Dissecting How Bitfinex Covertly Sent Over $150 Million to Huobi Via 'Chain Swaps'

Money Laundering Mar 30, 2021

This report will dissect how Bitfinex was able to covertly transfer over $150 million to Huobi covertly during a Tether 'chain swap'.

Quick Review: 'What are Chain Swaps?'

A 'chain swap' (supposedly) occurs when a large entity (such as, 'Binance', 'Bitfinex', or another exchange) decides to "burn" funds on one chain while crediting an equal amount to themselves on another.

A Little More Detail

Originally, Tether was issued on the Bitcoin blockchain via technology called 'Omnilayer'. Omni works in a manner similar to how 'smart contract' tokens do for Ethereum (yes, there is an equivalent setup for Bitcoin).

Initially, it was argued that transfers on Bitcoin were too slow to faclitate the volume of Tether transfers from wallet to wallet on top of the Bitcoin blockchain.

So, Tether made the announcement that they would be branching off to another blockchain (i.e., Ethereum, EOS, Tron, and others).

In doing so, they created:

  1. A New Treasury Address: These addresesses are the ones that are responsible for holding newly generated Tether tokens. Unlike other cryptocurrencies such as Bitcoin and Ethereum, Tethers are not generated via mining, but rather through manual, codified commands that can be issued at whim by whatever entity the Tether organization has authorized / granted this authority to. At the time of writing, there's no telling exactly who that authority is - although we do know that Bitfinex and Tether are subsidiaries of the same parent company (DigiFinex).
  2. A New Term (Chain Swaps): Which will be described below in greater detail.

Background Information

Since every Tether is supposed to represent one U.S. dollar (in reserve somewhere on planet earth), Tether is forced to at least maintain the appearance that they are not generating these tokens arbitrarily.

Otherwise, that would make it even more obvious that Tether (and Bitfinex) are simply generating these tokens at whim - an act tantamount to generating billions of counterfeit dollars to defraud citizens all over the globe via a network of cryptocurrency exchanges that also serve as the flash point for an international money

For reasons unknown to the public (as none were specified), Bitfinex, Binance, Huobi, and several other major cryptocurrency exchanges decided to engage in this activity all at once.

Chain Swaps

'Chain swaps' are the alleged process of shifting a certain number of USDT from one chain to another (according to what is publicly understood).

The guidance on Tether's website (archived here), doesn't really do much better at explaining what's going on and neither does the tweeted explanation by Paolo Ardoino (archived here).

We won't dig into that here (that's in another piece being released soon; refer to blog.hash.fail for updates).

Bitfinex Tether Transfer Case Study: Tron Chain Swap

Rather than reviewing each and every single instance of Bitfinex sending over USDT (Ethereum) to the Tether treasury for a chain swap to Tron's blockchain, we're going to review a specific TX and explore its path to Huobi.

Case Study Transaction

Below are tweets from 'Whale Alert' that mimic the structure of a typical 'chain swap' for USDT:

Individual Tweet Links (reordered to match chronology of events):

  1. https://twitter.com/whale_alert/status/1187625836595367936
  2. https://twitter.com/whale_alert/status/1187625763832520704
  3. https://twitter.com/whale_alert/status/1187625836595367936

Below is the third tweet related to this transfer (not seen in the picture above):

In a reply to this tweet, we can see Paolo Ardoino, the CTO of Bitfinex, identify this as a 'chain swap':

https://twitter.com/paoloardoino/status/1187626249465847808

In plain English, here is what happened:

  1. Bitfinex sent 40M Tethers from their wallets on Ethereum to another address on Ethereum designated as 'Tether treasury'.
  2. An equivalent amount in Tether (USDT) was generated by an address on Tron's chain, which is also labeled as the 'Tether treasury'.
  3. After the equivalent amount of USDT (40M) was generated on Tron's blockchain, it was sent to Bitfinex's wallet on Tron's blockchain.

Exploring Where the 40M USDT in Bitfinex's Tron Address Went to

The transaction in question that we're looking at occurred on October 25th, 2019 at 7:03 UTC (should be exact to the minute since the TX is confirmed the second its in the blockchain).

This transaction from the Tether treasury to Bitfinex's wallet on Tron is isolated above.

Here is the transaction ID: https://tronscan.org/#/transaction/a0e755fcd9bc7398ae9463d3bbfae60adbb83227c17c1702a2e5b8f8703a44e4

Here is what the transaction panel looks like on Tronscan:

Following the Path of the TX

Before following the path of the TX, take a look at Bitfinex's wallet balance (USDT) on Tron [shown below]:

As shown in the screenshot above, Bitfinex's Tron wallet has a balance of 17.9M USDT, which is markedly less than the 40M USDT that was sent in the transaction outlined above and there were many more 'chain swaps' involving Bitfinex than just the one being outlined in this case study.

Based on this information, it can be concluded that the Tether are being sent somewhere. This conclusion is what prompted the initial investigation into where the USDT may be going.

Exploring Outgoing USDT TX from Bitfinex's Tron Address

_The steps to tracking down the passage of USDT (_from the case study transaction, specifically), will be outlined below in chronological fashion.

Step #1

On Bitfinex's Tron address page on the Tronscan explorer, the 'Transfers' tab is selected:

https://tronscan.org/#/address/TXFBqBbqJommqZf7BV8NNYzePh97UmJodJ/transfers

Step #2

The 'transactions' panel for Bitfinex's address on Tronscan shows all of the incoming transactions, which would make it unnecessarily tedious to sift through to the specific incoming 40M USDT transaction we're looking for.

So, we will adjust the timeframe of transactions in order to shorten our search time.

This involves first selecting the 'more' tab:

Followed by isolating the time frame on the calendar that pops up (the TX occurred on October 25th, 2019; 7:03 UTC):

Below is as granular as Tronscan's site will allow us to get with the time frame:

Step #3

From here, we search for the TX until we find it in the transfer history for Bitfinex.

By selecting the option to only display incoming transfers (clicking 'in'), we can expedite the process even further.

See below:

From this point, it should take less than 15 seconds to find the TX (at the time of writing).

The relevant transaction happened to be on the first page of results after all of the criteria were added to the query (step #1 & #2 + the tip offered above).

To shorten the time even more, press ctrl/cmd+F and type in '40', and it should allow for an even quicker identification of the relevant transaction.

Step #4

Now that this has been identified, we remember the block height that this transaction was at (13913427), so that we can analyze what's going on quicker and more efficiently.

After that's been obtained, we scroll back up to the top of the page and select the 'all' option for transfers so that we can see and outgoing transactions:

Step #5

From here, we wash, rinse and repeat what was done in step #3.

Using ctrl/cmd+F we initiate searches on each page using the block height numerical value '13913427' as the query on the page.

Repeating this process yielded no results for us until the 5th page.

Fortunately, this process still only took approximately 20-30 seconds since we could quickly ascertain whether the transaction was present or not on each page.

Here is the isolated transaction below (in context):

Note: None of these individuals transaction pages can be linked by URL as this is all controlled by the web app engine running Tronscan, which preloads the scripts and queries for the addresses; in laymen's terms, the content is already generated, so the URL hasn't changed from the original 'transfers' URL presented in step #1.

Evaluating the Flow of USDT

After the 40M USDT TX is sent into the Tron address, we can see that there are two large outgoing transfers of USDT immediately following:

1st TX for 20M USDT = https://tronscan.org/#/transaction/fd718261c945e60fc580f2c360008501c182ef448bf9d4d627e5c290769eb32f

2nd TX for 10M USDT = https://tronscan.org/#/transaction/b79412a4062fb880cd0cda2db8745f97946227edd46abc960d09e4fbe4e769b3

Following the First USDT Outgoing TX (20M USDT)

As shown above, the TX for this outgoing transaction can be found here = https://tronscan.org/#/transaction/fd718261c945e60fc580f2c360008501c182ef448bf9d4d627e5c290769eb32f

See below:

The recipient's address page = https://tronscan.org/#/address/TLZFUvyNTPDvh7kCigQXUZEecUktSmmgyw

Recipient's Balances are Empty (Shell Wallet/Address)

Take a look at the address balance(s) of the first recipient address of the 20M USDT from Bitfinex:

Similar to what was done above for Bitfinex's wallet, we're going to look at the 'Transfers' page.

The URL to this page = https://tronscan.org/#/address/TLZFUvyNTPDvh7kCigQXUZEecUktSmmgyw/transfers

Curiously, it appears that Bitfinex (and another entity) has been sending tens of millions of USDT into this wallet address, which reduces the work that needs to be done in order to parse through this investigation, substantially (at the time of writing):

Above, approximately 30M USDT from Bitfinex can be seen going into the wallet, and the full amount can also be seen leaving shortly thereafter.

These transactions are not related to the 40M USDT attached to this report's case study.

The incoming 20M USDT from our case study can be found further down the page here:

These TXs were identified by simply matching up the time of the outgoing TX from the Bitfinex address that we displayed in the step-by-step analysis above.

TX ID for incoming 19.9M USDT transaction = https://tronscan.org/#/transaction/fd718261c945e60fc580f2c360008501c182ef448bf9d4d627e5c290769eb32f

TX ID for outgoing 19.9M USDT transaction = https://tronscan.org/#/transaction/1fc4bd9e8d8a71725bcd8d088765d9f307ab9dc1602f721fdab61c4c70149615

Following the Transaction

The outgoing TX URL shows the funds going to TNaRAoLUyYEV2uF7GUrzSjRQTU8v5ZJ5VR

Below is a look at the balances in this address:

As one can see from the image above, the funds in this wallet are substantial.

Altogether, the screenshot above of the address' balances show nearly $745 million USD (regular U.S. dollars; not Tether) in value.

Identifying the Address in Question

Given the extraordinary balance of the address in question as well as the transaction pattern of the address that sent funds to it, it seems more than likely that this address belongs to an exchange of some sort.

However, the best way to confirm this definitively on Tron's blockchain is to check out the top holders of USDT on the blockchain, which can be found here.

Huobi Positively Identified

A brief scroll down this page reveals that the address belongs to the cryptocurrency exchange, Huobi:

Notably, Huobi owns >81% of all USDT on Tron's blockchain, which is interesting when considering that Binance and Bitfinex have both triggered numerous alerts on Twitter, Telegram and other platforms where 'bot' accounts give automated alerts for large transfers (similar to what can be seen at the beginning of this report from 'Whale Alerts').

Below are a few examples (these screenshots were produced on October 29th, 2019 for those needing a date reference) from Telegram:

Bitfinex

Binance

Exploring the Other Transactions in that Intermediate Wallet

While the discovery made above in this case study is interesting, it is certainly worth analyzing how many USDT have flowed from Bitfinex to Huobi via the intermediate wallet that we identified above.

How to Expedite This Process

Since there are a lot of transcations and the Tronscan block explorer is not the greatest, visually or feature-wise, when it comes to parsing out transactions and entities interacting on the chain, we're going to use a few 'hacks' to greatly reduce our analysis time.

Explanation (Brief)

Let's look at our intermediate wallet address' transfers again (this is the wallet that received that 19.9M USDT transfer from Bitfinex):

Above are the two transactions that were isolated before.

What We Know About These Transactions:

  1. Incoming = Bitfinex
  2. Outgoing = Huobi

Using that information, we can quickly assess which incoming transfers are from Bitfinex by just marking every TX that has the same incoming address format (TX... mdJodJ is the abbreviation it gets). The same goes for Huobi.

See below:

Tallying the Numbers

Using this technique, we quickly parsed out the following:

  1. Bitfinex has sent in 160M USDT to this address
  2. Every outgoing USDT transaction went to Huobi, so 160M USDT has been sent to Huobi from this address since there are no leftover USDT at the time of writing (October 29th, 2019)
  3. There was one incoming USDT TX that did not come from Bitfinex. That TX was sent by the Tether treasury address itself. This TX can be found here: https://tronscan.org/#/transaction/aa25622d6a68bc395b8eb89788b3b4c61e1a357e141fddf5ca358a056879e498

Conclusion/Questions for Bitfinex & Tether

  1. Why is Bitfinex using a 'chain swap' to send funds to Huobi? While it is always unwise to immediately jump to conclusions, it is easy to understand how members of the community would consider this method of transferring funds to Huobi to be clandestine and, therefore, attached to something nefarious - especially since Paolo Ardoino has never once mentioned that these chain swaps would be used to facilitate the transfer of funds from Bitfinex to other external entities
  2. Why is Bitfinex sending 160M of their USDT over to Huobi? (Note: It is very well possible that the actual number could be even higher than this. We only observed one wallet address in the example above. There were various wallets that Bitfinex was sending funds to apart from that one.)
  3. What is Huobi going to do with this extra USDT? Why do they need it?
  4. Did Huobi purchase these 160M USDT from Bitfinex? If so, when? And again, why would the transfer need to take place via 'chain swap'? It seems it would have been easier for Bitfinex to send these funds directly to Huobi via Ethereum and left it to Huobi to perform the 'chain swap' ; not only would this have been more transparent at a time when Bitfinex desperately needs to show that they are an honest, upstanding organization - transferring these funds via Ethereum would've also been more efficient as well. Bitfinex could've saved substantially on costs and time; not to mention the added complexity involved with debiting/crediting these transfers in a way that's internally & externally valid is extremely questionable as well.
  5. What guarantees do we have that this process isn't being used to facilitating the double spending of USDT? The 'Treasury' address that Bitfinex has been using for these 'chain swaps' has been sending out some of the USDT that it has received from Bitfinex and other parties. This begs the question of whether the USDT is truly being swapped or whether its being double counted **(**i.e., 20M USDT from Ethereum being 'debited' to create 20M USDT on Tron, but that same 20M USDT on Ethereum is re-released into the 'wild' again without an actual counter party - resulting in an additional 20M USDT to the circulating supply of USDT without any clear buyer/counterparty)
  6. Why hasn't Paolo Ardoino or anyone else affiliated with Bitfinex or Tether mentioned that they were sending hundreds of millions of dollars worth of assets over to Huobi via 'chain swap'? Again, it seems that at a time when the questions surrounding Bitfinex's legitimacy have once again risen to the forefront of the community, both Bitfinex and Tether (iFinex) would provide as many detailed disclaimers and explanations behind their actions as possible in an attempt to demonstrate to the community that they truly are the innocent 'victims' of Crypto Capital Co. + Global Trade Solutions.

Intermediate Conclusions

  1. Given the fact that these USDT 'chain swaps' have started and accelerated with rigor since the news of Ivan Manuel Molina Lee's arrest and Oz Yosef's federal indictment, it would not be illogical for individuals to conclude that the two are interrelated in some capacity.
  2. The transfer of 160M+ USDT from Bitfinex to Huobi (again, this is a baseline estimate - we only analyzed one address here) yields the strong impression that these entities are interconnected. By 'interconnected', that word is meant to suggest that the two entities are one in the same and/or controlled/managed by the same entities. If this is not the case, then Bitfinex must explain what would motivate them to transfer such an obscene amount in funds to Huobi. At the very least, one must conclude that they are partners in some capacity.
  3. The community should be demanding that Bitfinex (and Tether) publish a report, either separately or combined, that details these transactions as meticulously as this report does (excluding the how-to guides). Bitfinex is moving hundreds of millions of dollars worth of USDT from one chain to the next without explaining: A) How the debiting/crediting of these USDT from one chain to another is being done | B) breaking down why the chain swap is taking place (seriously, there hasn't even been an explanation given) | C) Breaking down why the chain swap is taking place now vs. next week/last week/next year ; the timing is invariably suspicious given the fact that it comes on the back of the Ivan Manuel Molina Lee arrest and the Oz Yosef indictment

Parting Words

At this point in time, it is incumbent upon the entire blockchain community to seriously audit Bitfinex's actions in a substantive manner rather than providing continual excuses for their actions.

October 2018 was a small glimpse into the anguish that traders and other users in this space will face if Bitfinex, for whatever reason, is unable to access funds.

Neither Bitfinex or Tether have established why they should be taken at their word in their claims that they were "victims" of Crypto Capital Co.

The fact is that Bitfinex continued to work with Crypto Capital Co., refusing to publicly call them out even after Reginald Fowler and Ravid Yosef were indicted.

It was not until the arrest of Ivan Manuel Molina Lee was made public and Oz Yosef was indicted in the United States on federal charges that Bitfinex released a public statement distancing themselves from Crypto Capital Co.,

Curiously, even when the New York Attorney General, Loretta Lynch, revealed in court filings that Bitfinex had lost over 800 million dollars (USD) due to Crypto Capital Co.'s criminality, Bitfinex did not take that opportunity to 'throw them under the bus', so to speak. Instead, Bitfinex decided to issue strong words against the New York Attorney General.

There are a slew of additional reasons for why Bitfinex must be given an absurdly high burden of proof when it comes to establishing their innocence or why they should be trusted in any capacity in the blockchain space.

Tags

cryptomedication

Happy to serve and help wherever I'm needed in the blockchain space. #Education #EthicalContent #BringingLibretotheForefront

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.