{"id":18863,"date":"2021-02-28T17:57:26","date_gmt":"2021-02-28T17:57:26","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?p=18863"},"modified":"2021-02-28T19:22:34","modified_gmt":"2021-02-28T19:22:34","slug":"tether-leaks-and-deltec-leaks-an-unverified-but-interesting-document-dump","status":"publish","type":"post","link":"https:\/\/davidgerard.co.uk\/blockchain\/2021\/02\/28\/tether-leaks-and-deltec-leaks-an-unverified-but-interesting-document-dump\/","title":{"rendered":"Tether Leaks and Deltec Leaks: an unverified but interesting document dump"},"content":{"rendered":"

There’s supposedly a hacked document dump \u2014 which I don’t have a copy of \u2014 from Deltec Bank, including account details and emails relating to Tether and Bitfinex. Someone has been posting bits of it to Twitter.<\/p>\n

Tether is a company that issues a dollar-substitute crypto token called “tether,” which Tether had long falsely claimed was 100% backed by US dollars. Tether recently settled with the New York Attorney General<\/a> over these false claims. Bitfinex is Tether’s closely associated crypto exchange \u2014 who denied sharing ownership with Tether, until the link was revealed in the Panama Papers leaks. Deltec has been Tether’s banker since 2018, and seems to have rather stronger links to Tether than you might expect from being a company’s banker \u2014 Deltec has done a podcast on behalf of Tether,<\/a> and there’s talk that Tether\/Bitffinex are part-owners of Deltec.<\/p>\n

I don’t know if this new document dump is for real \u2014 it’s unclear if this is a real dump, a fake dump, or a mix of real and fake data. It has some issues.<\/p>\n

Tether has stated that the dump is “forged” and “bogus.” [Twitter<\/i><\/a>, <\/i>archive<\/i><\/a>]<\/p>\n

I’m treating the alleged dump as unverified but interesting gossip for now, and not trusting a word of it without verification.<\/p>\n

But even just as unverified gossip, the dump’s being talked about \u2014 so I think it’s worth documenting what we have so far.<\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Email from “deltecexposed”<\/h3>\n

I got the following email a couple of weeks ago. (The full headers indicate it did indeed come from ProtonMail.)<\/p>\n

Date: Sun, 14 Feb 2021 05:05:28 +0000
\nTo: “dgerard@gmail.com” <dgerard@gmail.com>
\nFrom: deltecexposed <deltecexposed@protonmail.com>
\nSubject: iFinex\/Tether Exposed – Deltec Bank
\nMessage-ID: <tT8N-fDEYBxvOjB1PN84GjKuDRt4akviYfglJXgw_vMOmU3X8kTh9ubq65u2XXcb7KNFp6mtWeqIXAbZTTI-5CFLitIZ2FAcU5w3_jLG0Sg=@protonmail.com><\/p>\n

hello friend
\nthe zip file contains some information about the Tether and iFinex’ banking relationship with Deltec Bank<\/p>\n

http:\/\/\u2014\u2014\u2014.onion\/bovine-chihuahua
\n— u need tor browser to download the file —
\n— scan file on virustotal to check for malware —
\n— extract archive in VM —<\/p>\n

enjoy the content<\/p>\n

p.s. all database files will be publicly leaked during the next few days\/weeks<\/p><\/blockquote>\n

I was very busy at the time and not checking my email properly, so I didn’t notice this for a few days. By the time I got to the Tor link, it wasn’t working. I emailed asking for a working copy, but haven’t heard back.<\/p>\n

I don’t know if others received a similar email.<\/p>\n

Tweets from @deltecleaks<\/h3>\n

On Tuesday 23 February at 15:02 UTC \u2014 a few hours after the NYAG settlement went up \u2014 someone put up a Medium post: [Medium<\/i><\/a>, <\/i>archive<\/i><\/a>]<\/p>\n

Deltec Bank & Trust and their relationship to Tether and iFinex<\/b><\/p>\n

Deltec Bank \u2014 the shadow offshore bank which is backed by iFinex Inc. (Tether and Bitfinex) has suffered a critical security breach.<\/p>\n

There is a private database dump of their business infrastructure and customers on the darknet which may lead to a crash of the whole Bitcoin ecosystem.<\/p>\n

We\u2019re currently looking for journalists which are willing to successively release articles related to the findings in those database leaks.<\/p>\n

Contact: deltecleaks@protonmail.com<\/p><\/blockquote>\n

An account called @deltecleaks started posting to Twitter, at 22:30 UTC on Monday 22 February. The account was rapidly suspended for doxxing, but some tweets made it to the archive sites. [Twitter, <\/i>archive<\/i><\/a>; Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

The tweets were mostly account names. Some had\u00a0 balances attached. Several of the names were known Tether or Bitfinex principals or their relatives.<\/p>\n

There’s also a list of Deltec’s MSSQL database tables and users.<\/p>\n

Tweets from @LeaksTether<\/h3>\n

When @deltecleaks was suspended, an account called @LeaksTether (Tether Leaks) started posting: [Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

Ever wonder what attracted #Tether to #Deltecbank ? Over the next few weeks, I will provide daily leaks from inside the #Tether brrr machine #Bitcoin<\/p><\/blockquote>\n

A lot of the tweets are allusions to future leaks about particular individuals.<\/p>\n

@LeaksTether predicts the whole Tether scheme will all fall over, no sooner than 15 March, though without any detail as to why: [Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

16 days max, could be less. Let’s just say any criminal conspiracy is only as strong as its weakest link, and fear is a great motivator.<\/p><\/blockquote>\n

Alleged Tether-Deltec emails<\/h3>\n

The meat of @LeaksTether is screenshots of three emails between Tether and Deltec \u2014 presumably<\/i> from the same dump as DeltecLeaks.<\/p>\n

The purported messages are from Julian Arriagada, a compliance manager at Tether at the time.<\/p>\n

The first two messages are to Lacy Garcia, then using her married name Lacy Roosevelt \u2014 though, according to her LinkedIn page, Garcia stopped working at Deltec in November 2017, nearly three years earlier. [LinkedIn<\/i><\/a>, <\/i>archive<\/i><\/a>]<\/p>\n

The tweets of emails are usually removed in short order. The @LeaksTether account hasn’t been suspended as I write this \u2014 though the poster switches it off a lot.<\/p>\n

The first tweet was on 24 February: [Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

To: lroosevelt@deltecbank.com
\nSubject: Acceptance of terms
\nFrom: Julian Arriagada <julian@tether.to>
\nCC: abutler@deltecbank.com
\nDate: Mon, 25 May 2020 13:32:09<\/p>\n

Hi, Lacy<\/p>\n

This mostly works for us, but it would be a better solution if the notice term was reduced for providing the proof of funds.<\/p>\n

There are also some concerns around the proposed fees. As you are only providing a notional balance declaration, and not a loan facility, we think the fee structure should better reflect this fact.<\/p>\n

I will send you a slightly revised proposal, either later today, or tomorrow.<\/p>\n

Best Regards<\/p>\n

Julian<\/p><\/blockquote>\n

The next message is dated an hour later. If this is real, this is what Tether think they’re doing: [Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

To: lroosevelt@deltecbank.com
\nSubject: Acceptance of terms
\nFrom: Julian Arriagada <julian@tether.to>
\nDate: Mon, 25 May 2020 14:33:54<\/p>\n

Lacy,<\/p>\n

To answer your question. We are building an asset base outside of US dollars, with cryptos and equity stakes in crypto companies being the main areas of interest.<\/p>\n

Whilst we believe in the value of these assets, the regulators, and the legacy financial system they represent, do not.<\/p>\n

Until we win the war of ideas, we needed to find a way to present a figure which speaks to the value of our assets, but in a language acceptable to legacy financial operators.<\/p>\n

If it works for you, we can schedule a chat. My number is \u2014\u2014\u2014.<\/p>\n

Best Regards<\/p>\n

Julian<\/p><\/blockquote>\n

What’s Tether’s plan? To replace Bitcoin:<\/i> [Twitter, <\/i>archive<\/i><\/a>]<\/p>\n

To: \u2014\u2014\u2014
\nSubject: Market overview \/including DSCX\/
\nFrom: Julian Arriagada <julian@tether.to>
\nDate: Tue, 11 Aug 2020 16:30:52<\/p>\n

we’re not there yet, but when we are the plan is to lock the existing issue, and allow exchanges to ignore the peg and move the price upwards. The rest is quite technical, but 0=1, and everything else is speculative interest for the market to go after.<\/p>\n

Best Regards<\/p>\n

Julian<\/p><\/blockquote>\n

Is this for real?<\/h3>\n

The employment dates anomaly on the Lacy Garcia LinkedIn page is a serious problem with @LeaksTether’s claimed messages.<\/p>\n

@LeaksTether claims, however, that Garcia was “still an associate” of Deltec in 2020, and may still be today \u2014 and that the staff photos on Deltec’s “about us” page were stock photos and locals. [Twitter<\/i><\/a>, <\/i>archive<\/i><\/a>; <\/i>Twitter<\/i><\/a>, <\/i>archive<\/i><\/a>]<\/p>\n

There’s some names of less-known Tether\/Bitfinex-related persons in the DeltecLeaks account names dump, such as various Van Der Velde relatives.<\/p>\n

For the moment, I’m treating all of this as interesting but unverified gossip. You should too.<\/p>\n

 <\/p>\n

\n

It\u2019s cool. We don\u2019t really believe the \u2018leaks\u2019. And we look forward to you ending all the FUD as soon as possible, by publishing the audit that will show us all the $35bn you have backing all the tethers you\u2019ve minted… \ud83e\udd74<\/p>\n

— Jay Filmer \ud83c\udf37\ud83d\udea8\ud83e\udd40 (@UncleJaysus) February 28, 2021<\/a><\/p><\/blockquote>\n