More than $30 million worth of USDT was stolen Monday from Tether, a provider of dollar-backed digital tokens, and less than 24 hours later, the event is still shrouded in mystery. Given its size, the theft has sparked confusion and frustration among market traders and observers since it was announced.
A few hours after Tether announced the theft, a user called ‘SpeedflyChris’ published a thread on Reddit linking the event with the Bitstamp hack. In January 2015, Bitstamp lost roughly 19,000 BTC in a hack on its hot wallet, worth over $50 million at a time when the price of Bitcoin averaged less than $300.
According to SpeedflyChris, the source of the vulnerability appears to be connected with the wallet used to steal from Bitstamp. He wrote that this wallet made two small transactions, 0.01 BTC each, to the address that removed $30,950,010 USDT from the Tether Treasury wallet on November 19, 2017 and sent it to an unauthorized address.
The Reddit user explains that the transactions were perhaps structured as an additional layer of security to make sure that the wallet could receive the tokens without any issues.
At 10:53, the wallet makes several transactions transferring 23 million tethers from the tether wallet:
Then at 11:10 they transfer another 7.9 million tethers. A further 50,000 tethers are transferred over at 11:54.
At 12:01, 5BTC (the bulk of the bitcoin in the tether wallet) is transferred over to the same address:
These tethers are then transferred over to the address in the Tether announcement as their relevant blocks are confirmed.
The 5BTC is also transferred to this address in amounts of roughly 1BTC per transaction:
Following the BTC along, you arrive back at an address from before, which is confirmed to be part of the wallet holding the stolen Tether:
It’s worth noting that this same address was just used to create an Omni token called lioncoin: