Tether Double-Spending Vulnerability Confirmed; Exchanges May Be At Risk 6–28–2018

Yes, you read that title correctly.

Earlier today (June 28th, 2018), the private Chinese cybersecurity firm, SlowMist, put up this tweet:


If you can’t read Chinese, here’s the English translation below:

The translation reads,

“The exchange in the USDT recharge transactions to confirm the success of a logical flaw in the transaction details on the block chain valid field value is true, resulting in “pretend value”, the user has not lost any USDT but successfully recharge the exchange USDT, and these USDT can be normal transactions. We have confirmed that the real attack happened! The relevant exchange should suspend USDT recharge function as soon as possible, and self-examination code whether there is this logic flaw.”

The translation is rough because it’s automated, of course (Microsoft), but the gist is that they were able to send USDT to an exchange (not named), without the field values on the transaction being correct — which means that people can be credited for the tokens on the unnamed exchange without having to actually send them.

This, obviously, would lead to a double-spend.

Who is SlowMist?

As mentioned above, they are a private Chinese security firm that works in the crypto space.

Here are some recent references to them in the space:

View at Medium.com
View at Medium.com

Also, here’s their GitHub link: https://github.com/slowmist

A link to an audit they performed:

View at Medium.com

Just to name a few…

In other words, SlowMist is legit and I have no reason at this point that they would go out on a limb to post something that appears to be bullshit.

Additional Information

The company, OmniLayer (a blockchain solution that allows people to build on top of Bitcoin), is home to U.S. Tether (USDT).

They issued a statement on this very recently (within 30 minutes of me writing this)

Source: https://www.reddit.com/r/CryptoCurrency/comments/8ulr0t/a_doublespend_has_been_successfully_performed_on/

Exchange Response

Since we’ve clearly identified this issue is one that would be impacting exchanges, specifically — I combed to see if I can find any exchange response.

The only exchange (of note with real volume) that I’ve found a response for so far is OkEx:

View at Medium.com

Feel free to read that press release above.

This further validates the thought that this is a REAL issue.

Blurred Out Information

With regards to this initial tweet:


There is blurred out information in the picture:

Through some savvy sources of mine, I firmly believe that I have found the TX in question.

Check this out:


Everything matches up outside of the blurred portion of that tweet

This appears to be the OmniLayer link as well:

View at Medium.com

Here is the Means of How This Was Found:

Timestamps, responses and identities hidden for safety purposes.

Why I Posted This

To validate the claim being made in the tweet.

Also, because of the tweet’s responses:

Replies to the initial tweet

Will Keep the Community Updated

I will update this article in live time as I find out more information (this is still a fresh issue).

What I can say (now — 6/28/2018; EST-4/GMT 4:41 p.m.) is that :

  1. This seems to be an exchange problem (I haven’t seen any theories or information going against that) more so than a Tether issue [I believe].
  2. SlowMist originally brought this issue out through the tweet. SlowMist looks to be a legitimate company and well-respected in the sphere. I cannot find evidence to the contrary.
  3. The issue is still very fresh and appears to be ridiculously under the radar at this point in time.
  4. OmniLayer has responded affirming the assumption in #1
  5. No exchanges other than OkEx have addressed or responded to this.


If this is an exploit that has been known before now, it is possible that this could have been exploited ad infinitum without anyone in the community knowing.

I have not pointed any fingers at any culprits yet, nor said this was the case.

But, the above statement stands.

This is definitely something the crypto community at large should be extremely wary of because this could be damaging to the entire space if this proliferates and it is found to be very true.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.