Red flags have been raised yet again concerning ‘stablecoin’ Tether (USDT). This time, analysts have issued warnings against a potential double-spend bug as well as a possible case of price manipulation.
Last week, Chinese blockchain-centric security firm SlowMist revealed a suspicious transaction involving a user that managed to double the value of 694 USDT. In a tweet, SlowMist indicated that the user was able to illegitimately add USDT value to an exchange server under the mask of added funds.
交易所在进行USDT充值交易确认是否成功时存在逻辑缺陷,未校验区块链上交易详情中valid字段值是否为true,导致“假充值”,用户未损失任何USDT却成功向交易所充值了USDT,而且这些 USDT 可以正常进行交易。
我们已经确认真实攻击发生!相关交易所应尽快暂停USDT充值功能,并自查代码是否存在该逻辑缺陷。 pic.twitter.com/EPzZIsZFzH— SlowMist (@SlowMist_Team) June 28, 2018
This bug allowed the user to be credited for USDT that were not sent to the unnamed exchange. It is still unknown whether the said exchange has taken any action on the issue, which continues to cause consternation and concern amongst the crypto community. According to information gleaned on the transaction, the exchange actually accepted a transaction with invalid information and marked the “false” transaction for 694 USDT as valid.
SlowMist clarified that the issue only affected that unnamed exchange, not Tether as a whole.
Corrected a bit to explain: This vulnerability is not the USDT's own vulnerability, but some exchange platform' databases do not strictly verify the status of the "valid" parameter.
Please do not panic.
SlowMist Team
— SlowMist (@SlowMist_Team) June 29, 2018
On Reddit, user dacoinminster explained the situation further from a technical point of view and somewhat eased those double-spend worries, since a double-spend attack on Bitcoin was virtually impossible. According to the Reddit user, the incident was a case of “poor exchange integration.”
“If I’m translating this correctly, it appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second ‘double spend’ transaction had valid=true, which they also accepted,” dacoinminster explained.
Following the SlowMist tweet, OKEx released a statement confirming that they were aware of the vulnerability of the USDT deposit, but clarified that they were not exposed to any vulnerability. The exchange also confirmed that it had enlisted SlowMist’s assistance to ensure that OKEx was not at all affected by the fake deposit.
Another cryptocurrency exchange, Bittrex, also confirmed that it had nothing to do with the problem.
A case for ‘wash’ trading
Despite having a crucial role in the industry, serving as a way investors can find stability in the often volatile crypto market, Tether has had its fair share of problems.
As Tether’s market cap quickly rose over the billion-dollar valuation, users began to question the legitimacy of the reserve funds backing the popular altcoin. Many thought that Tether did not hold the funds to back its growing supply of USDT. However, it was recently revealed that Tether does hold the U.S. dollars to back all USDT in existence.
Now, a new controversy is brewing after a Bloomberg report raised red flags on USDT trading. After examining the altcoin’s activity on Kraken exchange, the Bloomberg team found “oddly specific order sizes—many going out to five decimal points, with some repeating frequently.”
Bloomberg News pulled more than 56,000 trades on Kraken placed between May 1 and June 22, which they sent to New York University Professor Rosa Abrantes-Metz and former Federal Reserve bank examiner Mark Williams, who both said “they’d never seen a market behave like Kraken, where large Tether orders fail to sway prices much.”
Asset prices increase when there is an increase in demand, but not with Tether. On May 9, for instance, eight sell trades for 13,076.389 USDT occurred in succession over 16 seconds, yet the price of the altcoin was unchanged at 0.999. The next trade, involving 75 Tethers, pushed the price up 0.0001.
The experts also noticed the oddly specific order numbers for Tether—some go out to five decimal places, like 34.08652. According to Abrantes-Metz and Williams, these could be signals to an automated trading program, whose “software would look for orders with a unique size, and trade against that.”
“Taking both sides of a transaction is known as wash trading, something banned in regulated markets like stocks because it can give a false impression of market supply and demand. Kraken isn’t similarly regulated by the government,” the Bloomberg report noted.
In response, Kraken CEO Jesse Powell released a statement to the news outlet, saying: “Nothing looks out of place to us in our publicly available data feed.”
The market for intelligent reporting in crypto hit an all-time low today on @Bloomberg. https://t.co/XDOpzLaoiH. @cryptoscopia slays: https://t.co/Hfy7rM4dVv
— Jesse Powell (@jespow) June 29, 2018
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
