Skip to content
crime-and-justiceFinanceStablecoinWalletgeneral-newsEthTechnologyCybersecurityTokenBlockchain

Tether's freezing method exposed to a $78 million laundering loophole since 2017, lawyer claims

Tether's multi-signature setup, as per an AMLBot report, offers a "pivotal opportunity" for illicit entities to manipulate and misuse funds due to a potential vulnerability in the system.

 and  Administrator
3 min read
Report suggests Tether's multi-signature system for locking assets could potentially leave room for...
Report suggests Tether's multi-signature system for locking assets could potentially leave room for illicit users to take advantage.

Time to Act: The Delay in Tether's Freeze Mechanism Exposed

Straight Up

Tether's freezing method exposed to a $78 million laundering loophole since 2017, lawyer claims

A new report from blockchain forensics company AMLBot reveals a startling revelation about Tether's USDT stablecoin - there's a "significant gap" between the pledge to freeze accounts linked to illegal activities and the actual on-chain execution. This loophole has reportedly allowed cybercriminals to pocket more than $78 million on Ethereum and Tron since 2017.

The Skinny: Tether's Multi-sig Mess

The root cause of this issue lies in Tether's multi-signature contract setup. When a freeze request is made, more than one signature is needed to approve it before the freeze is carried out. This leaves a "playing field" for illicit actors to move funds before their accounts are frozen.

Consider the example on Tron: a 44-minute interval was observed between the freeze request and confirmation.

AMLBot has found that over $49.6 million has been pilfered on the Tron network thanks to this vulnerability. Shockingly, 4.88% of blacklisted wallets on the network took advantage of this delay.

On Ethereum, the story's the same, with $28.5 million USDT withdrawn within the same time frame, amounting to a total loss of $78.1 million across the two blockchains.

Here's the Lowdown

Security firm PeckShield assessed the report and confirmed the existence of this loophole. While the issues are operational rather than contract-related, improvements are urgent, considering the sensitive nature of the situation.

Tether is the leading issuer of the most prevalent stablecoin in crypto, USDT, which aims to maintain its value at the U.S. dollar. The company freezes addresses connected to illegal activities to prevent further trading. Wallets associated with the $1.4 billion Bybit hack this year were among those blacklisted.

But it seems some malicious actors have caught wind of this window of opportunity and have devised tools to exploit it.

"Bots can be programmed to monitor the blockchain for specific contract interactions, such as submitTransaction() calls linked to freeze requests," said AMLBot CEO Slava Demchuk. These bots alert wallet owners as soon as a freeze is initiated but before it's enforced. Taking advantage of Tether's multi-signature process delay, this offers a narrow yet critical window for illicit actors to shift funds quickly.

While no bots have been directly observed, on-chain behavior suggests the automated exploitation is indeed in play, Demchuk added.

PeckShield advises that the inherent delay in multi-sig accounts is due to the time taken to get multiple signatures for a transaction, even in cases requiring enhanced security. The firm suggests bundling the freeze request with the signatures into a single transaction to eliminate the delay.

Tether responded to the report, stating, "If you think you can use Tether to move illicit funds, think again. USD₮ is arguably the most traceable asset on the planet, and we will continue working relentlessly with our industry partners to identify you, freeze your funds, and ensure you are brought to justice."

Source: DecryptEdited by Stacy Elliott

Disclaimer: The content above is not necessarily meant to be financial advice. Always do your own research before making any financial decisions.

Subscribe to our Daily Debrief Newsletter for more insightful stories.

  1. The delay in Tether's freeze mechanism for its USDT stablecoin has allowed cybercriminals to steal over $78 million in cryptocurrency on Ethereum and Tron since 2017.
  2. AMLBot, a blockchain forensics company, discovered that this delay is due to Tether's multi-signature contract setup, which requires more than one signature to approve a freeze request before it's carried out.
  3. On Tron, a 44-minute interval was observed between the freeze request and confirmation, allowing $49.6 million to be stolen.
  4. On Ethereum, $28.5 million USDT was withdrawn within the same time frame, contributing to the total loss of $78.1 million across the two blockchains.
  5. Security firm PeckShield confirmed the existence of this loophole and urged for improvements, as the sensitive nature of the situation demand urgent action.
  6. Tether is the leading issuer of the most prevalent stablecoin in crypto, USDT, which aims to maintain its value at the U.S. dollar.
  7. If caught using Tether for illicit activities, wallet owners may face consequences, as Tether works with industry partners to identify and bring them to justice.
  8. AMLBot CEO Slava Demchuk suggested that bots could be programmed to monitor the blockchain for specific contract interactions, alerting wallet owners as soon as a freeze is initiated but before it's enforced, allowing for the quick shifting of funds.

Read also:

    Related

    Latest