Past issues

Nov 26 2017

#24: 🤔 To Tether or Not to Tether

+ BCH unspent output hack, estimates of total BTC lost, application protocols
Token Economy
📓 also published on Medium
🤔 To Tether or not to Tether
Every. Single. Week. There is something major happening.

This week it's the culmination of the Tether / Bitfinex questions that have been arising in the community for the past months, mostly thanks to the constant alarm sounded by the anonymous twitter account @Bitfinexed.

The insinuation is that:
1) Bitfinex and Tether are basically the same entity, with the same people coordinating the whole thing.
2) Tether is printing USDT tokens out of thin air.
3) These USDT tokens are then used on finex to pump the price of BTC and other traded USDT pairs effectively substantially manipulating the market.
4) Many also believe that Bitfinex is running on a fractional reserve model and doesn't have funds to cover all deposits.

In the middle of the heat, Bitfinex tweeted out the weirdest tweet,saying that they are solvent.

Weird. And then, the next day, Tether announces that they have been hacked out of $30M in tokens.

Even the New York Times came out with a big piece exploring the issue which is a great primer and recap I suggest reading.

From far away and with limited information it's hard to judge what's really going on, but the lack of transparency is never a good sign, and it does all sound super fishy. If finex and Tether indeed are all-in-the-clear, they're most definitely not doing a great job communicating it.
We hope to get some more data soon in order to be able to figure out if we're close to another Mt. Gox moment or not.

This week, we engaged our good friends at Neutrino, who were kind enough to go dig the hacker's trail..
⚛️ Exploring the trail of Tether's hack
Courtesy of Giancarlo and Alberto from Neutrino, the creators of the P-Flow cyrptointelligence platform. They do this as a job, they provide deep transaction data and analysis and have a history of developing investigative cyber tools.

What happened? 

On November 19th the Tether Team announced that 31 million in Tether funds had been removed from the Tether treasury wallet by a hacker. The announcement was made to warn third party tether integrators about the disruption risk that these events might have implied. 

Background
Tether (USDT) is a token issued over the bitcoin blockchain and is distributed on the Omni token platform. Tethers have been created to maintain a fixed 1:1 exchange rate with USD.  This allows cryptocurrency exchange platforms to list Cryptocurrency/USDT pairing not implementing a fiat currency deposit procedure and replacing it with a crypto-to-crypto listing.
 
Technically speaking, Tether is a token created within the Omnilayer protocol: it is an intermediate layer enabling a digital asset on top of the bitcoin blockchain. In simple terms,  tokens are moved by performing bitcoin transactions (even using just a few satoshi) and the metadata of the transactions are then moving the USDT tokens as per user request (e.g. it is possible to create a transaction moving 0.00001 bitcoins that is actually transferring 10M of USDT). 

Transactions on Tethers include the “issuer” (address 3MbYQMMmSkC3AgWkj9FMo5LsPTW1zBTwXL) in charge of creating new tethers, and the “Treasury” (3BbDtxBSjgfTRxaBUgR2JACWRukLKtZdiQ) in charge of transmitting them to the destination address requested by the user (ref. https://tether.to/wp-content/uploads/2017/09/Final-Tether-Consulting-Report-9-15-17_Redacted.pdf). 
Online it is also possible to consult a list of the richest Tether addresses (https://wallet.tether.to/richlist).  Most of these refer to known, primary, cryptocurrency exchange platforms.

Events and technical analysis
Recently, important amounts of Tether were received by an address ascribable to Bitfinex (1KYiKJEfdJtap9QX2v9BXJMpz2SfU4pgZw). 
The patterns have always been seen in this sequence:
Issuer -> Treasury -> Bitfinex
(https://omniexplorer.info/lookupadd.aspx?address=3BbDtxBSjgfTRxaBUgR2JACWRukLKtZdiQ)

On Nov 19th the Treasury sent 30.9M USDT to a new address: 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv, which in turn immediately transferred them to 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. 
In the online community someone noticed that this was a different address from the usual one owned by Bitfinex, however it appeared as a legitimate change of address. 

On November 20th, Tether announced on the website that an authorized access to their platform had lead to a theft of 30,9M USDT (https://tether.to/tether-critical-announcement/).  As the critical situation required, the team created a temporary “emergency” hard fork to prevent the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r that was keeping the stolen 30.9M USDT from spending them. All the exchange platforms supporting USDT were required to immediately install the new patched version of the Omni layer. 

It is worth noting that as a consequence of this the USDT value on the Kraken platform (which is the only one listing a USD/USDT trading pairing) dropped to 0.906.

Since the USDT are tokens issued on Omnilayer, based on the bitcoin blockchain, it is possible to analyze the bitcoin transactions involved as they were the “settlement” of USDT Transactions. 

First of all, it’s possible to identify a transaction moving 10USDT from the Treasury to the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv. This appears to be a testing transaction to verify the efficiency of the USDT transfer process. In a few hours about 30.9M USDT were moved with 6 transactions valued respectively at 1M, 1M, 1M, 10M, 10M and 7.9M.

As mentioned previously, the emergency patch issued by the Tether team prevented the hacker from spending the 30.9M that had been stolen and moved to the address 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. However, it is interesting to note that in the emergency situation nothing has yet been declared or clarified about the address 31okFF1rUu8jjPEVuajycTRBp82Nteo4Mv.

This address appeared on the blockchain for the first time on November 19th as the output of a transaction receiving 0.01bitcoins from 1LBQpqUTEmdPTH8adaV6xS8KQt6FGCD3xD.  It is plausible to presume this transaction was providing the address with sufficient funds to perform the subsequent transactions moving USDT to 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. 
This in turn, one hop back on the blockchain, is plausibly the change address of a transaction originated by 16KYFJiAoM4aX82xw2V3YBHX72trWNhz48 (part of the BitStamp Stolen Coins) and paying to this address 1Ci3XEy71dGZ3ZDWF2CiVgsiAStt9WG5LX (Lioncoin Issuer).


We know it is difficult to follow this path without dedicated tools, so let’s recap the information we were able to identify as follows:
Conclusion:
  • The “Tether Theft Banned” and the “LionCoin issuer” addresses are very likely connected with “Bitstamp stolen coins”. 
  • Following the 5 btc sent from “Treasury” address to “Tether Theft” address we are tempted to believe that this is the compromised address. Unfortunately a security update by Tether website is not helping to clarify what happened since none of the technical details are explained. 
  • A Bitfinex wallet sent funds to LionCoin Issuer just before these events and therefore it is possible for Bitfinex to investigate more on the issue.
  • The Tether “Treasury” is private key is compromised, since the attacker was able to steal bitcoins and tethers from it. Until a better understanding of what happened is depicted we should consider that address as insecure.
📌 Token Economy
Ok so this is fascinating.

As you know, Bitcoin Cash is a fork of Bitcoin that doesn't support Segwit but has bigger blocks.

The problem is that Bitcoin Cash's developers didn't bother in changing the address space.

So, it turns out that some people got confused and made mistakes: they sent BCH to segwit-based BTC addresses.

It's ok if you send BCH to legacy BTC addresses, you will get BCH. But if you send them to segwit addresses, they will get lost as BCH doesn't have segwit.

Well, it turns out that there is a way to recover these coins, as they are basically "unspent" outputs.

So a miner did. (only miners can recover the coins) They found 490+ BCH in this limbo, and took control of them.

They are giving them back to whoever can prove they owned them, but will take a 30% "recovery" fee for the effort (and only provide the service until Dec 5th).

I will leave the moral implications of the act to the reader, but the new mechanics of white-grey-black hats of this world are fascinating.
Interesting development in the ASIC mining world: BtcDark, one of the Core developers, has launched a new effort called Halong Mining, which will sell a $1.6k miner machine claimed to be the most advanced available on the market.

This is interesting because it continues in the Asicboost saga, and might actually bring some sort of check and balance on Bitmain's total market control.

(Also interesting this week is that there appears to be a link between Xiaomi's founder and Bitmain).
Never thought I'd link to Zero Hedge, but they caught a gem in a recent paper from the ECB where there's a proposal to remove the fixed deposit protection amount and instead change it to a discretionary amount based on the necessary to cover cost-of-living.

And they say we're mad for wanting to be our own banks!
An easy and nice introduction to structuring an Ethereum application from the Zeppelin team.

I found it particularly interesting because it explores the question of wether we'll have servers at all in the future in our apps.

Today, you might still need maybe a small server for a dapp, but with more services becoming available constantly we are almost at the point where there's no more need for servers at all.

(To be fair, this has been true in traditional software development too with all of the new cloud services that can handle everything from sending email with say Sendgrid to running intensive computations with Iron.io)
I know, always JP Morgan. But this is a cool development.

They are partnering up with Zcash and exploring their privacy features on a permissioned Ethereum-based chain.

The financial industry has for years conducted fraudulent transactions and constantly been hit with all sorts of fines.

Maybe they are now realizing that transactional privacy from government agencies would enable to continue and expand their borderline activities? Hopefully not.
Scroll and wait for derivatives.. then scroll, and scroll, and scroll..
Interesting work from Banca Intesa's IMI subsidiary with an actual whitepaper out too.
They are proposing a system for derivatives management, where they code inside of an Etherereum contract not only the terms of the derivative but also the potential problems that could arise as well as the solutions to implement.

They worked with blockchain startup Oraclize on it, and they think it makes it almost impossible for any counterparty to default by anticipating eventualities that might otherwise result from a legal dispute.
Underdog post here, but one area in which we are *massively* interested.

The post posits two rules:
Rule 1: There is no such thing as no governance.
Rule 2: Every non-trivial governance decision is political.

And this is the beginning of a series exploring more topics including dfinity's model. We're subscribed.
A super interesting thread from Fred Ehrsam comparing Bitcoin to religions.

Prophet: Satoshi. He is no longer here and thus impossible to question, making him plausibly infallible.
Beliefs: decentralization.
Rituals: running nodes, mining.
Sacred objects: bitcoin, genesis block.
Holy text: the Bitcoin whitepaper. Like any holy text, people interpret it through their individual lens.
Sects: Different interpretations cause splintering into sects: big blockers, small blockers, maximalists, etc.

I guess that makes us disciples 🤷‍♂️

Read the full tweetstorm for more.
James from Newton Partners explores the still to be proven fat protocol thesis and argues that there are in fact three layers and not two: there's an Application Protocol layer which sits on top of the Base Protocol (eg. ETH) and before the actual application.

In substance he is arguing that tokens like CVC, KIN and company will be where the value accrues. "in the long run, thematic application layer investing in different verticals should outperform horizontal base layer investing."

Disclosure is that the founder of Civic/CVC is a GP at the venture fund where the author works.
Jill Carson also tries to give a taxonomy dividing between these three layers.

Interesting to read to re-understand the difference between native crypto-currency assets and tokens, as well as the complexity of some projects being at the same time the Protocol Platform and Product.

The thinking here is that we will be able to have innovation at only one layer of the stack without having to create all three at the same time every time (even tho in our dealflow most of the time the most interesting ones do..)
Really great post diving in the recent B2X debacle.

There's an explanation of the bugs that were present in the code of the btc1 codebase.
Nice market map of UK cryptocurrency and blockchain startups courtesy of William from Oxford Capital.
Even thought we already had our Devcon3 recap edition, Michael Wee's post is a super-detailed note log of all the talks at the conference.

I know at this point you need a vacation to read everything, but still.
I've been looking for a solid analysis of how many coins are out of circulation permanently.

Chainalaysis seems to have done the best study to date and the results are that between 2.7 and 3.7 million coins are gone for good.

That's a solid chunk on the 21m total supply and more than I expected, which is awesome.

To note that this analysis assumes that Satoshi's stack is gone forever. 
🛁 Weekly dose of bubble calling
"In cryptocurrencies, the "store of value" is simply everyone's agreement that there is value here. There is no asset. And that is what a bubble looks like."

This is Bill Gurley's argument about the delusion we're all in, saying that it's all just happening because of low interest rates.

We get bubble calling articles every week obviously (especially on ATH weeks like this one), and we always enjoy reading them to see if we can relate to the reasoning.

In this case, I don't agree much. Bitcoin is new internet money. It is a revolution, there doesn't *need* to be an asset (like there are zero assets backing fiat currencies (and no, the governments assets are not directly the backing)).
Well, we also now know where the Guardian stands.
Not really sure what they gain from writing this, but hey tried anyways.
Their critique is tangential to the "there's no asset" one, and goes more towards the Ponzi path.

"The only value of cryptocurrencies today lies in the expectation that someone else will buy them. But the supply of bigger fools must run out one day."
😎 Cool new projects
This is super cool!

Toastycoin is a way to create and find Burnable Payments on the Ethereum blockchain.

Burnable Payments, or BPs, are tools for trustlessly outsourcing work, wherein scammers are prevented from profiting by a payer-controlled, last-resort "burn" option.

Toastycoin already had a beta product and now they released Frontier, fully free and open source.

Enable MetaMask on mainnet or Ropstein and give it a try.
Genesis is Mothership's new product to conduct EU-based token sales.

Think of it as a European CoinList competitor.

They tout sophisticated security mechanisms, extensive KYC procedures and regulatory framework aligned with European Union and Estonian regulations.

Most notably, if you are an Estonian e-resident you can jump the queue when participating in sales and don't need to upload your passport scans or pesky utility bills.
🤡 ICO madness
Funderbeam released a very interesting report with a lot of nice data on ICOs. Specifically, they segmented the data by countries to figure out who is raising money where and what the top cities are.

I was happy to be a guest at the event where Funderbeam's CEO presented the report and I suggest you go download it.

Spoiler:
Bound to happen. Will again.
👮 This week in regulation
This is a good overview from the Financial Times of the regulatory actions taken (and not taken) in recent weeks all over the world.

Interesting part about Switzerland and Singapore which have become de-facto standards but whose authorities have both issued warnings recently.

Our belief is that in the mid-term there won't be a jurisdiction that will continue to allow all the crazy things happening right now and that this deregulation-by-obfuscation (or by-innovation) that we've seen will stop.
Certain places will have much more welcoming rules, but it's unlikely to be the current wild west.

Remember, rules are still here. It's not by being on the blockchain that people can suddenly ignore them.
Bermuda has launched a new working group aimed to advance the regulatory and commercial environment for token sales, cryptocurrencies and more.

Premier Burt has plans to launch a regulatory framework for DLT that would launch in 2018. He said that Bermuda "is considering a complementary regulatory framework covering the promotion and sale of utility tokens, aligned with the DLT framework."

Maybe tiny Caraibic islands will beat Switzerland and others in the long-term.
The Netherlands' AFM produced an FAQ with the risks associated with ICOs
Very interest report coming out of Cardozo Law School which suggests the idea that SAFTS could actually be achieving the opposite of what they are set up to do, by clearly identifying tokens that are bought for financial gain and thus closer to being securities.

 "[t]okens underlying a SAFT may be more likely to be deemed securities, thus potentially subjecting token sellers to significant legal or economic risks," the paper says – the opposite result of what the proposal set out to do."
Banking is hard for all exchanges. Gatecoin lost their Hong Kong banking, which is making it scary for the whole ecosystem.

Whoever is able to develop a decentralized fiat gateway to plug in with the various decentralized exchanges projects popping up will have some serious business I believe.
💰 New funds
If you're asking yourself who would want a mutual fund coat on Bitcoin:
"Direct investment in Bitcoin can be operationally challenging, from dealing with the choice of the platform, to maintaining the proper security measures in terms of custody and to managing the changes made to the protocol (hard forks).

"Our goal is to take control of these operational challenges in order to facilitate access for qualified investors willing to gain exposure to Bitcoin. All of that under the format of a fund."
Congrats to our good friends at Seedcamp for closing their fourth fund and getting ready to jump into the token space!
ℹ️ About us
Token Economy is written and curated by Stefano Bernardi and Yannick Roux.

If you're building a new fundamental piece of technology for the future, please reach out 🤙
Feel free to send links to include in the next issue, or any comments you might have on this one!
Token Economy · The Dolomites · 38121 Trento TN · Italy
Unsubscribe | View in browser

Previous Issues

Load More