Tether Exploit Leads to $78 Million Theft Due to Multi-Sig Freeze Delay
Key Takeaways:
- Tethers USDT freeze process has a vulnerability exploited for over $78 million since 2017.
- AMLBot and PeckShield identified delays due to the multi-signature contract design.
- Illicit actors utilize the lag window to bypass freezing, especially on Ethereum and Tron.
Blockchain forensic company AMLBot has discovered a fundamental flaw in Tethers USDT freezing system that has been exploited by malicious actors to drain over $78 million since 2017.
The essence of the problem lies in the multi-signature approval procedure for freezing wallets associated with USDT, which creates a lag between the actual request and its implementation on the blockchain.
According to AMLBot, once a freeze request is triggered, it must pass through a multi-sig contract for verification. During this delay, which sometimes lasts nearly an hour, malicious users have managed to move funds out of wallets that were in the process of being blacklisted.
Security company PeckShield has verified the operational flaw, acknowledging that the contract itself is not faulty, but the timing of its execution makes it temporarily vulnerable.
Tether Heists Expose Crypto Enforcement Gaps
AMLBots analysis shows that the majority of the stolen funds, or about $49.6 million, was withdrawn from the Tron network, followed by $28.5 million withdrawn through Ethereum.
This total collective amount of $78.1 million shows the extent and magnitude that the problem has reached over the years. On Trons network alone, close to 5% of the blacklisted wallets seem to have taken advantage of the lag to get through as many as three transactions before the freeze occurred.
The same trend was witnessed on Ethereum, adding credence to issues around the trustworthiness of enforcement protocols currently in place.
Blockchain Bots Exploit Freeze Alert Delays
The report suggests that some criminal actors are using automated tools to monitor blockchain activity. The robots have the ability to flag freeze-related contract interactions, sending real-time notification to the wallet owners prior to enforcement.
This technological advantage enables them to take advantage of the time gap generated by the multi-signature procedure. While Tether has justified its practices as being required to provide secure decision-making within a $100 billion environment, security companies and analysts argue that upgrades are needed.
Possible solutions, like bundling freeze requests together within the same transaction, could reduce the risk and enhance enforcement speed.
AMLBot uncovered a Tether USDT flaw exploited since 2017, stealing $78M. With rising regulation, this stresses secure, adaptive systems to protect blockchain from criminals.
Related Reading | Bitcoin Whale Wallets Shrink: 5,000 Holders Exit in Two Months
Read more: https://www.tronweekly.com/tether-exploit-leads-to-78-million-theft/
Text source: TronWeekly
