Crypto-currency firm Tether has become the latest to suffer a damaging cyber-attack, claiming hackers have made off with over $30m worth of tokens.
The crypto-currency stolen is USDT, a US dollar-based asset issued by Tether on the Bitcoin blockchain via the Omni Layer Protocol.
Because each unit of USDT is backed by an actual dollar held by Tether, it’s favored by speculators who want to occasionally trade out of full fat crypto-currency to something less risky, whilst still keeping their funds in the same exchanges.
Tether made the following critical announcement:
“$30,950,010 USDT was removed from the Tether Treasury wallet on November 19, 2017 and sent to an unauthorized bitcoin address. As Tether is the issuer of the USDT managed asset, we will not redeem any of the stolen tokens, and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem. The attacker is holding funds in the following address: 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. If you receive any USDT tokens from the above address, or from any downstream address that receives these tokens, do not accept them, as they have been flagged and will not be redeemable by Tether for USD.”
Tether claims to have suspended its tether.to back-end wallet service while an investigation is underway, and is providing new builds of Omni Core to the community which will result in a de facto temporary hard fork.
“These builds should prevent any movement of the stolen coins from the attacker’s address. We strongly urge all Tether integrators to install this software immediately to prevent the coins from entering the ecosystem,” said the firm. “Again, any tokens from the attacker’s address will not be redeemed. Accordingly, any and all exchanges, wallets, and other Tether integrators should install this software immediately in order to prevent loss.”
The firm was at pains to point out that Tether issuances have not been affected by this attack, and that all Tether tokens remain fully backed by assets in the firm’s reserve.
Tyler Moffitt, senior threat research analyst at Webroot, said the attack could still prove costly to the firm’s reputation.
“It looks like Tether will not recognize the tokens stolen by the hackers and will ‘hard fork’ to redistribute,” he said. “Hard forking a currency is a big deal as it always shakes the trust of those using it.”
There are also question marks surrounding the rapid increase in supply of USDT in the Tether coffers, apparently soaring $200m so far in November alone, and its relationship with controversial British Virgin Islands-based exchange Bitfinex.
If you found this article insightful, why not watch our #InfosecWebinar on Malware in IoT, Crypto-coins & Smart Devices