Bitcoin (BTC) prices dipped below $6k once again as news of a “double-spend” vulnerability in stable coin USDT hit the market.
The double-spend vulnerability reveals that a “user [has] successfully recharged the exchange without losing any USDT.” And that “USDT and these USDTs [can] trade normally.”
Bitcoin prices dropped as word came out about this. The top crypto is now trading at $5,839 against the USD as shown on XBT.net. BTC/USD may rally to break above $6k once more, but the damage has already been done.
The decline may be exacerbated as the news of the vulnerability now shows that exchanges, and not tether itself, may be compromised.
USDT double-spend vulnerability
Chinese cybersecurity firm SlowMist disclosed via a tweet that they had found a possible double-spend flaw in the use of Tether (USDT).
The tweet, published on Thursday, June 28, 2018, indicates that the firm successfully sent USDT to an undisclosed exchange with a logical flaw in the transaction.
The transaction didn’t have the correct values in some fields. As it was validated, it meant that users could potentially be credited with USDT tokens that they haven’t sent. This amounts to double spending.
The revelation attracted the attention of OmniLayer, the platform that helped launch tether. Its founder sought to clarify the matter, posting on Reddit an explanation of what may have happened.
“[I]t appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second “double spend” transaction had valid=true, which they also accepted.
Unless I am missing something, this is just poor exchange integration.”
Crypto exchange OKEx is so far the only one to have responded to the issue, stating that they are aware of the issue.
It also assures the user community that the platform wasn’t exposed to the said vulnerability. However, it helped to shade light on what may have been taking place. Its statement reads in part:
“When a digital asset exchange is processing a USDT deposit, it may fail to verify if the validity of the transaction is “true”. So, a user’s account can be credited with USDT, even if the deposit failed, and the user will be able to trade with the tokens credited.”
Is it worrying?
Most definitely it is, bearing in mind that security flaws at the exchanges are one of the biggest hurdles facing crypto assets.
There’s a possibility that hackers could be exploiting this vulnerability and that it could be extended ad infinitum.
However, SlowMist has come out to assure investors and the general market that there’s no cause for panic.
The security firm tweeted a few hours after the original message to emphasize that this was an exchange problem. It has nothing to do with USDT.
“This vulnerability is not the USDT’s own vulnerability, but some exchange platform’ databases do not strictly verify the status of the “valid” parameter. Please do not panic.”
The vulnerability issues are surfacing barely a week after Tether released 250 million tokens, amid allegations and controversy on its role in Bitcoin price manipulation.
Investor confidence might have taken another beating, sinking sentiment further south. It won’t do Bitcoin prices any good, even as it turns out that USDT doesn’t have any of the alleged vulnerabilities.