Every. Single. Week. There is something major happening.
This week it's the culmination of the Tether / Bitfinex questions that have been arising in the community for the past months, mostly thanks to the constant alarm sounded by the anonymous twitter account @Bitfinexed. The insinuation is that: 1) Bitfinex and Tether are basically the same entity, with the same people coordinating the whole thing. 2) Tether is printing USDT tokens out of thin air. 3) These USDT tokens are then used on finex to pump the price of BTC and other traded USDT pairs effectively substantially manipulating the market. 4) Many also believe that Bitfinex is running on a fractional reserve model and doesn't have funds to cover all deposits. In the middle of the heat, Bitfinex tweeted out the weirdest tweet,saying that they are solvent.
Weird. And then, the next day, Tether announces that they have been hacked out of $30M in tokens.
From far away and with limited information it's hard to judge what's really going on, but the lack of transparency is never a good sign, and it does all sound super fishy. If finex and Tether indeed are all-in-the-clear, they're most definitely not doing a great job communicating it. We hope to get some more data soon in order to be able to figure out if we're close to another Mt. Gox moment or not.
This week, we engaged our good friends at Neutrino, who were kind enough to go dig the hacker's trail..
⚛️ Exploring the trail of Tether's hack
Courtesy of Giancarlo and Alberto from Neutrino, the creators of the P-Flow cyrptointelligence platform. They do this as a job, they provide deep transaction data and analysis and have a history of developing investigative cyber tools.
On November 19th the Tether Team announced that 31 million in Tether funds had been removed from the Tether treasury wallet by a hacker. The announcement was made to warn third party tether integrators about the disruption risk that these events might have implied.
Tether (USDT) is a token issued over the bitcoin blockchain and is distributed on the Omni token platform. Tethers have been created to maintain a fixed 1:1 exchange rate with USD. This allows cryptocurrency exchange platforms to list Cryptocurrency/USDT pairing not implementing a fiat currency deposit procedure and replacing it with a crypto-to-crypto listing.
Technically speaking, Tether is a token created within the Omnilayer protocol: it is an intermediate layer enabling a digital asset on top of the bitcoin blockchain. In simple terms, tokens are moved by performing bitcoin transactions (even using just a few satoshi) and the metadata of the transactions are then moving the USDT tokens as per user request (e.g. it is possible to create a transaction moving 0.00001 bitcoins that is actually transferring 10M of USDT).
Transactions on Tethers include the “issuer” (address 3MbYQMMmSkC3AgWkj9FMo5LsPTW1zBTwXL) in charge of creating new tethers, and the “Treasury” (3BbDtxBSjgfTRxaBUgR2JACWRukLKtZdiQ) in charge of transmitting them to the destination address requested by the user (ref. https://tether.to/wp-content/uploads/2017/09/Final-Tether-Consulting-Report-9-15-17_Redacted.pdf).
Online it is also possible to consult a list of the richest Tether addresses (https://wallet.tether.to/richlist). Most of these refer to known, primary, cryptocurrency exchange platforms.
Events and technical analysis
Recently, important amounts of Tether were received by an address ascribable to Bitfinex (1KYiKJEfdJtap9QX2v9BXJMpz2SfU4pgZw).
The patterns have always been seen in this sequence:
On Nov 19th the Treasury sent 30.9M USDT to a new address: 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv, which in turn immediately transferred them to 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r.
In the online community someone noticed that this was a different address from the usual one owned by Bitfinex, however it appeared as a legitimate change of address.
On November 20th, Tether announced on the website that an authorized access to their platform had lead to a theft of 30,9M USDT (https://tether.to/tether-critical-announcement/). As the critical situation required, the team created a temporary “emergency” hard fork to prevent the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r that was keeping the stolen 30.9M USDT from spending them. All the exchange platforms supporting USDT were required to immediately install the new patched version of the Omni layer.
It is worth noting that as a consequence of this the USDT value on the Kraken platform (which is the only one listing a USD/USDT trading pairing) dropped to 0.906.
Since the USDT are tokens issued on Omnilayer, based on the bitcoin blockchain, it is possible to analyze the bitcoin transactions involved as they were the “settlement” of USDT Transactions.
First of all, it’s possible to identify a transaction moving 10USDT from the Treasury to the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv. This appears to be a testing transaction to verify the efficiency of the USDT transfer process. In a few hours about 30.9M USDT were moved with 6 transactions valued respectively at 1M, 1M, 1M, 10M, 10M and 7.9M.
As mentioned previously, the emergency patch issued by the Tether team prevented the hacker from spending the 30.9M that had been stolen and moved to the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. However, it is interesting to note that in the emergency situation nothing has yet been declared or clarified about the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv.
This address appeared on the blockchain for the first time on November 19th as the output of a transaction receiving 0.01bitcoins from 1LBQpqUTEmdPTH8adaV6xS8KQt6FGCD3xD. It is plausible to presume this transaction was providing the address with sufficient funds to perform the subsequent transactions moving USDT to 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r.
This in turn, one hop back on the blockchain, is plausibly the change address of a transaction originated by 16KYFJiAoM4aX82xw2V3YBHX72trWNhz48 (part of the BitStamp Stolen Coins) and paying to this address 1Ci3XEy71dGZ3ZDWF2CiVgsiAStt9WG5LX (Lioncoin Issuer).
We know it is difficult to follow this path without dedicated tools, so let’s recap the information we were able to identify as follows:
The “Tether Theft Banned” and the “LionCoin issuer” addresses are very likely connected with “Bitstamp stolen coins”.
Following the 5 btc sent from “Treasury” address to “Tether Theft” address we are tempted to believe that this is the compromised address. Unfortunately a security update by Tether website is not helping to clarify what happened since none of the technical details are explained.
A Bitfinex wallet sent funds to LionCoin Issuer just before these events and therefore it is possible for Bitfinex to investigate more on the issue.
The Tether “Treasury” is private key is compromised, since the attacker was able to steal bitcoins and tethers from it. Until a better understanding of what happened is depicted we should consider that address as insecure.
Interesting development in the ASIC mining world: BtcDark, one of the Core developers, has launched a new effort called Halong Mining, which will sell a $1.6k miner machine claimed to be the most advanced available on the market.
This is interesting because it continues in the Asicboost saga, and might actually bring some sort of check and balance on Bitmain's total market control. (Also interesting this week is that there appears to be a link between Xiaomi's founder and Bitmain).
Never thought I'd link to Zero Hedge, but they caught a gem in a recent paper from the ECB where there's a proposal to remove the fixed deposit protection amount and instead change it to a discretionary amount based on the necessary to cover cost-of-living.
And they say we're mad for wanting to be our own banks!
An easy and nice introduction to structuring an Ethereum application from the Zeppelin team.
I found it particularly interesting because it explores the question of wether we'll have servers at all in the future in our apps.
Today, you might still need maybe a small server for a dapp, but with more services becoming available constantly we are almost at the point where there's no more need for servers at all.
(To be fair, this has been true in traditional software development too with all of the new cloud services that can handle everything from sending email with say Sendgrid to running intensive computations with Iron.io)
Interesting work from Banca Intesa's IMI subsidiary with an actual whitepaper out too. They are proposing a system for derivatives management, where they code inside of an Etherereum contract not only the terms of the derivative but also the potential problems that could arise as well as the solutions to implement.
They worked with blockchain startup Oraclize on it, and they think it makes it almost impossible for any counterparty to default by anticipating eventualities that might otherwise result from a legal dispute.
A super interesting thread from Fred Ehrsam comparing Bitcoin to religions.
Prophet: Satoshi. He is no longer here and thus impossible to question, making him plausibly infallible.
Rituals: running nodes, mining.
Sacred objects: bitcoin, genesis block.
Holy text: the Bitcoin whitepaper. Like any holy text, people interpret it through their individual lens. Sects: Different interpretations cause splintering into sects: big blockers, small blockers, maximalists, etc.
James from Newton Partners explores the still to be proven fat protocol thesis and argues that there are in fact three layers and not two: there's an Application Protocol layer which sits on top of the Base Protocol (eg. ETH) and before the actual application.
In substance he is arguing that tokens like CVC, KIN and company will be where the value accrues. "in the long run, thematic application layer investing in different verticals should outperform horizontal base layer investing."
Disclosure is that the founder of Civic/CVC is a GP at the venture fund where the author works.
Jill Carson also tries to give a taxonomy dividing between these three layers.
Interesting to read to re-understand the difference between native crypto-currency assets and tokens, as well as the complexity of some projects being at the same time the Protocol Platform and Product.
The thinking here is that we will be able to have innovation at only one layer of the stack without having to create all three at the same time every time (even tho in our dealflow most of the time the most interesting ones do..)
"In cryptocurrencies, the "store of value" is simply everyone's agreement that there is value here. There is no asset. And that is what a bubble looks like."
This is Bill Gurley's argument about the delusion we're all in, saying that it's all just happening because of low interest rates.
We get bubble calling articles every week obviously (especially on ATH weeks like this one), and we always enjoy reading them to see if we can relate to the reasoning.
In this case, I don't agree much. Bitcoin is new internet money. It is a revolution, there doesn't *need* to be an asset (like there are zero assets backing fiat currencies (and no, the governments assets are not directly the backing)).
Well, we also now know where the Guardian stands. Not really sure what they gain from writing this, but hey tried anyways. Their critique is tangential to the "there's no asset" one, and goes more towards the Ponzi path.
"The only value of cryptocurrencies today lies in the expectation that someone else will buy them. But the supply of bigger fools must run out one day."
This is a good overview from the Financial Times of the regulatory actions taken (and not taken) in recent weeks all over the world.
Interesting part about Switzerland and Singapore which have become de-facto standards but whose authorities have both issued warnings recently.
Our belief is that in the mid-term there won't be a jurisdiction that will continue to allow all the crazy things happening right now and that this deregulation-by-obfuscation (or by-innovation) that we've seen will stop. Certain places will have much more welcoming rules, but it's unlikely to be the current wild west.
Remember, rules are still here. It's not by being on the blockchain that people can suddenly ignore them.
Bermuda has launched a new working group aimed to advance the regulatory and commercial environment for token sales, cryptocurrencies and more.
Premier Burt has plans to launch a regulatory framework for DLT that would launch in 2018. He said that Bermuda "is considering a complementary regulatory framework covering the promotion and sale of utility tokens, aligned with the DLT framework."
Maybe tiny Caraibic islands will beat Switzerland and others in the long-term.
Very interest report coming out of Cardozo Law School which suggests the idea that SAFTS could actually be achieving the opposite of what they are set up to do, by clearly identifying tokens that are bought for financial gain and thus closer to being securities.
"[t]okens underlying a SAFT may be more likely to be deemed securities, thus potentially subjecting token sellers to significant legal or economic risks," the paper says – the opposite result of what the proposal set out to do."
If you're asking yourself who would want a mutual fund coat on Bitcoin: "Direct investment in Bitcoin can be operationally challenging, from dealing with the choice of the platform, to maintaining the proper security measures in terms of custody and to managing the changes made to the protocol (hard forks).
"Our goal is to take control of these operational challenges in order to facilitate access for qualified investors willing to gain exposure to Bitcoin. All of that under the format of a fund."