Suggestions that the code for Tether's dollar-pegged cryptocurrency USDT may contain an error that can be exploited to allow double spending appear to be false.
According to the latest statements from both blockchain security firm Slow Mist, the company that made the original claim, and Tether, the startup that provides software for USDT, the issue is actually down to an exchange integration flaw.
On Thursday, Slow Mist seemed to claim in a WeChat post that when an exchange is conducting a transaction with USDT, the exchange needs to verify that the transactions details are "true," otherwise a double spend can occur. The company further suggested that the problem had been used in an attack on an unnamed crypto exchange, and, in a post on Twitter, included a page of transaction data with some of the details blurred out.
The claims, if true, were potentially impactful, as the USDT token is notably used to substitute for the U.S. dollar, acting as a proxy to quickly shift funds around exchanges rather than wait for wire transfers from banks.
However, in a statement, a spokesperson for Tether emphasized that the issue was not part of the USDT protocol.
They told CoinDesk:
Now, Slow Mist has also clarified that the issue does, in fact, lie with how exchanges integrate the USDT protocol for transactions, and not with the protocol itself.
In a statement to CoinDesk, the company said, "There was no Tether vulnerability [itself], but rather poor handling of incoming transactions. We have updated Twitter to explain this issue. We are sorry to say that the previous description did not express clearly."
While apparently not a Tether issue, the developments may add to the industry nervousness around the firm, which has been the subject of controversy alongside Bitfinex, the cryptocurrency exchange to which it is closely linked. Critics have alleged that Tether's USDT token is, in spite of its claims, not fully backed by a supply of U.S. dollars and has instead been used to manipulate the cryptocurrency market.
Just last week, Tether released a report attesting to its U.S. dollar reserves as proof that the token is fully backed. As CoinDesk highlighted, though, the report falls short of serving as a fall audit of Tether's finances and comes months after the company's relationship with auditing firm Friedman came to an end.
After Slow Mist's original post caused widespread concerns over security, several exchanges including OKEx and ZB.com verified that they were unaffected by the issue.
LBank announced it "conducted an emergency technical investigation," finding that it was not vulnerable. However, the exchange stated that "we cannot guarantee the security of the other trading platforms and USDT as a whole, so we decided to close the USDT recharge temporarily."
Editor's note: Some statements in this article have been translated from Chinese.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.