Double-spending flaw found in Tether transaction

June 29, 2018
Chris Wheal

SlowMist, a Chinese private cybersecurity company, has found a double-spending flaw in tether (USDT), the dollar-backed cryptocurrency, when traded on a particular exchange.

The company said it had been able to send the digital currency to an exchange (which it declined to name) without correct field values on the transaction. This potentially means a transaction can be credited to the receiving counterparty without anything being sent – a double spend, or the risk that a digital currency can be spent twice, or more.

SlowMist posted the transaction error on its Twitter feed on 28 June.


The transaction with the ‘valid’ field error: SlowMist

Exchange flaw

The cybersecurity firm insisted, however, this was not a flaw in the tether currency itself.

It said, again on Twitter: “This vulnerability is not the USDT’s own vulnerability, but some exchange platform databases do not strictly verify the status of the “valid” parameter. Please do not panic.”

Omni, the blockchain platform on which tether was created, responded by saying the fault was due to an exchange not checking the “valid” flag on transactions.

“Unless I am missing something, this is just poor exchange integration,” Tom McLeod, the Omni founder, posted on Reddit.

He added: “There may be cases when the valid flag is true, but the transaction fails for other reasons. It is important to also check the balance of the receiving account, as described in the best practices document.”

Exchange response

Meanwhile, Hong Kong-based OKeX, the world’s second-largest cryptocurrency exchange, said it was aware of the double-spend vulnerability and that it was not exposed to the problem.

“After being aware of the loophole, we immediately contacted Slow Mist to further understand the issue and performed a series of examinations. We confirmed that our platform is not affected by this issue,” the exchange said on its website.

It was the only exchange, at the time of publish, that OpenLedger could find a response from. We will update if further exchanges add their views.

Post written by Chris Wheal
Chris Wheal is editor of OpenLedger's news and features service. An award-wining business journalists himself, he runs a team of freelance journalists from across the UK and north America.

Related News

OL DEX is closing all activities April 25, 2020
USDT (ERC-20) Gateway Enabled April 17, 2020