Tether Double-Spend Vulnerability Identified on Unnamed Exchange
More potentially bad news for centralized cryptocurrency exchanges, as a newly identified double-spend vulnerability with Tether (USDT) has been identified on an as-yet unnamed exchange. The exploit was published by Chinese cybersecurity firm SlowMist on Tuesday.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
Tether on the Hook
An English translation of SlowMist’s findings is as follows:
“The exchange in the USDT recharge transactions to confirm the success of a logical flaw in the transaction details on the block chain valid field value is true, resulting in “pretend value”, the user has not lost any USDT but successfully recharge the exchange USDT, and these USDT can be normal transactions. We have confirmed that the real attack happened! The relevant exchange should suspend USDT recharge function as soon as possible, and self-examination code whether there is this logic flaw.”
The discovery, posted yesterday on the company’s Twitter feed, shows the double-spend was accomplished by sending USDT to the exchange in question without the field values of the transaction being correct. This allowed SlowMist researchers to be credited with USDT without actually having to send any to the exchange.
Author CryptoMedication has posted more details, including what is believed to be the transaction in question that confirmed the existence of the exploit. He also pointed out the potential implications of this discovery:
“If this is an exploit that has been known before now, it is possible that this could have been exploited ad infinitum without anyone in the community knowing.”
Exchange Issue, Not a Tether Failure
Omni Layer’s founder posted on reddit under an hour later to respond, explaining the vulnerability was caused by faulty integration on the unspecified exchange, and not within Tether itself.
One major exchange, OKEx, has released a statement saying they are not vulnerable to the double-spend exploit, which, if true, confirms this is not a global issue with Tether. The reddit submission in which this comment was posted has since been removed by moderators of the /r/CryptoCurrency subreddit.
Omni Layer is a software layer built on the bitcoin blockchain, from which Tether is issued. All Tether transactions are thus stored on the bitcoin blockchain.
Depending on the extent to which this vulnerability has been exploited up until now, this could either have very large ramifications for Tether’s overall value, or little to none at all. Earlier this week, $250 million USD worth of new Tether were issued, bringing its total market capitalization up to $2.7 billion. It has the 9th highest coin or token volume on the market.
The new USDT placed on the market hasn’t provided bitcoin with the much-anticipated price boost. Bitcoin has slumped back down to under $6,000, currently resting just above $5,800 at press time.
Have your say. Would a USDT double-spend vulnerability on an exchange have wide-reaching ramifications for Tether?
Images via Pixabay