| submitted by /u/HitWithTheWOWeffect
The official Twitter account of Vertcoin, a peer-to-peer digital currency and software project, was compromised earlier today in an attempt to carry out a Bitcoin (BTC) scam. On May 1, the Vertcoin Twitter account posted an announcement of a cryptocurrency giveaway in celebration of Vertcoin's success.
Google Alert – bitcoin
A security expert has warned investors to keep digital tokens safe, claiming it is “only the beginning” for bitcoin. Tyler Moffitt, senior threat research analyst at Webroot, stressed the importance of keeping your bitcoin safe in the wake of numerous cyber attacks on wallet providers and crypto exchanges.
Google Alert – bitcoin
On January 13, an unknown hacker(s) hijacked the DNS server for BlackWallet.co, a web-based wallet for the Stellar Lumens cryptocurrency, and redirected it to their own server.Security researcher Kevin Beaumont, who analyzed the code, said, “The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes…
Decided to have a look at what we could learn about the Tether hack from the blockchain, the coins are still moving around so I may edit this later as this develops.
It actually starts with this wallet here:
Look familiar? Go to the last page, that was the wallet used to steal 19000BTC from Bitstamp back in January 2015 (and which was still receiving coins from Bitstamp as recently as September, well done guys).
This wallet made two transactions, the first is fairly innocuous but I'll come back to it later:
This address then sends out a further 0.01BTC:
The following morning it sends 0.01 to the address that was several hours later used to empty the Tether wallet:
I'm not quite sure why they would make a deposit like this to it hours before – perhaps to test that everything is working?
At 10:53, the wallet makes several transactions transferring 23 million tethers from the tether wallet:
Then at 11:10 they transfer another 7.9 million tethers. A further 50,000 tethers are transferred over at 11:54.
At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred over to the same address:
These tethers are then transferred over to the address in the Tether announcement as their relevant blocks are confirmed.
The 5BTC is also transferred to this address in amounts of roughly 1BTC per transaction:
Following the BTC along, you arrive back at an address from before, which is confirmed to be part of the wallet holding the stolen Tether:
It's worth noting that this same address was just used to create an Omni token called lioncoin:
The BTC from the tether wallet ended up in these addresses:
I will update this post as more develops.
This wallet from the Tether and Bitstamp hacks seems to be owned by the same person who took 8500BTC from Huobi in late 2015, interesting…
Before he was taking thousands of BTC off exchanges and sending it to BTC-e, he also used to sell much smaller amounts on Localbitcoins.
So Localbitcoins guys, if you have a log of who was using this address back in 2015, you've got the hacker 😉
So I was asked whether this could be an inside job.
Well, maybe? I don't think there's enough evidence from chain analysis alone to draw a conclusion.
Some of the transactions which funded the lioncoin address came from an old Bitfinex wallet, and some came from the bitstamp hack address. Bear in mind that this is part of the same wallet that the stolen tethers were sent to.
Also if you look at the tether address you'll notice that when other blocks of tether were released they were quickly transferred to the Bitfinex wallet, with this 30 million being the exception, that said in prior months they had regularly left millions of tether in this address for days at a time, so this isn't necessarily a red flag.
It could be that the attacker had access to the main tether issuance address (3MbYQMM etc) or it may just be that they noticed the 30 million tethers sat on the wallet that they could manipulate. Presumably Tether know whether or not they intended to make this transaction. Without knowing that we can only speculate on whether the compromise went beyond the address that was emptied.
About two hours ago I received an email and direct message from the Reddit team with the subjects “[reddit] Important information about your account” and “Important Information About Your Reddit Account”, respectively. They warned of suspicious account activity and suggested I change my password. Unfortunately, I did not see the messages soon enough. When I logged back in, I noticed that there was indeed some suspicious activity on my account: nearly every post on the front page of…