Headlines
Over $78 million misappropriated through a 'laundering loophole' in Tether's freezing technique, acknowledged since 2017.
In a startling revelation, blockchain forensics firm AMLBot exposes a staggering "freeze delay" flaw in Tether's USDT stablecoin, potentially allowing malicious actors to fraudulently pocket over $78 million in cryptocurrency since 2017.
The Gist
There's a substantial gap between when exchanges order a freeze on Tether's USDT held by crooked addresses and when the actual on-chain freeze execution takes place, as per an eye-opening report from AMLBot. This significant delay is said to have led to the evasion of over $78 million worth of USDT on Ethereum and Tron networks.
The Deets
AMLBot's report has shed light on a sluggish on-chain implementation related to Tether's USDT stablecoin freezing mechanism. Tether blacklists addresses associated with illegal activities, freezing the wallets, rendering them unable to move assets issued by the company. However, the delay in freezing these addresses has given room for criminal masterminds to flee with stolen fortunes.
As a consequence of this freeze delay, AMLBot's report claims that at least $78 million has disappeared into the hands of cyber-pirates on Ethereum and Tron since 2017.
This so-called "laundering loophole" is a result of Tether's multi-signature contract system. Initially, a freeze request is submitted on-chain, requiring multiple signatures to approve the freeze. This leads to a "window of opportunity," which allows wrongdoers to transfer funds before their addresses are frozen.
For instance, there was a 44-minute delay between the freeze request and confirmation on the Tron network, as detailed in the report.
AMLBot reports that $49.6 million was pilfered on the Tron network due to the vulnerability, and 4.88% of blacklisted wallets took advantage of the delay on the network. Meanwhile, on Ethereum, the firm found $28.5 million USDT being moved within the same timeframe.
Security firm PeckShield examined the report and confirmed the existence of the loophole. The firm believes the lag is an operational issue that creates a time window between when the blacklist transaction is submitted and when it's executed. Tether, the issuer of the largest stablecoin in crypto, aims to keep its price steady relative to the U.S. dollar.
With law enforcement working closely with Tether and blockchain analysts, the company has vowed to continue cracking down on illegal activity, freeze wallets, and bring wrongdoers to justice.
However, malicious actors are believed to have devised tools to exploit the lag in the freeze mechanism, with bots monitoring the blockchain for freeze request transactions and alerting wallet owners the moment a freeze is initiated but before it's enforced.
To tackle this issue, PeckShield suggests that Tether could modify its freeze request process by bundling it with the signatures into one transaction, thereby eliminating the window of opportunity.
- The freeze delay in Tether's USDT stablecoin, as reported by AMLBot, has allowed malicious actors to evade over $78 million worth of USDT since 2017.
- The report from AMLBot reveals a significant delay in the on-chain implementation of Tether's USDT stablecoin freezing mechanism, leading to the evasion of stolen funds.
- The delay in freezing addresses associated with illegal activities has resulted in over $78 million worth of USDT disappearing on both the Ethereum and Tron networks.
- AMLBot's report attributes this "laundering loophole" to Tether's multi-signature contract system, which creates a window of opportunity for wrongdoers to transfer funds before their addresses are frozen.
- The security firm PeckShield has confirmed the existence of this loophole, believing the lag is an operational issue that creates a time window between when the blacklist transaction is submitted and when it's executed.
- To tackle this issue, PeckShield suggests that Tether could modify its freeze request process by bundling it with the signatures into one transaction, thereby eliminating the window of opportunity.
- Malicious actors are believed to have devised tools to exploit the lag in the freeze mechanism, using bots to monitor the blockchain for freeze request transactions and alert wallet owners before the freeze is enforced.
