Security Firm Identifies Potential Tether (USDT) Double-Spend Bug 343

SlowMist, a Chinese cybersecurity firm, has recently pointed out a transaction that should have some worried, as the user managed to double the value of 694 USDT.

SlowMist: User

On Thursday, a blockchain centric cybersecurity firm, issued a Tweet which drew attention to a questionable USDT transaction.

交易所在进行USDT充值交易确认是否成功时存在逻辑缺陷,未校验区块链上交易详情中valid字段值是否为true,导致“假充值”,用户未损失任何USDT却成功向交易所充值了USDT,而且这些 USDT 可以正常进行交易。
我们已经确认真实攻击发生!相关交易所应尽快暂停USDT充值功能,并自查代码是否存在该逻辑缺陷。 pic.twitter.com/EPzZIsZFzH

— SlowMist (@SlowMist_Team) June 28, 2018

According to the automated translation of the Tweet, originally given in Mandarin Chinese, the user was able to illegitimately add USDT value to the exchange’s server, giving a guise of added funds.

This vulnerability essentially allowed the user to be potentially credited for USDT that was not sent to the exchange.

It is unclear whether the exchange affected, which remained unnamed, has made any actions to amend the issue.

According to the information of the transaction in question, the exchange accepted a transaction that had invalid information, with the exchange marking the 694 USDT “false” transaction as valid.

When the Tweet was first released, it was unclear whether this problem was an unlucky edge-case or a problem that affected all of the 2.75 Billion Tether tokens in existence.

Bug Is Only Pertinent To Vulnerable Exchange

SlowMist later clarified, in English this time, that the issue was not with Tether as a whole, but rather with the unnamed exchange.

A Reddit user who goes by Dacoinminster gave his/her reasoning for the hack. To add to the legitimacy of the reasoning, the user claimed to be a founder of Omni, the protocol which Tether is built upon.

Firstly, the Reddit user noted that Omni-based assets cannot be double-spent without Bitcoin having to be double-spent as well. This comment eased the double-spend worries, as a double-spend attack on Bitcoin is nearly impossible.

The Omni founder wrote:

If I’m translating this correctly, it appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second “double spend” transaction had valid=true, which they also accepted.

Dacoinminster went on to say that the issue was the result of “poor exchange integration,” pointing an accusing finger at the affected exchange.

OKEx, one of the top cryptocurrency exchanges by trading volume, quickly created a press release regarding the issue, adding to the legitimacy of the issue. OKEx wrote:

We are aware of the vulnerability with USDT deposit. And we confirm that OKEx is NOT exposed to the vulnerability. Please rest assured that your assets are safe and secure with us.

Further adding that OKEx enlisted the help of SlowMist to ensure that OKEx was not vulnerable to the “fake deposit” issue.

Bittrex also confirmed that it was not affected and the processing of all Omni-based assets, like Tether, did not experience any difficulties. The Tweet stated, “Bittrex properly handles the “valid” flag mentioned in the (Omni) integration guide.”

It has become clear that this issue is only pertinent to exchanges who failed to properly integrate Omni assets, most likely smaller exchanges with smaller technical teams. At the time of writing, the unnamed exchange was the only platform reported to be vulnerable to the bug.

Tether Remains The Topic Of Controversy

Despite holding a vital role in the industry, serving as a way investors can find stability in the often volatile crypto market, Tether has had its fair share of problems.

As Tether’s market cap quickly rose over the billion dollar valuation, users began to question the legitimacy of the reserve funds backing the popular stablecoin. Speculation raged, as Tether unexpectedly dismissed an auditor for the “excruciatingly detailed procedures” the auditor firm was enlisting.

Many thought that Tether did not hold the funds to back its growing supply of USDT. However, it was recently revealed that Tether does hold the U.S. dollars to back all USDT in existence.

Although that issue was dismissed, research has pointed out that Tether may be responsible for the manipulation of many Bitcoin price movements. The report, originating from the University of Texas, states that the issuances of Tether may have caused up to 50% of all Bitcoin price increases.

Although not directly addressed by the Tether organization, this report confirms much of the sentiment held by Tether critics.

The recent bug exposed by SlowMint has added to the Tether controversy, which has become increasingly diverse as Tether continues to grow at a rapid rate.

 

Featured Image from

Previous ArticleNext Article

Bitcoin Association hires Patrick Prinz as Europe & Operations Manager to further advance Bitcoin SV 3688

Bitcoin Association, the Switzerland-based global industry organization that advances Bitcoin Satoshi Vision (BSV), has named Patrick Prinz, CFA as its new Europe & Operations Manager. Working out of the Association’s headquarters in “Crypto Valley” Zug, Switzerland, Prinz will serve two roles – advance the business growth of Bitcoin SV throughout Europe and support the operational needs of the organization globally.

Bitcoin Association supports Bitcoin SV because it is the only blockchain protocol adhering to Bitcoin creator Satoshi Nakamoto’s original design and vision for Bitcoin to become a peer-to-peer electronic cash system and global data ledger for enterprise. The Bitcoin SV ecosystem has rapidly grown to over 428 known Bitcoin SV projects and ventures worldwide. Developers and businesses are discovering the value of the Bitcoin blockchain when it massively scales — a public ledger capable of huge transaction volumes, micropayments, greater data capacity, smart contracts, tokenization, and many advanced applications.

A true believer in this Satoshi Vision for Bitcoin, Prinz has a strong background in financial services and strategy consulting. Most recently, he worked as a senior investment advisor for a global asset management group. Prinz advised on emerging technologies, and discovered the benefits of having a single, massively scalable, public, auditable ledger for storing any type of data and allowing value transfer at a micropayment level – only possible using the Bitcoin SV blockchain.

Previously, Prinz was a consultant at a leading strategy consulting firm – acting as advisor to international banks on how to incorporate complex regulatory requirements and adapt business models to industry paradigm shifts. He began his career in corporate and investment banking, working at Deutsche Bank and Citi. Prinz holds a Master of Science degree in Banking and Finance and a Bachelor of Science degree in International Business Administration.

Speaking on his appointment, Prinz said: “Bitcoin SV is finally fulfilling the potential that initially excited me about Bitcoin many years ago – to achieve efficiencies as the single public data ledger and micropayment system for the world. As I was puzzled by the fact that innovation and development were not happening on BTC, I did my own extensive research and realized that Satoshi Nakamoto’s original design and the Bitcoin white paper always had the answers to achieve a massively scalable global public blockchain. With scaling comes efficiency, and with efficiency come innovation and entrepreneurship – which is all happening on Bitcoin SV with the emergence of completely new business models powered by microtransactions and the immutable public ledger that Bitcoin is. I am thrilled to join Bitcoin Association to work with businesses and entrepreneurs to educate them on the transformative power which Bitcoin SV brings to the world.”

Jimmy Nguyen, Founding President of Bitcoin Association, commented: “With Patrick’s addition, we welcome to our team another high-caliber professional with international business experience. Patrick will play a vital role in operational management as we grow our headquarters in Zug, Switzerland. He will also be a strong business voice for Bitcoin SV across Europe – with his financial services knowledge, effective communication skills, and passionate belief in Bitcoin’s true power.”

Patrick’s hire is the latest step in the global expansion of Bitcoin Association. He joins two other regional business managers – Lise Li (China) and Ella Qiang (Southeast Asia, based in Singapore) – all with considerable experience in both Bitcoin and business. Additional team members come from the United States, United Kingdom, Australia, China, and New Zealand. The staff is further supported by Bitcoin Association Global Ambassadors in Argentina, Australia, Brazil, China, Germany, Israel, Japan, Netherlands, Panama, Russia and CIS region, the Scandinavia region, Slovenia, South Africa, South Korea, Spain, and the United States.

TradeStation Crypto Continues to Revolutionize the Crypto Space with the Launch of Several New Platform Features and Innovations 5471

TradeStation Crypto, Inc., a subsidiary of TradeStation Group, Inc., today introduced a series of new features to its crypto brokerage offering, including crypto deposits and withdrawals, new interest earning capabilities on eligible assets, ability to track profit and loss (P&L), and mobile trading through the TradeStation mobile app. The added features underscore TradeStation Crypto’s commitment to constant innovation and providing its customers sophisticated offerings and technology to support their needs and investment objectives.

With these new enhancements, crypto investors can not only buy and sell crypto, but can now deposit cryptocurrencies they already own. In addition, customers can earn interest on eligible assets simultaneously, without locking up their crypto. When combined with other traditional investment products – such as equities, options and futures – available to traders through another subsidiary TradeStation Securities, Inc., the TradeStation Group brand provides an all-in-one experience for investors and traders, a key differentiator in the crypto space.

“The current ultra-low interest rate environment has made it difficult for investors to earn interest on traditional products, which may incentivize certain investors to explore adding crypto to their portfolio,” said James Putra, Senior Director of Product Strategy at TradeStation Crypto. “Now, and for the first time, TradeStation Crypto customers can earn interest on their eligible crypto balances whether they’re actively trading or sitting on the sidelines during times of market volatility. Cryptocurrency interest could be a real game-changer,” said Putra.

The series of enhancements also includes P&L functionality. “We have one of the first crypto trading platforms with a feature that allows traders to instantly see their unrealized P&L to gain a better understanding of the status of their TradeStation Crypto account,” said Putra.

Additionally, TradeStation Crypto introduced mobile app trading capabilities to complement the features and benefits of the TradeStation Crypto platform. Investors and traders will enjoy augmented flexibility by taking the power of the TradeStation Crypto platform wherever they go.

“We’re thrilled to be able to add these new capabilities and offer our customers a one-stop-shop for all products under the TradeStation Group umbrella,” said Putra. “This is just the beginning of new innovations on the horizon to improve the customer experience. More features are being developed as we speak, and will be introduced to our traders in the coming months, as we strive to make trading crypto as accessible and intuitive as possible.”

Cellebrite Adds Cryptocurrency & Blockchain Investigations Solution to Industry Leading Digital Intelligence Platform 5314

Cellebrite, the global leader in Digital Intelligence (DI) solutions for public and private sectors, today announced the launch of Cellebrite Crypto Tracer, a new comprehensive cryptocurrency investigation solution designed to accelerate investigations involving blockchain technology and cryptocurrency. The solution, powered by CipherTrace, features powerful and easy-to-use tools, investigation services, and training programs designed for investigators, analysts and non-technical agents. The solution empowers teams to lawfully obtain evidence and trace criminals who use bitcoin and other cryptocurrencies for illicit activities, including money laundering, terrorism, drug and human trafficking, weapon sales, and ransomware schemes.

Every year, an estimated $76 billion of illegal activities involve Bitcoin. Nearly one hundred percent of darknet market transactions, including the sale of ransomware, illegal drugs and phishing kits, involve cryptocurrencies, in large part due to their ease of transacting online and across borders. The use of cryptocurrencies among criminals may have been furthered by their perceived anonymity. Transactions are recorded on the blockchain, which is a public ledger, enabling anyone to see the transactions though not the identities of those executing said transactions.

The Cellebrite Crypto Tracer Solution is designed to reveal illicit transactions using cryptocurrencies and enables investigators to aggregate and curate millions of open source and private references, deception data and human intelligence, resulting in a dataset of over 522 million attributable points. These data points give investigators full visibility into the lifespan of cryptocurrency transactions, including where the money originated and where it went, in both wallets and exchanges. Graphic mapping and color-coded threat level transactions enhance the visualization and understanding of the activities and accelerate investigators’ abilities to pinpoint primary and associated criminal activity and its perpetrators.

Powered by CipherTrace Inspector, the world’s most comprehensive cryptocurrency intelligence tool, the Cellebrite Crypto Tracer Solution gives investigators the ability to:

  • Utilize a Blockchain Search Engine: Simply enter a cryptocurrency address or transaction ID into an intuitive search bar that will auto-complete long addresses.
  • Conduct Risk Scoring: Profile hundreds of global exchanges, ATMs, mixers, money laundering systems, gambling services, and known criminal addresses and assign risk levels to transactions.
  • Show a Deep Analysis of Potential Risks: Non-technical users can visualize transaction flows to follow virtual money trails without becoming a cryptocurrency or blockchain expert.
  • Demonstrate High-Quality Advanced Attribution: Top entity typologies and attribution collection methods are easily identifiable within Inspector.
  • Leverage a Massive Transaction Database: Allows users to understand interactions with a powerful graph that traces the flow of funds over time and through the blockchain ecosystem.
  • Operate with Integrated Case Management: Gives investigators a convenient way to save research, replay searches, export investigation reports and collaborate with others involved in the investigation.

Also included in Cellebrite Crypto Tracer:

  • Cryptocurrency Investigation Services: The Cellebrite Advanced Services (CAS) team conducts criminal and civil cryptocurrency fraud investigations for law enforcement and corporations. Cellebrite certified forensics experts employ advanced techniques to expose financial cybercrime and fraud schemes by analyzing cryptocurrency artifacts and providing investigative teams with detailed documentation and insights through analyst level reports.
  • Cryptocurrencies Investigation Training: A 3-day course in best-practices for cryptocurrency investigation techniques. The class teaches investigators how to use CipherTrace Inspector to obtain and analyze evidence about individuals committing crimes using cryptocurrencies.

“It has long been assumed that blockchain and cryptocurrency transactions remain untraceable and unknown,” said Leeor Ben-Peretz, Chief Strategy Officer, Cellebrite. “This is a misconception. As a matter of fact, the essence of blockchain is to indelibly keep a record of each step of every transaction. We’re enabling investigative teams to extract this information and use the power of Digital Intelligence to aid them in interpreting the data needed to identify illicit blockchain activity and keep communities safe.”

“We’re very excited to offer our best-in-class cryptocurrency tracing and blockchain analytic capabilities to enhance Cellebrite’s Digital Intelligence, training and investigative services,” said Stephen Ryan, COO of CipherTrace. “As criminals increasingly utilize cryptocurrencies in their illicit activity, our partnership with Cellebrite will be that much more important to making the digital world a safer place.”

Tokeny Solutions Partners with Inveniam to deliver Data Integrity and Price Discovery for Private Securities 6042

Tokeny Solutions (Tokeny), an industry-leading tokenization platform based in Luxemburg and backed by Euronext, is announcing a collaboration with Inveniam and its Inveniam.io platform, delivering data integrity and price discovery. Tokeny’s technology, enhanced by Inveniam’s software, provides the foundation for increased private market asset liquidity and public-like performance of these assets. This public-like performance is made possible with data integrity and price discovery functionality driven by better data on the underlying businesses and their assets.

Tokeny and Inveniam will create digital securities for investors with seamless integration and will facilitate the secondary market trading of private market securities. Tokeny has expertise in the compliant issuance, transfer, and management of digital securities. The T-REX (Token for Regulated Exchanges) protocol allows market actors to apply trust, compliance and control while utilizing blockchain technology. Inveniam.io provides automated workflows, also known as robotic process automation (“RPA”). RPAs gather performance data on underlying real assets that inform digital tokens. Inveniam.io digitally certifies, indexes, fields, and validates real asset performance data that is commutable and proven.

“Inveniam’s data integrity and fair market value pricing functionality will enrich Tokeny’s security tokens to facilitate the forthcoming secondary market for real estate assets. The Inveniam.io platform complements ours, making this a synergistic tokenization powerhouse,” said Daniel Coheur, Co-Founder and Chief Commercial Officer at Tokeny Solutions.

“We look forward to a mutually beneficial collaboration with Tokeny in this initiative. This combined service will deliver real-time price discovery, liquidity and transparency for digitizing private assets; something that was not possible before now,” said Patrick D. O’Meara, Inveniam’s Founder and CEO. “Combining user-friendly end-to-end solutions of Tokeny’s technology with data integrity and real-time fair market value Verified by Inveniam™, provides a powerful competitive edge for private market asset owners.”

Orion Protocol (ORN) Wins KuCoin Community Vote DeFi Session, Trading and Staking Services to be Opened 8947

KuCoin, an IDG-backed exchange, today announced the result of the KuCoin Choice Community Vote (DeFi Session), Orion Protocol has won the voting and will get listed on KuCoin at 18:00 July 25. Meanwhile, staking service on Pool-X will be available from 17:00 July 22, with an annualized return of 39%. DeFi is the most trending topic in the recent blockchain industry with a large number of promising DeFi projects emerging. In order to contribute to the DeFi ecosystem and provide support to more DeFi projects, the KuCoin Choice Community Vote (DeFi Session) has been launched to select real potential DeFi projects.

Orion Protocol, the DeFi platform building B2B and B2C solutions on the most advanced liquidity aggregator ever developed, solves the largest problems in DeFi by aggregating the liquidity of the entire crypto market into one decentralized platform. With the ORN token at the core, Orion has built thirteen different revenue streams across their stack of solutions – from Orion Terminal to Orion Enterprise solutions for blockchains, exchanges, and crypto projects.

KuCoin Global CEO Johnny Lyu stated: “KuCoin has been persistent in its pursuit of finding and supporting blockchain projects with real potential. KuCoin has been paying attention to the DeFi field for a long time, and hopes to find hidden gems in DeFi for users. Community Vote is a good way to not only allow users to contribute to the KuCoin ecosystem, but also to better understand DeFi projects. In the future, we will explore more ways to support DeFi to accelerate its mass adoption.”

Orion Protocol CEO Alexey Koloskov Stated: “Orion bridges the gap between the centralized and decentralized worlds of crypto, solving the largest problems in DeFi by aggregating the liquidity of the entire crypto market into one decentralized platform. I’d like to thank our community for supporting us in this voting and I am very excited about the KuCoin listing. We look forward to working closer with KuCoin to BUIDL on DeFi in the future.”

KuCoin has always been a strong supporter of DeFi projects and has listed a number of real potential projects in the DeFi field, such as COMP, MKR, KNC, AMPL, LUNA, AKRO, etc. Furthermore, KuCoin is developing its own public chain – KuChain to further boost the prosperity of the DeFi world. KuChain’s testnet Kratos has launched its beta version and it aims to build a four-layer network based on the needs of DeFi and DEX, modularizing the protocol and functions, improving the ease of use of Kratos, and reducing the threshold for developer participation.

VistaChain by Highview Achieves SAP Certification through the “Co-Innovated with SAP” Program 10212

Highview Solutions, Inc. today announced that its VistaChain V1.0 solution has achieved SAP® certification as integrated with SAP Cloud Solutions, as part of the “Co-Innovated with SAP” program. The “Co-Innovated with SAP” program is designed to help partners through the development lifecycle that culminates in an SAP-certified and tested solution against SAP product standards. It is an end-to-end program of guided services offered by the SAP Partner Innovation Lifecycle Services organization that helps partners take their products to market in alignment with other SAP teams (product management, solution management, development and field), thereby providing the guidance and support to help ensure a competitive solution in the marketplace.

“The innovation of our VistaChain V1.0 solution resulted in many wins as we worked closely and exclusively with the outstanding SAP Partner Innovation Lifecycle Services team to achieve SAP certification for our product. We are thrilled to have developed blockchain-enabled solutions to offer simple, transparent B2B transactions for vendors and suppliers. This innovation should improve user experience on all fronts,” says Mike Kersels, Highview founder and CEO.

VistaChain V1.0 is poised to be the industry-agnostic connective tissue between vendors and suppliers for B2B transactions. As an SAP partner and trusted third party for business partners Highview Solutions has been providing B2B Electronic Data Interchange (EDI) solutions to its customers since 2019.

The SAP Partner Innovation Lifecycle Services organization has certified that VistaChain V1.0 by Highview Solutions integrates with Hyperledger Fabric service on SAP Cloud Platform, where business documents exchanged between customers and trading partners are stored in the cloud.

As a managed service offering VistaChain provides full visibility and transparency to the data of exchanged business documents, reduces time spent on reconciliation and helps to eliminate disputes between business partners.