No, Tether Wasn’t Hit by a Double Spend Attack

Contrary to reports circulating on social media, controversial cryptocurrency Tether has not been hit by a double spend attack. The Full Story Behind That Suspicious Tether TransactionEarlier this week, blockchain security research team SlowMist identified suspicious activity surrounding a particular tether transaction. The firm published a blurred photograph of the raw transaction along with the suggestion that it had been involved in a successful double spend against a cryptocurrency exchange. It is not currently clear whether the exploit was carried out by a black hat hacker or by SlowMist as a proof-of-concept.交易所在进行USDT充值交易确认是否成功时存在逻辑缺陷,未校验区块链上交易详情中valid字段值是否为true,导致”假充值”,用户未损失任何USDT却成功向交易所充值了USDT,而且这些 USDT 可以正常进行交易。我们已经确认真实攻击发生!相关交易所应尽快暂停USDT充值功能,并自查代码是否存在该逻辑缺陷。 pic.twitter.com/EPzZIsZFzH— SlowMist (@SlowMist_Team) June 28, 2018As the name suggests, a double spend attack occurs when an attacker successfully spends a single coin twice. Generally, this is accomplished by tricking a recipient into believing that a payment has confirmed and then reversing that transaction. Responding to the allegations, Omni developers explained that the flaw lay not in the Omni protocol — upon which Tether runs — but in the manner in which the still-unnamed exchanged handled incoming token payments. Apparently, the platform’s deposit system did not properly verify whether a transaction’s validity flag was marked as “true” before crediting the deposit to the user’s account, allowing the sender to deposit the same coins to the platform twice. Even so, this does not mean that new tethers were printed out of thin air, just that the attacker could have potentially stolen funds from the exchange’s internet-connected hot wallet.”The reference client of the Omni Layer, Omni Core, doesn’t credit any tokens from invalid transactions,” the developers wrote, adding that “Based on our investigation this was not a recurring event and no large amounts of funds were lost.”$OMNI #OmniLayer Some additional clarification about the @Tether_to /USDT double-spend “vulnerability” pic.twitter.com/oX21CUmI1R— Omni (@Omni_Layer) June 29, 2018What If It Had Been a True Double Spend? SlowMist later clarified that, upon deeper investigation, Omni’s version of events was indeed the case. However, had the transaction actually constituted a double spend, it would likely have had severe ramifications for far more than just tether holders. Tether runs on the Omni protocol, which itself is a second-layer application on top of the Bitcoin network (Tether has also been released on Ethereum, but the overwhelming majority of USDT tokens remain on Omni). Consequently, launching a double spend attack against an Omni-based asset such as tether would require the attacker to gain control of 51 percent of the Bitcoin hashrate, placing the entire BTC network at risk. Moreover, tether, which is pegged to the U. S. Dollar at a 1:1 ratio and allegedly backed by physical dollars stored in Tether-owned bank accounts, serves as a proxy for USD on many cryptocurrency exchanges. The token currently has a $2.7 billion market cap, making it the ninth-largest cryptocurrency. As CCN has reported, such double spend attacks have become more common in recent months, at least among small-cap altcoins. Verge, Bitcoin Gold, Monacoin, ZenCash, and Litecoin Cash have all been hit by variations of this type of attack in 2018 alone. It is still unknown which cryptocurrency exchange was vulnerable to the exploit, though several — including OKEx — confirmed that their systems are immune