the core supporting the extremely low prices, is the usage log. Since the user prompts, model responses, tool calls, and modification history are recorded on the site, operators not only receive usage fees but also collect valuable data. In particular, in AI coding assistance, the log may include the context of the source code, design decisions, and outputs that users have confirmed to be correct, making it potentially valuable as post-training or distillation data. It is said that the resale of this usage log is considered the most important of the three revenue sources.

AI companies' security measures are supposed to be based on identifying users, monitoring suspicious inputs and outputs, and suspending accounts as necessary. However, when traffic is routed through a proxy server, AI companies can only see the IP addresses and accounts of proxies, not the actual users, and even if an account is suspended, another relay environment may be set up. By distributing requests across multiple proxies and accounts, it becomes more difficult to see the coordinated actions behind inquiries that may individually appear harmless.

This issue should not be viewed solely as a 'conflict between American AI companies and Chinese users.' The surrounding markets, which deal with the exploitation of identity verification information, SMS authentication, mass account acquisition, and fraudulent use of cards, can also lead to crimes not directly related to AI, such as phishing messages, spam calls, fraudulent loan applications, and credit card fraud. The biggest problem with gray markets like China Forwarding is that border restrictions create markets for circumvention, and the resulting damage cannot be separated by national borders.