Last week, 119,754 BTC worth around $80 million USD were stolen from the BitFinex exchange in what was probably the second biggest Bitcoin theft of all time.
Yesterday their Director of Community Zane Tackett posted a list of the transactions made by the thief.
I was curious to check whether any of the coins had been spent since the theft, and also wanted to check that the published total was correct. So I made a new Bitcoin Core wallet and imported all the theft addresses as "watchonly". After rescanning the blockchain all the transactions showed up. I was surprised to find that not a single Bitcoin has been spent yet:
Here's the wallet sorted by amount, showing the biggest thefts at the top. The thief rather sensibly emptied the biggest accounts first, so we see the biggest thefts at around 2am:
And here it is sorted by date, showing the newest transactions first. Notice the top 5 transactions are all tiny. They were likely made by victims of the theft in an attempt to track their coins. Other than those 5 we see the smallest thefts (around 4 BTC each) happening 3 hours later, at 5am. The whole theft took 3 hours to complete, although it is possible that most of that time was spent waiting for confirmations:
I have made a copy of the wallet available for download if you want to load it into your own Bitcoin Core client to monitor for future spends. If I see the coins start to move I will make another post about it, and link to it from here.
Edit: I don't know if it matters or not, but I made the wallet using a release candidate of version 0.13 of Bitcoin Core. I wouldn't be totally surprised if the wallet.dat is incompatible with earlier versions of the client.
Edit2: I was asked how I made the 'watchonly' wallet. I put a list of all the addresses I wanted to watch into a file, then did this:
cat address.txt | while read x; do
echo $x; bitcoin-cli importaddress $x '' false
done
The false causes the client not to rescan the blockchain after adding each address. At the end I did this to cause it to rescan the blockchain:
bitcoin-cli importaddress $x '' true
Nice to see more specifical details about this subject, I hope he gets tracked down eventually :).
I guess the title is a little unclear. I am attempting to track the coins, not the thief. :)
I love tracking coins and going through the block history. IDK why I do it several times when I'm bored
Nice post dooglus. Glad to see you on here.
Glad to see someone I know is capable of looking into this whole bitfinex fuckery is doing so. Best of luck to you sir.
Thanks for taking the time to explain this. I'm really new to crypto so this really helps.
For all the criticism you can throw at cryptos, a lack of transparency is not one of them...
hello @dooglus ...welcome to Steemit :)
Any plan to create a Just-Dice like site using Steem coin ?
Funny you should mention that. I was just talking to andu about it.
I can't really see it happening. Which of the three tokens would we use?
SP is right out I presume, because it isn't available to withdraw.
STEEM is no use as a currency, because of its massive inflation rate. It is designed not to be held, so I think it would be very hard to get any investors to hold it in a dice site. The incentive is to get rid of STEEM tokens as quickly as possible, in exchange for SP or SBD.
So that leaves SBD. But running a dice site that accepts SBD seems dangerously close to running a site for USD, which doesn't seem like a good idea. Unless SBD ends up not holding its value like it is meant to, in which case see the previous argument.
Am I missing anything? The Steem tokens seem like they are designed to work well for the Steem devs, but not for the rest of us. But I'm still very new to Steem, and probably misunderstand a bunch of it.
SBD is designed to be perfect for this, with fast finality, price stability, and no transaction fees, but if you are concerned about the legalities of it then you can't take advantage. That's unfortunate, but understandable.
You are correct that STEEM is not a good fit, unless you could somehow work out a way for the site to power up and use that as backing for the gambling bankroll, as a sort of staking pool. There would need to be restrictions on the rate of withdraws of both bankroll funds and winnings, but that might be workable given that most gambling on JD is small, so could easily be covered by the 1%-per-week power downs.
I don't really understand why you think the tokens are better for the devs. Anyone can power up; the devs get no special treatment on it.
Hey smooth. Thanks for the upvote. :)
That's an interesting idea.
I'm pretty confused about how this all works. Both SP and SBD earn rewards for holding them - is that right? I can't hold SP in my own wallet, and can only hold it on steemit.com? But SBD and STEEM can be withdrawn into my own local wallet and freely traded? Except I seem to remember there's a 1 week delay with SBD withdrawals. Can I hold SBD in my own wallet and earn rewards, or do I only get rewards if I have steemit.com hold them? Am I totally misunderstanding everything?
(Edit: where would I even find the official steem wallet client for download? Google isn't helping me find it)
I guess because I figure they premined a whole bunch of tokens for free whereas the rest of us have to buy them. But maybe I'm even wrong about that. How was the initial distribution done?
[ I'd like to reply to smooth's comment, but I see no 'reply' button. I guess we hit the maximum depth? drinkzya's comment at the same level also has no reply button ]
Thanks for the explanation. I wasn't understanding that this site (steemit.com) is really just a fancy block explorer, and that it's the blockchain that matters, not the site.
The owners of steemit could decide to remove all posts they deem racist from their site if they want to, but they couldn't remove them from the blockchain, and everyone else would be free to make their own version of steemit.com which didn't censor the posts. In much the same way that the blockchain.info Bitcoin wallet isn't really where anyone's money is. The money is on the blockchain, and the b.i wallet website is just a way of interacting with the blockchain. If I dislike b.i's wallet I am free to switch to a different site (or even run my own client). Is that right? A good way of understanding things?
@dooglus Nice to see you here. If you are ever interested, I have already purchased the steemroll.com domain just for this if you ever wanted to possibly do something together. You can reach me in steemit.chat
Wallet (CLI-only): https://github.com/steemit/steem
The web wallet/site/app that runs on steemit.com is also there now (was released a bit later)
I still don't quite follow the logic on why that makes the inflationary STEEM token itself good for them, when everyone else can avoid the inflation by using SP too. If anything, given their large SP holdings, the restrictions on liquidity of SP hurts them as much or more than anyone else, but in any case, here's some info about the launch.
It was effectively (but not literally) an 80% premine (though not quite free; they had to compete with a few other miners and did apparently spend money to do this). They launched with a public bitcointalk thread (still there) but there were no instructions or other information so only those able to figure it out from the code were able to mine it. It was openly stated at this time why the developers were doing this.
The plan (then and now) for the 80% is to give away 40% (every new account needs coins and receives a minimum balance–currently 3 SP–for free), keep 20%, and sell 20% to pay for development. This process is reasonably transparent and can be tracked by watching the 'steemit' account and the ones fed from there ('steem' creates the new accounts for example).
SBD currently earns 10% interest (rate is variable) and SP earns anti-dilution payments that offset most of the STEEM inflation. You can hold SP (or STEEM or SBD) in your own wallet with your own private keys, and there is no disadvantage to doing so in terms of rewards, etc. The web site is really just a web wallet that gives you a view of the blockchain. There are no restrictions at all on transfers of STEEM or SBD. SP is locked up and can only be converted to STEEM 1/104 per week (with a one week delay before first conversion when starting the process). SBD can be converted to about 1 USD worth of STEEM with a one-week delay, but this is an optional function that supports the pegging of its value and never required (alternately you can transfer it and/or trade it on a regular exchange or via the internal market with no delays)
@doolgus, yes reply depth is annoying.
Your comments about the removal of racist posts from steemit.com and about using an alternate blockchain view are correct. Not hard to do in fact, since you can just download the source to the steemit.com web site from their github and host your own.
BTW, here is another explorer for the same blockchain hosted by a community member which provides a bit more low-level detail: https://steemd.com. You can also use that as a conventional block explorer using b/blocknum and tx/txid paths, though I don't see where it has a search box.
Dang, I just upvoted the comment this is from and now put it above the comment it is replying to.
You are pretty correct about it. But, I guess, you'll not be among the rest of us. They'll shower SBD on you pretty soon to show carrot to the gambling crowd.
This might be related - Bitfinex Thief Identified.
Interesting. You write:
but I don't see any evidence presented at all. Do you have any evidence that it was an inside job? Are you suggesting that him deleting a twitter account is evidence of theft? I don't get it.
very clever...
Thanks for the detailed article about it!
Are you btw the real dooglus from JustDice?:)
My bitcointalk profile has a Bitcoin address of mine, and here's a signed message using it:
> signmessage 1Doog7asLrYah3yeUppBVj8nUYnFkmXm2N \ 'dooglus on bitcointalk, reddit, bitcoin-otc.com, and steem are all the same dooglus' G1XjLn9Y9/y5Wby+6q21SmPAxyriiaUcWjf9KHrlPMRLAMiZfNeY4j5QDopDl2bmAG81w4TJO5hkE59dlJeVWW0=Oh cool! Sorry there is no notification for replies here yet hence why it took me some time to noticed yours. Thanks for verifying! You should really consider tell your story (how you got into blockchain and/or steem) and maybe introduce yourself! I am sure many readers will be very interested!
Glad to have the dooglus on board! Welcome! :)
I am. PM me there. I'll hear a 'ding' and reply to you.
I was thinking of people a signed message on my Steem profile to prove it. But I can't find my Steem profile. Do we not have profiles? If not, where's a good place to put such proof-of-ID stuff?
You may write under https://steemit.com/trending/introduceyourself providing your proof-of-ID stuff. I'm sure your introduceyourself will be a moon post ;-)
This. Write an introduceyourself post and include good verification. It will be worth your time :)
good info thank you for share dooglus
Have you find 1BfxSuxJqXuizBbTcP238JZY9DT4eqvzJG at any point of your tracking?
Reference:
I'm aware of the address, but it doesn't seem to be related to the BitFinex hack at all. It could be owned by the same guy and be holding funds from a previous hack I guess.
Oh thank you for this information, ive been trying yo follow this info for a while. I'm wondering why they even had all those funds on live wallets in this day an age. Especially when trezor an other cold wallets are a thing. Sad to say but a they are stupid or b they pulled a gox. Also i notice this is your first post so welcome to steemit.
Nice track, im sure that we need people like you, that can get us more facts about heists like this.
But it is not strange for me that the hacker group did not spend anything, they dont want to move it for some time, because dumping them could affect bitcoin price.
Or they just want bitcoin at the moon :D
I'm still watching the wallet. I see a couple of new small deposits to one of the attacker's addresses, but still no spends from the wallet:
Bitfinex is sketchy. That is why I don't use the platform. Sad because I would like to buy IOTA.