Scribd Logo
Importer

Bienvenue sur Scribd !

  • Exploring The Transactions Behind The $31m Tether Hack

    Transféré par

    Iwp
    25 vues14 pages
    Exploring the transactions behind the $31m Tether hack

    Titre original

    Exploring the transactions behind the $31m Tether hack

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Exploring the transactions behind the $31m Tether hack

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    25 vues14 pages

    Exploring The Transactions Behind The $31m Tether Hack

    Transféré par

    Iwp
    Exploring the transactions behind the $31m Tether hack

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 14

    23/11/2017 Exploring the transactions behind the $31m Tether hack

     MENU

    Exploring the transactions


    behind the $31m Tether
    hack
    22 November 2017

    While reading up on the recent $31M Tether hack, we stumbled upon


    an excellent example of chain analysis posted by Reddit user
    https://elementus.io/blog/tether-hack/ 1/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    Speed yChris.

    By following the transaction ows through the Bitcoin and Omni


    blockchains, the analysis lays out a clear timeline of the events
    leading up to and following the attack. It also manages to link the
    attacker to:

    the theft of 19,000 BTC from Bitstamp in 2015

    the creation of an Omni token called lioncoin (Ponzi scheme


    perhaps?)

    a series of transactions on LocalBitcoins.com

    a history of cryto-money laundering via the now-defunct BTC-e


    exchange.

    Kudos Speed yChris!

    The full Reddit post is certainly worth a read. That said, text
    narratives about blockchain transactions don't make for light reading
    and can be challenging to follow. So we've supplemented
    Speed yChris's commentary with a series of graphics visualizing the
    transactions.

    https://elementus.io/blog/tether-hack/ 2/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    It actually starts with this wallet here:


    https://www.walletexplorer.com/wallet/12f4885dad525cc1

    Look familiar? Go to the last page, that was the wallet used to steal
    19000BTC from Bitstamp back in January 2015 (and which was still
    receiving coins from Bitstamp as recently as September, well done guys).

    https://elementus.io/blog/tether-hack/ 3/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    This wallet made two transactions, the rst is fairly innocuous but I'll
    come back to it later:

    https://www.walletexplorer.com/txid/7b46c7....

    https://elementus.io/blog/tether-hack/ 4/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    This address then sends out a further 0.01BTC (sic):


    https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82N
    teo4Mv

    The following morning it sends 0.01 to the address that was several hours
    later used to empty the Tether wallet:
    https://www.walletexplorer.com/address/1LBQpqUTEmdPTH8adaV6xS8K
    Qt6FGCD3xD

    I'm not quite sure why they would make a deposit like this to it hours
    before - perhaps to test that everything is working?

    https://elementus.io/blog/tether-hack/ 5/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    At 10:53, the wallet makes several transactions transferring 23 million


    tethers from the tether wallet:

    https://omniexplorer.info/lookupadd.aspx?
    address=31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv

    https://elementus.io/blog/tether-hack/ 6/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    Then at 11:10 they transfer another 7.9 million tethers.

    https://elementus.io/blog/tether-hack/ 7/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    A further 50,000 tethers are transferred over at 11:54.

    At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred
    over to the same address:

    https://www.walletexplorer.com/txid/e7e09cd092a5febdcae6b2ec76b063
    89c29298ed237dd1f210e1e54f096f1f92

    https://elementus.io/blog/tether-hack/ 8/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    These tethers are then transferred over to the address in the Tether
    announcement as their relevant blocks are con rmed.

    https://omniexplorer.info/lookupadd.aspx?address=16tg2RJ...

    https://elementus.io/blog/tether-hack/ 9/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    The 5BTC is also transferred to this address in amounts of roughly 1BTC


    per transaction:

    https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82N
    teo4Mv

    https://elementus.io/blog/tether-hack/ 10/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    Following the BTC along, you arrive back at an address from before,
    which is con rmed to be part of the wallet holding the stolen Tether:

    https://blockchain.info/tx/eeaf8b9c6288c28c481d6e37d687b5c42b0222f
    b3d8a73bdca81c1a12243c579

    It's worth noting that this same address was just used to create an Omni
    token called lioncoin: https://omniexplorer.info/lookupsp.aspx?
    sp=2147484016

    https://elementus.io/blog/tether-hack/ 11/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    The BTC from the tether wallet ended up in these addresses:

    https://blockchain.info/address/1HtmVRdFRqPScH7Ud6UFR6HUcndksjVm
    ua
    https://blockchain.info/address/155KG55pRsV1Y9jdwwynfGHGqR9cqPKTo
    B
    https://blockchain.info/address/1M8b8BNMEMFFem9UQpZydoespHzXjAn
    C9t

    Before he was taking thousands of BTC o exchanges and sending it to


    BTC-e, he also used to sell much smaller amounts on Localbitcoins.

    https://www.walletexplorer.com/wallet/02f08eddae4ba788
    https://www.walletexplorer.com/wallet/f4b4c44dd6a146fd
    https://www.walletexplorer.com/txid/0e9ae0a86dafc3a8dde057887...

    https://elementus.io/blog/tether-hack/ 12/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    So Localbitcoins guys, if you have a log of who was using this address
    back in 2015, you've got the hacker ;)

    In the post, the attacker connected to a 2015 receipt of Bitcoin from


    the Chinese exchange Huobi, which is mistakenly called a "hack."
    While it seems the attacker did receive bitcoin from Huobi, rather
    than a hack, it was more likely a legitimate withdrawl.

    Max Galka Share this post


    I make data things.   
    Founder FOIA Mapper / Blueshift • Adjunct lecturer UPenn •
    Columnist Guardian Cities • Blog Metrocosm

    New York, NY  http://metrocosm.com/about

    Subscribe to Elementus
    Get the latest posts delivered right to your inbox.

    Your email address SUBSCRIBE

    or subscribe via RSS with Feedly!

    Commenting has been disabled.

    https://elementus.io/blog/tether-hack/ 13/14
    23/11/2017 Exploring the transactions behind the $31m Tether hack

    "I accidentally killed it" - the companies


    affected by one novice Ethereum dev's
    $156m error
    Since the Parity wallet bug was rst reported on Tuesday, we have
    encountered a lot of con icting information regarding…

    Elementus © 2017

    https://elementus.io/blog/tether-hack/ 14/14

    Vous aimerez peut-être aussi