Reports that the code for Tether’s dollar-pegged cryptocurrency USDT may contain an error that can be exploited to allow double spending appear to be false.
According the latest statements from both blockchain security firm Slow Mist and Tether, the issue is actually down to an exchange integration flaw.
On Thursday, Slow Mist claimed in a WeChat post that when an exchange is conducting a transaction with USDT, the exchange needs to verify that the transactions details are “true.” If this is not carried out, it said, a “false recharge” occurs whereby both the recipient and the sender are credited with the tether tokens being transacted.
The issue was said to result in both the sender and the receiver’s tokens as being treated as valid by the network.
The company further claimed that the problem had been used in an attack on an unnamed crypto exchange, and, in a post on Twitter, included a page of transaction data with some of the details blurred out.
The USDT token is notably used to substitute for the U.S. dollar, acting as a proxy to quickly shift funds around exchanges rather than wait for wire transfers from banks.
In a statement, a spokesperson for Tether emphasized that the issue was not part of the USDT protocol.
They told CoinDesk:
“Rather, it was due to a faulty integration of Tether at the exchange level. While we can’t exercise much control over how exchanges execute the integration process, we’ve provided integration guides in this instance to help solve the issue and will continue to assist any other exchanges in their USDT integration processes.”
Now, Slow Mist has also clarified that the issue does, in fact, lie with how exchanges integrate the USDT protocol for transactions, and not with the protocol itself.
After Slow Mist’s original post caused widespread concerns over security, several exchanges including OKEx and ZB.com verified that they were unaffected by the integration issue.
LBank announced it “conducted an emergency technical investigation,” finding that it was not vulnerable. However, the exchange stated that “we cannot guarantee the security of the other trading platforms and USDT as a whole, so we decided to close the USDT recharge temporarily.”
While apparently not a Tether issue, the developments may add to the industry nervousness around the firm, which has been the subject of controversy alongside Bitfinex, the cryptocurrency exchange to which it is closely linked. Critics have alleged that Tether’s USDT token is, in spite of its claims, not fully backed by a supply of U.S. dollars and has instead been used to manipulate the cryptocurrency market.
Just last week, Tether released a report attesting to its U.S. dollar reserves as proof that the token is fully backed. As CoinDesk highlighted, though, the report falls short of serving as a fall audit of Tether’s finances and comes months after the company’s relationship with auditing firm Friedman came to an end.
Editor’s note: Some statements in this article have been translated from Chinese.