Site icon Sophos News

Tether hits back after $31m cryptocurrency hack

Hackers have stolen another $30.9m in cryptocurrency.

In a “critical announcement” on Monday, cryptocurrency startup Tether said the funds had been removed from the Tether Treasury wallet on 19 November and sent to an unauthorized bitcoin address.

But things aren’t as bad as they seem, Tether said – technically the money is not yet out of reach.

In a Bitcoin theft we might expect the thief to try and launder the stolen cash via a so-called tumbler service, something that makes following the money through the currency’s anonymous but transparent transaction logging very difficult.

But this isn’t a normal Bitcoin theft – the total value of bitcoins transferred into the unauthorized address on 19 November wasn’t $31m worth, it was closer to $41,000.

Confused? Welcome to the world of cryptocurrencies.

Tether is described by Coindesk as “a proxy for the US dollar that can be sent between exchanges, notably including Bitfinex, Poloniex and other markets without fiat trading.”

So what the hackers took off with wasn’t $30.9m USD in US dollars or bitcoins. Instead it was $30.9m USDT, “tokens” backed one-to-one by US dollars Tether says are held in reserve. The Tether transactional ledger that records what happens to those USDT tokens is embedded as metadata in the distributed ledger that records transfers of bitcoins, the blockchain.

Tether said it knows the address that is holding the funds, and won’t redeem any of the tokens.

As Tether is the issuer of the USDT managed asset, we will not redeem any of the stolen tokens, and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem.

The attacker is holding funds in the following address: 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r. If you receive any USDT tokens from the above address, or from any downstream address that receives these tokens, do not accept them, as they have been flagged and will not be redeemable by Tether for USD.

The company says it is also providing a new version of its Omni Core software. The update, available from Github, is designed to isolate those stolen coins, “any and all exchanges, wallets, and other Tether integrators should install this software immediately in order to prevent loss,” the company wrote.

Doing so will create a temporary so-called “hard fork,” which will, in essence, reverse the hack. That is the same trick performed by another troubled cryptocurrency, Ethereum, in June 2016, after an app called the DAO (Decentralized Autonomous Organization) was hacked and the attacker siphoned off an estimated $50m.

Finally the company said that, aside from the stolen tokens, “all Tether tokens remain fully backed by assets in the Tether reserve.”

So, no problem? Just a hiccup?

Well, online cryptocurrency watchers are openly dubious about the assurances coming from Tether and have raised virtual eyebrows in the direction of the suddenly-empty Tether transparency page.

Beyond all that, CoinDesk reports that the announcement of the hack, “comes amid a period of growing discussion – and controversy – around Tether.”

Tether also was not responding to emails or calls as of Tuesday.

But, the incident has apparently not caused major disruption to the value of Tether or Bitcoin. According to Coinmarketcap, Tether is ranked as the 19th most valuable cryptocurrency, with a market capitalization of $674 million.

The company said it issued over $300 million worth of USDT in the last week alone.

And Bitcoin, while it took a hit earlier in the day, recovered quickly and was listed at $8,152 at the end of Tuesday.

Exit mobile version