Last week became such event there was a culmination of doubts concerning Tether and Bitfinex, talks about communication between which do not stop in community within already several months – generally thanks to a constant flow of alarmist tweets from the anonymous account @Bitfinexed.

The discussed insinuations look as follows:

1. Bitfinex and Tether represent the uniform entity controlled by the same people.
2. Tether releases USDT tokens at own discretion, without providing them with real dollars.
3. Then these tokens are used on Bitfinex for pumping of the price of BTC and effective handling the market in other trade couples with USDT.
4. Many also read that Bitfinex works on model of the partial reserve and has no sufficient means to provide all user deposits.

And in the heat of these talks of Bitfinex published a very strange tweet with a statement about own solvency.

I think strange. And next day Tether reported about cracking and plunder of tokens on the amount of 30 million dollars.

Even in New York Times there was big article which, by the way, can serve as the excellent reference manual and a summary of all this history.

From some distance and without having the complete information, it is difficult to judge what really happened, however absence of transparency never happens good sign, and it makes all history of extremely suspicious. If Bitfinex and Tether are really transparent and clean, they obviously not really try to convey this information to users.

We hope to obtain shortly more information in this respect that it was possible to understand whether we approach the next crash of scale of Mt.Gox or not.

Study of traces of break-in of Tether

What has happened?

On November 19 the Tether command declared the fact of plunder by the hacker from a treasury purse of Tether of tokens on the amount 31 million dollars. Statement was made with the purpose to warn third-party Tether integrators about risk of failure which these events can entail.

Context

Tether (USDT) are the tokens which are released on the basis of a blockchain of Bitcoin and extended on the platform for creation of tokens of Omni. Tokens of Tether were created to support the fixed exchange rate 1:1 with USD. It allows the cryptocurrency exchanges to include trade couples of cryptocurrencies with USDT without need to implement the procedure of deposition the fiatnykh of currencies and being restricted to listing only of cryptocurrencies.

From the technical point of view, USDT are the tokens created on the basis of the Omnilayer protocol, the intermediate level allowing to create digital assets over the Bitcoin blockchain. In other words, tokens move by execution bitcoin transactions (even with use only several Satoshi), and meta data of transaction then move USDT tokens according to the user's request (for example, it is possible to create transaction on the amount 0,00001 bitcoins by means of which actually 10 million USDT will be transferred).

Study of traces of break-in of Tether

Transactions include fields of "Issuer" (issuer) in USDT (address 3MbYQMMmSkC3AgWkj9FMo5LsPTW1zBTwXL) responsible for creation of new tokens of Tether, and "Treasury" (treasury) (3BbDtxBSjgfTRxaBUgR2JACWRukLKtZdiQ), responsible for transmission of tokens for the destination specified by the user (https://tether.to/wp-content/uploads/2017/09/Final-Tether-Consulting-Report-9-15-17_Redacted.pdf).

It is also possible to find in the Internet the address list on which the greatest number of tokens of Tether (https://wallet.tether.to/richlist) is kept. Most of them belong to the largest and most known cryptocurrency exchanges.

Events and technical analysis

The recently very considerable amounts of tokens of Tether arrived to the address attributed to Bitfinex (1KYiKJEfdJtap9QX2v9BXJMpz2SfU4pgZw).

Up to this point such sequence was always observed:

The issuer -> Treasury ->  Bitfinex

But on November 19 Treasury sent 30,9 million USDT to the new address: 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv from which they, in turn, were immediately transferred on 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r.

In an online community someone paid attention that this address differed from the normal, belonging Bitfinex, however it looked as legitimate change of the address.

On November 20 Tether on the website declared that as a result of the authorized access to their platform 30,9 million USDT were stolen. As a necessary critical measure the Tether command carried out the "emergency" hard-fork not to allow the owner of the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r to which the stolen 30,9 million USDT were transferred, to spend them. All exchanges supporting USDT shall set immediately the new corrected version of a layer Omni.

It is worth marking that as a result of these events the cost of tokens of USDT at the Kraken exchange (the single exchange with support of trade couple of USD/USDT) fell up to 0,906 dollars.

As USDT represent the tokens which are released on Omnilayer – the additional layer based on the Bitcoin blockchain – it is possible to analyze the transactions of Bitcoin connected to carrying out transactions of USDT.

First of all, it is possible to identify the transaction moving 10 USDT of Treasury to the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv. It is similar to test transaction for the purpose of check of process of a transfer of USDT. Within the subsequent several hours about 30,9 million USDT broken into 6 transactions on the amounts, respectively, 1 million, 1 million, 1 million, 10 million, 10 million and 7,9 million were transferred.

As we already mentioned earlier, the abnormal patch released the Tether command did not allow the hacker to spend 30,9 million tokens which were stolen and brought to the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. However it is interesting to mark that in emergency situation nothing was told about the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv.

He has for the first time appeared in a blockchain on November 19 as the address to which 0,01 bitcoins with 1LBQpqUTEmdPTH8adaV6xS8KQt6FGCD3xD have been transferred. It is possible to assume not unreasonably that the purpose of this transaction was to provide the address with sufficient means for performance of the subsequent transactions on USDT conclusion to a purse 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r.

It, in turn probably changes the addressee of the transaction initiated 16KYFJiAoM4aX82xw2V3YBHX72trWNhz48 (a part of the koin stolen from BitStamp purse), on 1Ci3XEy71dGZ3ZDWF2CiVgsiAStt9WG5LX (the issuer of LionCoin).

Conclusion:

Addresses "Theft of Tether – also "the Issuer of LionCoin" is blocked", most likely, are connected with the address "Koina, stolen with Bitstamp".

After 5 BTC have been sent from the address "Treasury" to the address "Theft of Tether", we are inclined to consider that this address is compromised. Unfortunately, the updated information on the website Tether doesn't help to shed light on what has occurred as doesn't clear up any technical details.

Funds from a purse of Bitfinex have been sent to the address of the issuer of LionCoin just before these events. Therefore, Bitfinex have an opportunity to investigate this problem in more detail.

The confidential key of a "treasury" Tether-purse is compromised as the malefactor has managed to remove the bitcoins and USDT which are in him. Until we do better not understand an event detail, this address should be considered unsafe.

Follow, Resteem and VOTE UP @keks blogger of https://steemit.com and always I hope for your help.