Home / Archive / No, Tether Wasn’t Hit by a Double Spend Attack

No, Tether Wasn’t Hit by a Double Spend Attack

Last Updated
Josiah Wilmoth
Last Updated

Contrary to reports circulating on social media, controversial cryptocurrency Tether has not been hit by a double spend attack.

The Full Story Behind That Suspicious Tether Transaction

Earlier this week, blockchain security research team SlowMist identified suspicious activity surrounding a particular tether transaction. The firm published a blurred photograph of the raw transaction  along with the suggestion that it had been involved in a successful double spend against a cryptocurrency exchange. It is not currently clear whether the exploit was carried out by a black hat hacker or by SlowMist as a proof-of-concept.

As the name suggests, a double spend attack occurs when an attacker successfully spends a single coin twice. Generally, this is accomplished by tricking a recipient into believing that a payment has confirmed and then reversing that transaction.

Responding to the allegations, Omni developers explained that the flaw lay not in the Omni protocol — upon which Tether runs — but in the manner in which the still-unnamed exchanged handled incoming token payments. Apparently, the platform’s deposit system did not properly verify whether a transaction’s validity flag was marked as “true” before crediting the deposit to the user’s account, allowing the sender to deposit the same coins to the platform twice.

Even so, this does not mean that new tethers were printed out of thin air, just that the attacker could have potentially stolen funds from the exchange’s internet-connected hot wallet.

“The reference client of the Omni Layer, Omni Core, doesn’t credit any tokens from invalid transactions,” the developers wrote, adding that “Based on our investigation this was not a recurring event and no large amounts of funds were lost.”

What If It Had Been a True Double Spend?

SlowMist later clarified that, upon deeper investigation, Omni’s version of events was indeed the case. However, had the transaction actually constituted a double spend, it would likely have had severe ramifications for far more than just tether holders.

Tether runs on the Omni protocol, which itself is a second-layer application on top of the Bitcoin network (Tether has also been released on Ethereum, but the overwhelming majority of USDT tokens remain on Omni). Consequently, launching a double spend attack against an Omni-based asset such as tether would require the attacker to gain control of 51 percent of the Bitcoin hashrate, placing the entire BTC network at risk.

Moreover, tether, which is pegged to the U.S. Dollar at a 1:1 ratio and allegedly backed by physical dollars stored in Tether-owned bank accounts, serves as a proxy for USD on many cryptocurrency exchanges. The token currently has a $2.7 billion market cap, making it the ninth-largest cryptocurrency.

As CCN.com has reported, such double spend attacks have become more common in recent months, at least among small-cap altcoins. Verge, Bitcoin Gold, Monacoin, ZenCash, and Litecoin Cash have all been hit by variations of this type of attack in 2018 alone.

It is still unknown which cryptocurrency exchange was vulnerable to the exploit, though several — including OKEx — confirmed that their systems are immune.

Featured Image from Shutterstock