Tether USDT Hack Review – Treasury Security Breach Steals 31 Million?
What Is Tether?
Tether, rebranded from its original name Realcoin, is a company from China who issue tokens pegged on the value of fiat currency. Tether converts cash into digital currency, to anchor or tether the value to the price of national currencies like the US dollar, the Euro, and the Yen. Through its integration with a service known as Cryptsy, Tether converts USD, EUR and other fiat currencies into digital tokens which are later sent and received with the use of Bitcoin blockchain. This means that the amount of Tether tokens issued must be backed by an equivalent fiat reserve.
What's The News?
Last night, Tether made a ‘critical announcement' on its website, claiming that a “malicious action by an external attacker” resulted in the theft of 30.95 million tokens.
“Yesterday, we discovered that funds were improperly removed from the Tether treasury wallet through malicious action by an external attacker. Tether integrators must take immediate action, as discussed below, to prevent further ecosystem disruption.
$30,950,010 USDT was removed from the Tether Treasury wallet on November 19, 2017 and sent to an unauthorized bitcoin address. As Tether is the issuer of the USDT managed asset, we will not redeem any of the stolen tokens, and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem. The attacker is holding funds in the following address: 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. If you receive any USDT tokens from the above address, or from any downstream address that receives these tokens, do not accept them, as they have been flagged and will not be redeemable by Tether for USD.
The following steps have been taken to address this matter:
1. The tether.to back-end wallet service has been temporarily suspended. A thorough investigation on the cause of the attack is being undertaken to prevent similar actions in the future.
2. We are providing new builds of Omni Core to the community. (Omni Core is the software used by Tether integrators to support Omni Layer transactions.) These builds should prevent any movement of the stolen coins from the attacker’s address. We strongly urge all Tether integrators to install this software immediately to prevent the coins from entering the ecosystem. Again, any tokens from the attacker’s address will not be redeemed. Accordingly, any and all exchanges, wallets, and other Tether integrators should install this software immediately in order to prevent loss: github.com/tetherto/omnicore/releases/tag/0.2.99.s
Note that this software will cause a consensus change to currently running Omni Core clients, meaning that it is effectively a temporary hard fork to the Omni Layer. Integrators running this build will not accept any token sends from the attacker’s address, preventing the coins from moving further from the attacker’s address.
3. We are working with the Omni Foundation to investigate ways that will allow Tether to reclaim stranded tokens and rectify the hard fork created by the above software. Once this protocol enhancement is complete, the Omni Foundation will provide updated binaries for all integrators to install. These builds will supersede the binaries provided above by Tether.to. After the protocol upgrades to the Omni Layer are in place, Tether will reclaim the stolen tokens and return them to treasury.
Tether issuances have not been affected by this attack, and all Tether tokens remain fully backed by assets in the Tether reserve. The only tokens that will not be redeemed are the ones that were stolen from Tether treasury yesterday. Those tokens will be returned to treasury once the Omni Layer protocol enhancements are in place.
We will provide further updates as they come available, and we appreciate the community’s patience, understanding, and support while we work to rectify the situation in the best possible manner to everyone’s benefit.”
The Tether Team
In the immediate aftermath of the announcement, Bitcoin's value dropped by almost 10% but has since regained ground. Plenty of skepticism abounds regarding the veracity of the attack Tether claims stole $31 USDT from their treasury wallet.
According to Tether's whitepaper, ‘balance of fiat currency will always be equal to the number of tethers in circulation.' However, as far back as March 2017, a 1 million discrepancy was between the number of USDT and USD reserve was discovered and a near quarter of a million difference between EURT and EUR assets. There has since been concern among the crypto community that Tether's discrepancies may eventuate in scenarios such as MtGox in 2014 and Bitfinex in 2016.
Since last month, Tether has been shrouded in a great deal of mystery and uncertainty over its rate of issuance of Tether tokens. Two weeks ago, more than 50 million tokens were issued in the space of a few days. Throughout the course of 2017, over half a million Tether tokens have been issued. Whether or not the tokens are backed by fiat remains the million-dollar question. There have also been some correlations between Tether and Bitfinex with Bitfinex being a majority shareholder in Tether. Bitfinex itself claimed to have lost 119,756 bitcoin in a hack back in August 2016. Significant hacker funds transactions were signed off by Bitfinex's security provider, without full security.
The majority of the Tether supply has been seen trading on Bitfinex with a high volume of daily trading which is suggestive of an internal margin trading practice leveraging the supply of Tether tokens.
Last week, Phil Potter of Bitfinex asserted Tether is ‘a separate entity from Bitfinex,' conceding however that both entities operates via the same banking service in Hong Kong. Bitfinex has been cagey to reveal their banking services since April 2017 after controversially ending their ties with Wells Fargo.
Tether USDT Hack Conclusion
Bitfinex and Tether have been accused of log-rolling practices to manipulate the market. There have been various well-founded theories circulating that suggest this new attack could be an inside job. Subsequent to the announcement, all exchanges immediately suspended USDT transactions.