Yes, you read that title correctly.
Earlier today (June 28th, 2018), the private Chinese cybersecurity firm, SlowMist, put up this tweet:
If you can’t read Chinese, here’s the English translation below:
The translation reads,
“The exchange in the USDT recharge transactions to confirm the success of a logical flaw in the transaction details on the block chain valid field value is true, resulting in “pretend value”, the user has not lost any USDT but successfully recharge the exchange USDT, and these USDT can be normal transactions. We have confirmed that the real attack happened! The relevant exchange should suspend USDT recharge function as soon as possible, and self-examination code whether there is this logic flaw.”
The translation is rough because it’s automated, of course (Microsoft), but the gist is that they were able to send USDT to an exchange (not named), without the field values on the transaction being correct — which means that people can be credited for the tokens on the unnamed exchange without having to actually send them.
This, obviously, would lead to a double-spend.
Who is SlowMist?
As mentioned above, they are a private Chinese security firm that works in the crypto space.
Here are some recent references to them in the space:
Also, here’s their GitHub link: https://github.com/slowmist
A link to an audit they performed:
Just to name a few…
In other words, SlowMist is legit and I have no reason at this point that they would go out on a limb to post something that appears to be bullshit.
The company, OmniLayer (a blockchain solution that allows people to build on top of Bitcoin), is home to U.S. Tether (USDT).
They issued a statement on this very recently (within 30 minutes of me writing this)
Since we’ve clearly identified this issue is one that would be impacting exchanges, specifically — I combed to see if I can find any exchange response.
The only exchange (of note with real volume) that I’ve found a response for so far is OkEx:
Feel free to read that press release above.
This further validates the thought that this is a REAL issue.
Blurred Out Information
With regards to this initial tweet:
There is blurred out information in the picture:
Through some savvy sources of mine, I firmly believe that I have found the TX in question.
Check this out:
This appears to be the OmniLayer link as well:
Here is the Means of How This Was Found:
Why I Posted This
To validate the claim being made in the tweet.
Also, because of the tweet’s responses:
Will Keep the Community Updated
I will update this article in live time as I find out more information (this is still a fresh issue).
What I can say (now — 6/28/2018; EST-4/GMT 4:41 p.m.) is that :
- This seems to be an exchange problem (I haven’t seen any theories or information going against that) more so than a Tether issue [I believe].
- SlowMist originally brought this issue out through the tweet. SlowMist looks to be a legitimate company and well-respected in the sphere. I cannot find evidence to the contrary.
- The issue is still very fresh and appears to be ridiculously under the radar at this point in time.
- OmniLayer has responded affirming the assumption in #1
- No exchanges other than OkEx have addressed or responded to this.
If this is an exploit that has been known before now, it is possible that this could have been exploited ad infinitum without anyone in the community knowing.
I have not pointed any fingers at any culprits yet, nor said this was the case.
But, the above statement stands.
This is definitely something the crypto community at large should be extremely wary of because this could be damaging to the entire space if this proliferates and it is found to be very true.