Dissecting the DNA of a 'Complex' Ethereum Transaction

Blockchain Tech Jun 24, 2020

This article felt necessary because, while there are many people that understand how Etheruem, Bitcoin and other popular blockchains work on a surface level, there are few that have a deeper understanding of it.

And that doesn't speak to the intelligence of the crypto populace, but rather the woeful lack of information available for those that are seeking knowledge and direction.

Thus, this piece will serve as one of many installments for a series we'll call, 'Understanding Blockchain' on our website (libre.fail ; 'libre.fail' is the full name! No .com!)

To start, we're going to take a look at a rather complex Ethereum on-chcian transaction (you'll see why we deemed this transaction to be complex very soon).

Setting the Stage

Okay, so before we get into breaking down this transaction - let's just set the stage here for what we're even looking at in the first place.

Transaction Background

We're plucking an old example that we covered a little while ago - but since the blockchain has permanence (barring any unforeseen reorganizations), we know that this information is evergreen.

To the point - our 'subject' of study came to our attention through an automated alert from Glassnode's Twitter account.

Specifically, this tweet in question: https://twitter.com/glassnodealerts/status/1186926107465015296 (screenshot below):

We found the total amount sent (in the ballpark of $10 million in one single transaction) to be worth tracking down - especially light of the fact that 'Glassnode' identified the recipient as being "unknown wallet".

Upon closer inspection of the transaction (with our insights measured against known facts already circulated on the internet and other places), we quicklyo discovered that the recipient address was none other than Bitfinex's exchange.

Transaction Details

Below are some relevant facts:

The transaction ID = 0x5a05cd0742620eb3096ab4cb9134cd7dd404b6441fd844d32fb9fbb4585e9980

The link to the Glassnode URL that tracked this transfer (among many others that it tracks on a regular basis) = https://studio.glassnode.com/metrics?a=USDT&m=distribution.BalanceExchanges [note: It can be accessed for free, but users will have to 'sign up' first - we recommend a "burner" account for security & safe internet practices]

Preferred blockchain exploer for this analysis = Etherscan (specifically, https://etherscan.io/tx/0x5a05cd0742620eb3096ab4cb9134cd7dd404b6441fd844d32fb9fbb4585e9980) ; Enough positive things cannot be said about Etherscan as a blockchain explorer for Ethereum

Preferred blockchain explorer #2 for this analysis = Bloxy.info ;they are another amazing resource for those looking to glean more granular information re: Ethereum on-chain entities & transactions, specifically contracts / calls / functions / function breakdowns by # of calls / etc.

[note: When used in tandem, Bloxy.info & Etherscan.io are usually sufficient for 98%+ of your investigations / quests for knowledge related to Ethereum on-chain activity]

Let's Start From the Top

In order to breakdown this transaction, we're going to first visit Etherscan.io so that we can dissect their transaction panel, which has a ton of relevant information for us.

Again, for reference, the link is: https://etherscan.io/tx/0x5a05cd0742620eb3096ab4cb9134cd7dd404b6441fd844d32fb9fbb4585e9980

Upon arrival, users should see the following:

Marking up the Transaction Panel for Greater Clarity

We took the liberty of isolating and identifying the most important information points on the transaction page.

How Users May Get Confused

One of the nuances in Ethereum's design that provides unique challenges for block explorers like Etherscan.io is that they must find a way to display the recipient and sender of a contract address that does not have an explicit sender.

'Huh? Break This Down!'

Bitcoin transactions are a bit easier to show graphically in a block explorer because each transaction contains explicitly defined inputs & outputs.

Thus, there is no confusion about "who" the sender is (in terms of the wallet address) and the intended recipient(s) [in terms of their addresses as well ; we won't dig into 'mixers' here].

However, Ethereum is different in that tokens (like USDT) are created by a certain entity (in this case, Bitfinex) and they must be 'called' upon in order to execute and transfer funds.

Breaking the Concept Down Further

Imagine that Bob would like to send Amy 5 USDT tokens on the Ethereum blockchain.

Rather than explicitly crafting a transaction that forwards a portion of his USDT holdings to Amy, explicitly - Bob must call upon the contract address for USDT with a command (i.e., 'send these tokens from my address over to Amy).

From that point, the token address is responsible for executing the commands (hence the purpose of the EVM and other modules that are designed to account for the computations on the Ethereum blockchain).

Thus, if one were to look at Bob's transaction at face value, it would appears as though Bob was sending funds directly to the Token contract address - which intuitively, would not make sense.

However, this is the correct way to show this interaction visually.

'So How Do We Make Sense of Such Transactions?'

We need to figure out how the contract address works (to a certain extent) or how the sender interacted with the contract address (USDT in this case) by parsing out the call that the made to said contract.

As we analyze our case study transcation in question between Huobi and Bitfinex (USDT is the token being sent here), the means of tracking down the actual entities responsible for initiating said transaction and on the receiving end of said transactions should become obvious.

It Looks as Though Huobi is Sending Funds Directly to the Tether Address

As described above, one of the most confusing things for users that are analyzing the Ethereum blockchain via a block explorer for the first time is the fact that token transactions will often be displayed to the end user in such a way where it appears (at face value) that the sender has sent funds to a non-entity (i.e., a contract address).

Let's see how this is the case with our Huobi transaction:

As we can see in the photo above, the 'from' address is labeled 'Huobi 2' by Etherscan, which refers to their address label.

The 'to' address, however, says "Tether USD".

Knowing that 'Tether' is a token, this obviously can't be right (on a literal level) because Token is not a real person / entity / organization, so what does this mean and where were the tokens transferred?

Continue following along if you'd like to see how we make sense of a transaction like this.

Taking a Trip Over to Bloxy

As mentioned several times before on our public platforms - Bloxy and Etherscan, while both Ethereum blockchain explorers, complement each other exceptionally well.

Bloxy's website = bloxy.info

Upon arriving at the homepage, all we need to do is put our transaction ID in the 'search bar':

Upon clicking the 'search in bloxy' button, users should be presented with the following:

One of the Biggest Benefits of Bloxy: Contract Analysis

Whereas Etherscan.io specializes in Ethereum transaction analysis, Bloxy's strong point is in contract analysis.

If users scroll further down the page that loaded after clicking the 'search in bloxy' button, they will come across a module that should like the following:

Above is a photo of an interactive graph that shows:

A) Contract Caller [Huobi]

B) Tether token contract address

C) The amount of tokens transferred (after the contract was called; 10 million USDT)

D) The ultimate recipient of the transaction

While the Etherscan.io transaction panel presented all of these same entities, seeing them displayed on a live, interactive graph certainly makes the information much easier to parse:

As shown in the photo above, Huobi - the initiator of this contract - makes a call to the Tether contract, which is what enabled them to send 10 million USDT to the 0x4a address (full address = 0x4a52a7d5fc5e6e346eff994a26416eddef200990)

Next Step - Tracking Down the Recipient

Now that we know who / what the actual recipient of this transaction is, we're going to go ahead and and see what information we can gleam from that lead.

Back to Etherscan

As stated above, while Bloxy.info is unrivaled for contract analysis - Etherscan.io is the flagship Ethereum blockchain explorer when it comes to examining Ethereum transactions.

So let's revisit that site briefly and check out what we can find out (if anything) about the 0x4a address.

Transaction Address Main Page

One of the better aspects of etherscan.io is that each wallet address has its own page that coherently displays all relevant information to that particular address.

However, when a token transaction is involved, users can access a second 'home page' for a given address that shows the transactions that are relevant to a specific token address.

For now, we're more interested in garnering information from the latter.

How to Access the Token-Specific Page

Users won't be able to easily access the token-specific (USDT) page by simply entering a given address in the search bar (especially since there isn't a section to narrow down searches to specific token interactions for a given wallet).

However, there is one easy way for us to access this token specific page

All we have to do is revisit the transaction page on Etherscan.io for this transaction that we're analyzing (the original etherscan.io address) & simply click on the address in question that we're looking to examine.

Just in case there's any confusion about those instructions above, we'll walk readers through the steps below:

We revisit the transaction url on etherscan.io, which is located here: https://ethttps://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7?a=0x4a52a7d5fc5e6e346eff994a26416eddef200990herscan.io/tx/0x5a05cd0742620eb3096ab4cb9134cd7dd404b6441fd844d32fb9fbb4585e9980

From there, we find the address in question that we're seeking to scrutinize

  1. Clicking the link should lead us to: https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7?a=0x4a52a7d5fc5e6e346eff994a26416eddef200990

Analyzing the Recipient Address Token Page

Upon visiting the page, the following can be seen:

As users that visit the page will see, the transactions for the 0x4a address are filtered to only show those that involve the USDT token.

This is the bread and butter of our analysis right here beacuse this information is what will allow us to make sense of the nature of the transaction.

Information That We Now Know

Fact #1: This address is owned by Bitfinex

Whether or not it is a customer deposit address or not is a matter of debate (although there's significant evidence to suggest that it isn't), we know that Bitfinex owns the wallet.

If the statement above is confusing to some, then it may be worth reminding folks that exchanges own customer deposit addresses, by default - because they are in control of said addresses.

Additionally, we can see that the transactions that were received from Huobi all were re-routed directly to Bitfinex's hot wallet.

For security and logic reasons - only customer deposit addresses send directly to a hot wallet. Any other entity that is not exchange-controlled / operated would essentially be making a donation to said exchange if they were to be making a transaction directly with the exchange's hot wallet.

Fact #2: This is Probably Not a Customer Address

Despite the transaction flow mirroring that of a customer deposit address - the exorbitant totals being transferred from Huobi to Bitfinex, directly, reflect inter-transfer transfers.

Below is another look at the transaction log for the address for USDT transfers:

In total, Bitfinex has received 18 million USDT from Huobi spread among three transactions spanning across a four-day period.

'Couldn't This Be a Customer?'

Would you entrust a foreign exchange with zero insurance safeguards and opaque ownership in an alternative finance space surrounded by murky legal and regulatory waters to maintain custody of $16+ million of your assets? (And should anything happen to said assets, your avenues for recourse are extremely limited).

The answer to the above question is more than likely, no.

Thus, common sense leads us to this conclusion.

Subfact: The transactions that we examined were the only transactions that in this wallet's history

As mentioned above, there is a 'main wallet page' on Etherscan.io in addition to various 'token-specific' transfer pages that filter the transactions involving the queried Ethereum wallet by the transaction in question being examined.

Since we've already taken a look at the Tether-specific token page for the 0x4a address, we decided to make a visit to the 'main page' to see if there were any additional transactions involving this wallet address that we could glean additional information from.

It turns out there wasn't - see below:


If you managed to make it through this entire breakdown - then, congratulations!

You now should have a much better understanding of how to parse Ethereum transactions by using free, publicly available resources at your disposal.

Hopefully this knowledge will serve as a building block for users that wish to expand their knowledge of how the Ethereum blockchain works (on a level beyond just the price action of Ethereum).



Happy to serve and help wherever I'm needed in the blockchain space. #Education #EthicalContent #BringingLibretotheForefront

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.