Recently Found Double Spending Vulnerability Is Not Tether’s Own, SlowMist Confirms
China-based cybersecurity firm SlowMist has confirmed that a recent double-spending vulnerability it found in Tether (USDT) is not inherent to the cryptocurrency itself.
Instead, it is enabled by some crypto exchanges’ databases not strictly verifying the status of the “valid” parameter of incoming USDT transactions. SlowMist explained this in a comment to its own Tweet June 28.
On June 28, SlowMist detected a vulnerability that allowed them to send USDT to a crypto exchange without correct field values on the transaction.
Subsequently, the cybersecurity firm explained that the newly discovered vulnerability is not an issue of the Tether network, but is instead a result of poor implementation of some exchanges’ data systems.
According to SlowMist’s statement, the issue is that the exchanges’ databases “do not strictly verify the status of the "valid" parameter.”
“Corrected a bit to explain: This vulnerability is not the USDT's own vulnerability, but some exchange platform' databases do not strictly verify the status of the "valid" parameter.
Please do not panic.”
Major crypto exchange OKEx reacted immediately to SlowMist’s report, claiming that its platform “is not affected by this issue.”
SlowMist further retweeted a post by the Omni Core maintainer which provided further information about the vulnerability. Omni Core claimed that the vulnerability comes from neither Tether’s part, nor the Omni Layer protocol, but “rather poor handling of incoming transactions.”
Created in 2012, Omni Layer, formerly known as Mastercoin, is a digital currency and communications protocol based on Bitcoin’s (BTC) blockchain. Tether, originally known as "Realcoin,” is a stablecoin pegged to the value of the U.S. dollar. It was announced in July 2014 and later issued on the Bitcoin blockchain via Omni Layer’s protocol.
On June 25 this year, Tether issued 250 million new tokens, a move that was met with some backlash from critics on Twitter who have expressed doubts about the fact that all USDT tokens are backed by the same amount of U.S. dollars.