The 2015 Bitstamp, 2015 Bitfinex, and 2017 Tether Hacks are Connected

Acknowledgements: I would not have been able to complete this as thoroughly as I did without building off existing work. It needs to be pointed out that years ago u/SpeedflyChris (archive) pointed out these same connections. I also relied heavily on a tool created by Aleš Janda.

In January of 2015 Bitstamp was hacked in what they described as a phishing attack. (Archive) These funds were withdrawn to 1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf (referred to as 1L2 for the remainder of this piece for convenience) at first. Bitstamp also sent funds to 1AXsTbi4sSH1M5hccgdEVn5et9xFd7Bxpd (referred to 1AX) and 16KYFJiAoM4aX82xw2V3YBHX72trWNhz48 (referred to as 16KY). All 3 of these addresses which received withdrawals from Bitstamp were part of the same wallet and this can be determined by reviewing the transactions where they ‘co-spent’ or both provided inputs to a transaction, suggesting the same person could sign for both addresses. 1L2 and 1AX co-spent in transaction 7e80957db4514d150899b308b0472b51ce7b3dbd979f2b3e80681cb9067dac13 and 16KY and 1L2 co-spent in transaction 41afc875a478acdf322ea37e6edcd3878627e6d0b4a6c4de280708c822670b2a. This suggests the 2015 Bitstamp hacker was receiving funds from Bitstamp as late as December 19th 2018 in transaction 4a05c4347d5cf797f7eeacc1d1b6881ef9e4e71195025bb3275a18f495b988be. That is a LONG hack.

Continue reading “The 2015 Bitstamp, 2015 Bitfinex, and 2017 Tether Hacks are Connected”