In contrast to several reports circulating on social media, controversial cryptocurrency Tether has not been hit by a double spend attack.
A double spend attack occurs when an attacker successfully spends a single coin twice. Generally, this is accomplished by tricking a recipient into believing that a payment has confirmed and then reversing that transaction.
Suggestions that the code for Tether’s dollar-pegged cryptocurrency USDT may contain an error that can be exploited to allow double spending appear to be false. According to the latest statements from both blockchain security firm Slow Mist, the company that made the original claim, and Tether, the startup that provides software for USDT, the issue is actually down to an exchange integration flaw.
The firm published a blurred photograph of the “https://api.omniexplorer.info/v1/transaction/tx/f2e4b555532c6abd9065ab6158a1eec184e4fa8a570e9fb1ede4022589904dd8”>raw transaction along with the suggestion that it had been involved in a successful double spend against a cryptocurrency exchange. It is not currently clear whether the exploit was carried out by a black hat hacker or by SlowMist as a proof-of-concept.
Omni developers spoke in their defense to the several allegations and explained that the flaw lay not in the Omni protocol, upon which Tether runs, but in the manner in which the still-unnamed exchanged handled incoming token payments.
Apparently, the platform’s deposit system did not properly verify whether a transaction’s validity flag was marked as “true” before crediting the deposit to the user’s account, allowing the sender to deposit the same coins to the platform twice.
Even so, this does not mean that new tethers were printed out of thin air, just that the attacker could have potentially stolen funds from the exchange’s internet-connected hot wallet.
The developers wrote:
“The reference client of the Omni Layer, Omni Core, doesn’t credit any tokens from invalid transactions. Based on our investigation this was not a recurring event and no large amounts of funds were lost.”
SlowMist later clarified that, upon deeper investigation, Omni’s version of events was indeed the case. However, had the transaction actually constituted a double spend, it would likely have had severe ramifications for far more than just tether holders.