In brief
-
A delay between the request to freeze an address and its on-chain execution for Tether's USDT stablecoin was found by blockchain forensics firm AMLBot.
-
Tether blacklists addresses connected to illegal activity, freezing the wallets from moving assets issued by the company.
-
As a result of the freeze delay, AMLBot's report claims, malicious actors got away with more than $78 million on Ethereum and Tron since 2017.
There is “significant lag” between exchanges saying they’re going to freeze USDT held by malicious addresses and, well, actually doing it, according to a new report from AMLBot.
AMLBot’s report found that on-chain freezing enforcement of Tether’s USDT stablecoin has been sluggish. As a result, the anti-money laundering firm said, at least $78 million has been lost to bad actors on Ethereum and Tron since 2017.
The “laundering loophole” is the result of Tether’s multi-signature contract set up, AMLBot explained in the report.
First, a freeze request is sent on-chain which requires multiple signatures to approve before the freeze can be executed. As a result, a “window of opportunity” is created allowing illicit actors to move funds before their address is frozen.
Crypto CEO Loses $450K to 'Best Friend' After Connecting to His WiFi
The former CEO of an emerging crypto project lost $450,000 to his “best friend” simply by connecting to his WiFi network. This was part of what is an emerging trend called a “Proximity Breach,” noted by anti-money laundering firm AMLBot. Tom, whose full identity must remain hidden due to AMLBot’s investigation policy, left a crypto company and sold his stake for $500,000. This represented most of his net worth as he moved from Europe to a country in Asia. During his time living in the new countr...
One example provided in the report showcases a 44 minute delay between the freeze request and confirmation on Tron.
AMLBot claims that $49.6 million has been withdrawn by bad actors on the Tron network since 2017 as a result of the vulnerability. Wallets were able to make up to three transactions during the delay window with 4.88% of blacklisted wallets exploiting the lag on the network.
Meanwhile on Ethereum, the firm found $28.5 million USDT withdrawn within the same timeframe. Totalling $78.1 million across the two chains.
Security firm PeckShield reviewed the report and confirmed that the loophole exists.
“It does not necessarily indicate a problem with the contract itself. Rather, it is an operational issue that creates a time window between when the blacklist transaction is submitted and when it is executed,” a PeckShield spokesperson told Decrypt. “Given the security-sensitive nature of the issue, improvements are definitely necessary.”
Tether is the issuer of the largest stablecoin in crypto USDT, which aims to peg its price to the U.S. dollar. The company blacklists addresses from trading their products if they’re connected to illegal activity, such as wallets linked to the $1.4 billion Bybit hack earlier this year.
North Korea's Lazarus Group Behind Bybit's $1.4 Billion Ethereum Hack: Arkham
Blockchain data platform Arkham Intelligence says that the North Korean state-sponsored Lazarus hacking group is responsible for swiping over $1.4 billion worth of Ethereum (ETH) and related tokens from crypto exchange Bybit on Friday. The connection to Lazarus was made via on-chain data that linked activity to previous attacks tied to Lazarus, a group that has been tied to numerous other industry hacks and exploits. The connection was made by pseudonymous on-chain sleuth ZachXBT, who has helped...
Being blacklisted means the address can no longer move Tether issued assets, effectively making the tokens worthless.
However, AMLBot believes malicious actors know of the aforementioned lag and are creating tools to exploit it.
“Tools can be programmed to monitor the blockchain for specific contract interactions, such as submitTransaction() calls linked to freeze requests,” Slava Demchuk, CEO of AMLBot, told Decrypt. “The bots can alert wallet owners the moment a freeze is initiated but before it's enforced. Given the delay introduced by Tether’s multi-signature process, this provides a narrow but critical window for illicit actors to quickly move funds.”
Coinbase Hacked for Customer Data, Turns Tables on Would-Be Extortionists
Cybercriminals tried to blackmail Coinbase into paying $20 million in Bitcoin over stolen customer data. Instead of paying up, the crypto exchange is offering the same amount as a bounty to help bring the perpetrators to justice. The crypto exchange revealed how rogue overseas support agents were bribed by the criminals to leak sensitive user data, including names, addresses, masked bank details, and ID documents, in a blog post published Thursday. Cyber criminals bribed and recruited rogue ove...
“While we haven’t directly observed the bots themselves, the on-chain behavior strongly suggests such automation is in play,” he added.
PeckShield warned that the lag is inherent to how multi-sig accounts are designed to function. Simply, it takes time to have multiple people sign a transaction despite it being required in some cases to boost security. The firm suggested that Tether could bundle together the freeze request with the signatures into one transaction to eliminate the window.
"If you think you can use Tether to move illicit funds, think again. USD₮ is arguably the most traceable asset on the planet, and we will continue working relentlessly with our industry partners to identify you, freeze your funds, and ensure you are brought to justice," the Tether spokesperson said.
Editor's note: This story was updated to include comments from Tether.
Edited by Stacy Elliott.
