Tether was hacked by the same person who hacked Bitstamp in 2015 (x-post /r/cryptocurrency)

Decided to have a look at what we could learn about the Tether hack from the blockchain, the coins are still moving around so I may edit this later as this develops.

It actually starts with this wallet here:

https://www.walletexplorer.com/wallet/12f4885dad525cc1

Look familiar? Go to the last page, that was the wallet used to steal 19000BTC from Bitstamp back in January 2015 (and which was still receiving coins from Bitstamp as recently as September, well done guys).

This wallet made two transactions, the first is fairly innocuous but I'll come back to it later:

https://www.walletexplorer.com/txid/7b46c7e412b1f1e93ff0aa67232457dde3fb6e91f4c61e025a97e56290049050

This address then sends out a further 0.01BTC:

https://www.walletexplorer.com/address/1LBQpqUTEmdPTH8adaV6xS8KQt6FGCD3xD

The following morning it sends 0.01 to the address that was several hours later used to empty the Tether wallet:

https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv

I'm not quite sure why they would make a deposit like this to it hours before – perhaps to test that everything is working?

At 10:53, the wallet makes several transactions transferring 23 million tethers from the tether wallet:

https://omniexplorer.info/lookupadd.aspx?address=31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv

Then at 11:10 they transfer another 7.9 million tethers. A further 50,000 tethers are transferred over at 11:54.

At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred over to the same address:

https://www.walletexplorer.com/txid/e7e09cd092a5febdcae6b2ec76b06389c29298ed237dd1f210e1e54f096f1f92

These tethers are then transferred over to the address in the Tether announcement as their relevant blocks are confirmed.

https://omniexplorer.info/lookupadd.aspx?address=16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r

The 5BTC is also transferred to this address in amounts of roughly 1BTC per transaction:

https://www.walletexplorer.com/address/31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv

Following the BTC along, you arrive back at an address from before, which is confirmed to be part of the wallet holding the stolen Tether:

https://blockchain.info/tx/eeaf8b9c6288c28c481d6e37d687b5c42b0222fb3d8a73bdca81c1a12243c579

It's worth noting that this same address was just used to create an Omni token called lioncoin:

https://omniexplorer.info/lookupsp.aspx?sp=2147484016

The BTC from the tether wallet ended up in these addresses:

https://blockchain.info/address/1HtmVRdFRqPScH7Ud6UFR6HUcndksjVmua

https://blockchain.info/address/155KG55pRsV1Y9jdwwynfGHGqR9cqPKToB

https://blockchain.info/address/1M8b8BNMEMFFem9UQpZydoespHzXjAnC9t

I will update this post as more develops.

Edit 1

This wallet from the Tether and Bitstamp hacks seems to be owned by the same person who took 8500BTC from Huobi in late 2015, interesting…

https://www.walletexplorer.com/wallet/002d28cac852fc7d

Before he was taking thousands of BTC off exchanges and sending it to BTC-e, he also used to sell much smaller amounts on Localbitcoins.

https://www.walletexplorer.com/wallet/02f08eddae4ba788

https://www.walletexplorer.com/wallet/f4b4c44dd6a146fd

https://www.walletexplorer.com/txid/0e9ae0a86dafc3a8dde0578871e51212c1e962ebf5a3306904b4e2eca25e0ba6

So Localbitcoins guys, if you have a log of who was using this address back in 2015, you've got the hacker 😉

Edit 2

So I was asked whether this could be an inside job.

Well, maybe? I don't think there's enough evidence from chain analysis alone to draw a conclusion.

Some of the transactions which funded the lioncoin address came from an old Bitfinex wallet, and some came from the bitstamp hack address. Bear in mind that this is part of the same wallet that the stolen tethers were sent to.

Also if you look at the tether address you'll notice that when other blocks of tether were released they were quickly transferred to the Bitfinex wallet, with this 30 million being the exception, that said in prior months they had regularly left millions of tether in this address for days at a time, so this isn't necessarily a red flag.

It could be that the attacker had access to the main tether issuance address (3MbYQMM etc) or it may just be that they noticed the 30 million tethers sat on the wallet that they could manipulate. Presumably Tether know whether or not they intended to make this transaction. Without knowing that we can only speculate on whether the compromise went beyond the address that was emptied.

submitted by /u/SpeedflyChris
[link] [comments]
Bitcoin

Help Decode Wikileaks Message X-Post From /r/WhereIsAssange

" UPDATE https://twitter.com/kellykolisnik/status/800631422851510272

Kelly Kolisnik @kellykolisnik “He who controls the past controls the future. He who controls the present controls the past.” -George Orwell. #Orwell @WikiLeaks

Kelly Kolisnik of Wikileaks tweeted this about an hour after the the earlier version of this post.

Very possible this is a /Wink&Nod/ to indicate we are on the right trail

Blockchain is the key

Cabelgate ( http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html )

Backup files found in blockchain. Wikileaks used special insert / withdraw tool.

Characteristics of suspicious transactions:

.0001 BTC to multiple created wallets

Transfers with abnormally high TRANSACTION COSTS, to ensure posting in case of unusually high volume

List of other suspicious transactions – u/Cpt9captain http://pastebin.com/j3VwksdW

https://tradeblock.com/bitcoin/tx/cc455ae816e6cdafdb58d54e35d4f46d860047458eacf1c7405dc634631c570d .0001 transfer FEE 291 BTC ($ 280,000 USD)

The answers are here, it is only a matter of isolating the data. Stay strong. Stay focused. This is history.

ORWELLIAN DICTIM IS BEING BROKEN

INFORMATION IS POWER

He who controls the past controls the future. He who controls the present controls the past. Today He dies.

It will be where the dead switch is released if it exists, and Julian confirms its use in VERIFYING PAST DUMPS. The odd behavior on behalf of Wikileaks Wallet pushed me to do some search into Wikileaks history with Bitcoin. After reading the chan posts about DMS / keyholders / wildcards, I noticed that most documented instances of Julian's discussion of BITCOIN/BLOCKCHAIN architecture always ended up relating to publishing and time verification. (two elements of a DMS). “Bitcoin is an extremely important innovation, but not in the way most people think. Bitcoin’s real innovation is a globally verifiable proof publishing at a certain time. The whole system is built on that concept and many other systems can also be built on it. The block chain nails down history, breaking Orwell’s dictum of ‘He who controls the present controls the past and he who controls the past controls the future’.” IF THERE IS A DMS IT WILL BE ACTIVATED VIA THE BLOCKCHAIN. moreover, IN THIS VIDEO ASSANGE DISCUSSES USING THE BLOCKCHAIN IN THE PAST FOR CRYTO VERIFICATION. https://www.youtube.com/watch?v=RSfZC_u1Fcg We must pour through WIKILEAKS Blockchain transaction history as their is most certainty new/and or undiscovered information/indicators. He knew the dark days would come, and there is no doubt in my mind the answers to the questions we have are answerable due to the breadcrumbs and canary left for us. #FreeJulian "

submitted by /u/WillWorkForLTC
[link] [comments]
Bitcoin

Peter Thiel (member of President-Elect Trump’s Transition Team): “It becomes a threat to fiat money at a point where Bitcoin is encrypted in such a robust way that the tax authorities can’t break the encryption, can’t tell how much money you have, and what transactions you are doing.” [x-post]

Peter Thiel (member of President-Elect Trump's Transition Team): "It becomes a threat to fiat money at a point where Bitcoin is encrypted in such a robust way that the tax authorities can't break the encryption, can't tell how much money you have, and what transactions you are doing." [x-post] submitted by /u/eragmus
[link] [comments]

Bitcoin