More than $30 million worth of USDT was stolen Monday from Tether, a provider of dollar-backed digital tokens, and less than 24 hours later, the event is still shrouded in mystery. Given its size, the theft has sparked confusion and frustration among market traders and observers since it was announced.
A few hours after Tether announced the theft, a user called 'SpeedflyChris' published a thread on Reddit linking the event with the Bitstamp hack. In January 2015, Bitstamp lost roughly 19,000 BTC in a hack on its hot wallet, worth over $50 million at a time when the price of Bitcoin averaged less than $300.
According to SpeedflyChris, the source of the vulnerability appears to be connected with the wallet used to steal from Bitstamp. He wrote that this wallet made two small transactions, 0.01 BTC each, to the address that removed $30,950,010 USDT from the Tether Treasury wallet on November 19, 2017 and sent it to an unauthorized address.
The Reddit user explains that the transactions were perhaps structured as an additional layer of security to make sure that the wallet could receive the tokens without any issues.
He continued:
At 10:53, the wallet makes several transactions transferring 23 million tethers from the tether wallet:
https://omniexplorer.info/lookupadd.aspx?address=31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv
Then at 11:10 they transfer another 7.9 million tethers. A further 50,000 tethers are transferred over at 11:54.
At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred over to the same address:
https://www.walletexplorer.com/txid/e7e09cd092a5febdcae6b2ec76b06389c29298ed237dd1f210e1e54f096f1f92
These tethers are then transferred over to the address in the Tether announcement as their relevant blocks are confirmed.
https://omniexplorer.info/lookupadd.aspx?address=16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r
The 5BTC is also transferred to this address in amounts of roughly 1BTC per transaction:
https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv
Following the BTC along, you arrive back at an address from before, which is confirmed to be part of the wallet holding the stolen Tether:
https://blockchain.info/tx/eeaf8b9c6288c28c481d6e37d687b5c42b0222fb3d8a73bdca81c1a12243c579
It's worth noting that this same address was just used to create an Omni token called lioncoin:
https://omniexplorer.info/lookupsp.aspx?sp=2147484016
More than $30 million worth of USDT was stolen Monday from Tether, a provider of dollar-backed digital tokens, and less than 24 hours later, the event is still shrouded in mystery. Given its size, the theft has sparked confusion and frustration among market traders and observers since it was announced.
A few hours after Tether announced the theft, a user called 'SpeedflyChris' published a thread on Reddit linking the event with the Bitstamp hack. In January 2015, Bitstamp lost roughly 19,000 BTC in a hack on its hot wallet, worth over $50 million at a time when the price of Bitcoin averaged less than $300.
According to SpeedflyChris, the source of the vulnerability appears to be connected with the wallet used to steal from Bitstamp. He wrote that this wallet made two small transactions, 0.01 BTC each, to the address that removed $30,950,010 USDT from the Tether Treasury wallet on November 19, 2017 and sent it to an unauthorized address.
The Reddit user explains that the transactions were perhaps structured as an additional layer of security to make sure that the wallet could receive the tokens without any issues.
He continued:
At 10:53, the wallet makes several transactions transferring 23 million tethers from the tether wallet:
https://omniexplorer.info/lookupadd.aspx?address=31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv
Then at 11:10 they transfer another 7.9 million tethers. A further 50,000 tethers are transferred over at 11:54.
At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred over to the same address:
https://www.walletexplorer.com/txid/e7e09cd092a5febdcae6b2ec76b06389c29298ed237dd1f210e1e54f096f1f92
These tethers are then transferred over to the address in the Tether announcement as their relevant blocks are confirmed.
https://omniexplorer.info/lookupadd.aspx?address=16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r
The 5BTC is also transferred to this address in amounts of roughly 1BTC per transaction:
https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv
Following the BTC along, you arrive back at an address from before, which is confirmed to be part of the wallet holding the stolen Tether:
https://blockchain.info/tx/eeaf8b9c6288c28c481d6e37d687b5c42b0222fb3d8a73bdca81c1a12243c579
It's worth noting that this same address was just used to create an Omni token called lioncoin:
https://omniexplorer.info/lookupsp.aspx?sp=2147484016