Académique Documents
Professionnel Documents
Culture Documents
MENU
Speed yChris.
The full Reddit post is certainly worth a read. That said, text
narratives about blockchain transactions don't make for light reading
and can be challenging to follow. So we've supplemented
Speed yChris's commentary with a series of graphics visualizing the
transactions.
https://elementus.io/blog/tether-hack/ 2/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
Look familiar? Go to the last page, that was the wallet used to steal
19000BTC from Bitstamp back in January 2015 (and which was still
receiving coins from Bitstamp as recently as September, well done guys).
https://elementus.io/blog/tether-hack/ 3/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
This wallet made two transactions, the rst is fairly innocuous but I'll
come back to it later:
https://www.walletexplorer.com/txid/7b46c7....
https://elementus.io/blog/tether-hack/ 4/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
The following morning it sends 0.01 to the address that was several hours
later used to empty the Tether wallet:
https://www.walletexplorer.com/address/1LBQpqUTEmdPTH8adaV6xS8K
Qt6FGCD3xD
I'm not quite sure why they would make a deposit like this to it hours
before - perhaps to test that everything is working?
https://elementus.io/blog/tether-hack/ 5/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
https://omniexplorer.info/lookupadd.aspx?
address=31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv
https://elementus.io/blog/tether-hack/ 6/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
https://elementus.io/blog/tether-hack/ 7/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred
over to the same address:
https://www.walletexplorer.com/txid/e7e09cd092a5febdcae6b2ec76b063
89c29298ed237dd1f210e1e54f096f1f92
https://elementus.io/blog/tether-hack/ 8/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
These tethers are then transferred over to the address in the Tether
announcement as their relevant blocks are con rmed.
https://omniexplorer.info/lookupadd.aspx?address=16tg2RJ...
https://elementus.io/blog/tether-hack/ 9/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82N
teo4Mv
https://elementus.io/blog/tether-hack/ 10/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
Following the BTC along, you arrive back at an address from before,
which is con rmed to be part of the wallet holding the stolen Tether:
https://blockchain.info/tx/eeaf8b9c6288c28c481d6e37d687b5c42b0222f
b3d8a73bdca81c1a12243c579
It's worth noting that this same address was just used to create an Omni
token called lioncoin: https://omniexplorer.info/lookupsp.aspx?
sp=2147484016
https://elementus.io/blog/tether-hack/ 11/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
https://blockchain.info/address/1HtmVRdFRqPScH7Ud6UFR6HUcndksjVm
ua
https://blockchain.info/address/155KG55pRsV1Y9jdwwynfGHGqR9cqPKTo
B
https://blockchain.info/address/1M8b8BNMEMFFem9UQpZydoespHzXjAn
C9t
https://www.walletexplorer.com/wallet/02f08eddae4ba788
https://www.walletexplorer.com/wallet/f4b4c44dd6a146fd
https://www.walletexplorer.com/txid/0e9ae0a86dafc3a8dde057887...
https://elementus.io/blog/tether-hack/ 12/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
So Localbitcoins guys, if you have a log of who was using this address
back in 2015, you've got the hacker ;)
Subscribe to Elementus
Get the latest posts delivered right to your inbox.
https://elementus.io/blog/tether-hack/ 13/14
23/11/2017 Exploring the transactions behind the $31m Tether hack
Elementus © 2017
https://elementus.io/blog/tether-hack/ 14/14