Security Firm Identifies Potential Tether (USDT) Double-Spend Bug 773

SlowMist, a Chinese cybersecurity firm, has recently pointed out a transaction that should have some worried, as the user managed to double the value of 694 USDT.

SlowMist: User

On Thursday, a blockchain centric cybersecurity firm, issued a Tweet which drew attention to a questionable USDT transaction.

交易所在进行USDT充值交易确认是否成功时存在逻辑缺陷,未校验区块链上交易详情中valid字段值是否为true,导致“假充值”,用户未损失任何USDT却成功向交易所充值了USDT,而且这些 USDT 可以正常进行交易。
我们已经确认真实攻击发生!相关交易所应尽快暂停USDT充值功能,并自查代码是否存在该逻辑缺陷。 pic.twitter.com/EPzZIsZFzH

— SlowMist (@SlowMist_Team) June 28, 2018

According to the automated translation of the Tweet, originally given in Mandarin Chinese, the user was able to illegitimately add USDT value to the exchange’s server, giving a guise of added funds.

This vulnerability essentially allowed the user to be potentially credited for USDT that was not sent to the exchange.

It is unclear whether the exchange affected, which remained unnamed, has made any actions to amend the issue.

According to the information of the transaction in question, the exchange accepted a transaction that had invalid information, with the exchange marking the 694 USDT “false” transaction as valid.

When the Tweet was first released, it was unclear whether this problem was an unlucky edge-case or a problem that affected all of the 2.75 Billion Tether tokens in existence.

Bug Is Only Pertinent To Vulnerable Exchange

SlowMist later clarified, in English this time, that the issue was not with Tether as a whole, but rather with the unnamed exchange.

A Reddit user who goes by Dacoinminster gave his/her reasoning for the hack. To add to the legitimacy of the reasoning, the user claimed to be a founder of Omni, the protocol which Tether is built upon.

Firstly, the Reddit user noted that Omni-based assets cannot be double-spent without Bitcoin having to be double-spent as well. This comment eased the double-spend worries, as a double-spend attack on Bitcoin is nearly impossible.

The Omni founder wrote:

If I’m translating this correctly, it appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second “double spend” transaction had valid=true, which they also accepted.

Dacoinminster went on to say that the issue was the result of “poor exchange integration,” pointing an accusing finger at the affected exchange.

OKEx, one of the top cryptocurrency exchanges by trading volume, quickly created a press release regarding the issue, adding to the legitimacy of the issue. OKEx wrote:

We are aware of the vulnerability with USDT deposit. And we confirm that OKEx is NOT exposed to the vulnerability. Please rest assured that your assets are safe and secure with us.

Further adding that OKEx enlisted the help of SlowMist to ensure that OKEx was not vulnerable to the “fake deposit” issue.

Bittrex also confirmed that it was not affected and the processing of all Omni-based assets, like Tether, did not experience any difficulties. The Tweet stated, “Bittrex properly handles the “valid” flag mentioned in the (Omni) integration guide.”

It has become clear that this issue is only pertinent to exchanges who failed to properly integrate Omni assets, most likely smaller exchanges with smaller technical teams. At the time of writing, the unnamed exchange was the only platform reported to be vulnerable to the bug.

Tether Remains The Topic Of Controversy

Despite holding a vital role in the industry, serving as a way investors can find stability in the often volatile crypto market, Tether has had its fair share of problems.

As Tether’s market cap quickly rose over the billion dollar valuation, users began to question the legitimacy of the reserve funds backing the popular stablecoin. Speculation raged, as Tether unexpectedly dismissed an auditor for the “excruciatingly detailed procedures” the auditor firm was enlisting.

Many thought that Tether did not hold the funds to back its growing supply of USDT. However, it was recently revealed that Tether does hold the U.S. dollars to back all USDT in existence.

Although that issue was dismissed, research has pointed out that Tether may be responsible for the manipulation of many Bitcoin price movements. The report, originating from the University of Texas, states that the issuances of Tether may have caused up to 50% of all Bitcoin price increases.

Although not directly addressed by the Tether organization, this report confirms much of the sentiment held by Tether critics.

The recent bug exposed by SlowMint has added to the Tether controversy, which has become increasingly diverse as Tether continues to grow at a rapid rate.

 

Featured Image from

Previous ArticleNext Article

Rarimo Foundation Launches MetaMask Snap, RariMe, Enabling Cryptocurrencies and Identity Credentials To Be Stored and Managed From A Single Wallet 2335

Rarimo Foundation has launched RariMe, a MetaMask Snap that enables MetaMask users to store and manage identity credentials through their MetaMask wallet, developed by Consensys.

RariMe is built with MetaMask’s Snaps platform, which launched on 12 September and allows developers to build applications that can bring new functionalities to MetaMask’s users.

RariMe introduces an entirely new social identity function to MetaMask and ends wallet fragmentation; users will no longer have to switch between their identity and digital asset wallets. In a single swoop, MetaMask users will instantly have access to identity storage and privacy-enhancing Zero-Knowledge Proof (ZKPs) generation and management. Given that in 2022, MetaMask surpassed 100 million users, this significantly expands the presence of digital identity.

RariMe also further improves the user experience, by ensuring that all credentials are fully multi-chain. For one of the first times in Web3, users will not have to issue separate proofs for separate chains. Instead, they can issue a proof on the chain of their choice and then use it seamlessly across Ethereum, Polygon, BNB Chain, and Avalanche. This is possible because RariMe was built atop of interoperability protocol, Rarimo, which enables state replication and on-chain verification.

Lasha Antadze, Co-Founder of Rarify Labs, commented, “RariMe snap dramatically improves the user experience around digital identities. Users will no longer have to switch between multiple apps and interfaces and the friction between identities and crypto has been removed. This will fuel the growth of the digital identity space and the many emerging Web3 movements that require identities, including decentralized social media and on-chain gaming.”

“MetaMask is thrilled to welcome Rarimo as one of the trailblazing builders for MetaMask Snaps. We strongly believe that permissionless innovation is fundamental to a decentralized ecosystem. With Snaps, we’re not just expanding features; we’re excited to see Rarimo use Snaps to open the doors to digital identities, credentials management, and decentralized social protocols, ultimately empowering our users like never before,” said Christian Montoya, Product Lead at MetaMask Snaps.

From launch, RariMe will be integrated with Rarimo’s Proof-of-Humanity plug-in which was released last month to enable users to leverage identity credentials from Unstoppable Domains, Civic, and Gitcoin to prove that they are humans and not bots. RariMe will automatically provide users with an end-to-end flow on the reputation-building platforms Galxe, Zeely, and quest focused application QuestN.

About Rarimo

Rarimo is the interoperability protocol for digital social identities. Its distinctive infrastructure enables identity components to be integrated on-chain, and seamlessly ported across ecosystems. This ensures that Web3 can develop without the walled gardens and cumbersome identity practices of Web2.

About Rarimo Foundation

Rarimo Foundation is a not-for-profit company devoted to implementing the decisions of the Rarimo DAO.

About Rarify Labs

Rarify Labs is an ecosystem contributor dedicated to advancing Rarimo.

ETH Riyadh 2023: Exploring the Future of the Web3 Ecosystem 2809

On October 11th, 2023, ETH Riyadh 2023, presented by Tharawat Technology, Studio 23, ChainIDE, Coffee with Crypto, and Mask, is poised to assemble developers, innovators, and the global blockchain community in a dynamic exchange of ideas and technological advancements. Riyadh is once again primed to assert itself as a global epicenter for blockchain innovation with the imminent arrival of the ETH Riyadh 2023 conference.

Riyadh represents a burgeoning center for digital innovation, with a growing tech-savvy community and an environment conducive to the adoption of emerging technologies. The strategic location in the heart of the Middle East makes Riyadh an ideal meeting point for blockchain enthusiasts from diverse regions, fostering international collaboration and innovation.

EthRiyadh 2023 is a series of hybrid events, hosted both online and offline, featuring three distinct stages. It kicks off with the META to Global Web3 Builder Competition, taking place from September 18th to October 12th. This competition will feature multiple tracks focusing on the latest innovations in the web3 industry and blockchain technology, encouraging developers and innovators to showcase their skills and creativity.

Following with the Builder Conference that Scheduled for October 11th. This part of the event promises captivating talks and panel discussions led by leaders and visionaries in the blockchain field. Attendees will have the opportunity to gain valuable insights into emerging trends and groundbreaking technologies that are shaping the future of web3 and Ethereum.

The event culminates with the online Builder Mixer, taking place on October 12th. This is a unique opportunity for participants to connect with a vibrant community of builders, fostering growth and mutual success. Attendees can share stories about their experiences in building and forging meaningful connections that may lead to future achievements in the blockchain industry.

For more information about ETH Riyadh 2023, including registration details and agenda updates, please visit [www.ethriyadh.com].

Solar Dex to relaunch on Quai Network 3729

While many solutions for blockchain scalability have been proposed, they remain unable to crack the blockchain trilemma, sacrificing security and decentralization. Quai is the first blockchain protocol that is simultaneously decentralized, censorship resistant and infinitely scalable. Quai, in contrast to traditional cryptocurrencies, functions as a network of many interoperable blockchains braided together. Due to a breakthrough discovery that occurred during research on proof-of-work, Quai Network utilizes a new consensus mechanism, proof of entropy minima (PoEM), which eliminates all consensus-based forks and enables all Quai nodes to remain in “perpetual consensus.”

Solar Dex began as the first United States-based decentralized exchange on Solana, and will now be pivoting to build on Quai as one of its first DEXs. Due to a loss of TVL on Solana and many Solana-based projects moving strictly to NFTs, the Solar team has decided to get ahead of the DeFi curve and take advantage of Quai’s low-cost, high-speed decentralized network in order to better position Solar Dex for the next bull run. The team at Solar is building on top of Quai Network to “ensure a more sustainable future for Solar Dex.”

Roy Fardin, chief business officer, said: “After talking to the Quai Network team, we have never been more bullish about a layer 1 with scalability and its passion for growth. It was a clear eye-opener that they care about DeFi and want other projects that utilize this network to succeed. The vision behind Quai brings the best of Ethereum and Solana all together into this new network.”

Solar Dex will be reworking the DEX into several components as it builds on Quai. The DEX will not only support traditional swaps, but also add in customizable swap themes. In addition, Solar Dex’s Solar Sentries NFTs will allow staking as a yield opportunity derived by all exchange fees earned from Sentry Mode projects.

Richard, CEO of Solar Dex, said: “On top of traditional DEX swaps, Solar Dex will be adding limit orders on Quai. “We’re doing a total revamp of the website and DEX which should be very aesthetically pleasing and simplistic to onboard new users to DeFi and also Quai.”

With Quai’s Iron Age Testnet beginning in September 2023, Solar Dex will be prioritizing its deployment on Quai for the coming months. There will be incentives to beta-test Solar DEX on Quai and additional generalized rewards will be provided by Quai for participating in the Iron Age Testnet. On top of this, the Solar team will be adding a surprise feature to the DEX to build excitement for Quai’s testnet launch, as well as utilizing its incentive program to reward holders.

With backing from Polychain Capital and an expert team with backgrounds at Apple, GridPlus, Tesla, Consensys, Circle and more, Quai is excited to usher in a new generation of innovative applications that don’t sacrifice decentralization.

Concordium Enables a New Standard of Age Verification Amidst Growing Privacy Concerns 3965

Concordium, the Layer 1, science-backed blockchain creating a safer digital world, proudly unveils Web3 ID: a cutting-edge identification platform offering age-verification capacities designed to prioritize user privacy for both individuals and businesses. Concordium’s age verification tooling works to protect minors online amidst growing global privacy concerns and explicit data-harvesting from technology organisations.

Web3 ID harnesses Concordium’s Zero-Knowledge Proof technology to offer a novel approach to age verification – without ever compromising user data or privacy. By uploading a government-issued form of identification to their wallet, Web3 ID users can drastically reduce the amount of data they disclose during online identity verification, regaining control over any sensitive information.

Mikael Breinholst, Head of Product at Concordium, spoke to the widespread concern surrounding existing online age-verification tools, stating: “Current age verification tools online are a grave area of concern for many. Age-restricted sites have little to no barrier to entry, exposing underage consumers to a universe of adult themed content. Blockchain technology, and Web3 ID specifically, enable businesses to request proof of an individual’s age, without storing their data or selling it to advertisers. With Web3 ID, users maintain autonomy and safety over their personal information while benefiting from blockchain technology’s inherent security.”

Concordium´s built-in ID layer and Zero-Knowledge-Proof technology ensures a user’s online identity is verified in a secure and decentralized manner, all while maintaining privacy. Only strictly relevant information is requested of users when transacting on the Web3 ID platform, while unrelated details are held on a decentralized wallet. Web3 ID users are also granted an increase in transactional security through Concordium’s compliance-friendly technology. In result, individuals and businesses are empowered with complete control over their information, effectively countering the data ownership issues associated with centralized legacy systems.

Kåre Kjelstrøm, CTO & CPO at Concordium, commented: “Concordium’s Web3 ID is intuitive and easy to build upon, offering seamless usability while being cost-effective, shrinking online identification processes. Further to preventing children from accessing age-restricted sites, Web3 ID is capable of sharing specific medical information without the recipient having access to the entirety of an individual’s medical history, proving a user’s driving credentials, or simply ensuring user data is genuine and not the result of bots. This model addresses many of the shortcomings surrounding ID safety caused by big tech’s data monopoly.”

The creation of a new standard of age verification promotes Concordium’s mission of supporting a regulated future for new and existing organisations building on blockchain technology. This achievement follows recent partnerships such as AI service provider 2021.ai, and carbon offset management platform Aqualibre.

For more information on Concordium’s Web3 ID platform, please visit: Concordium.com

About Concordium

Concordium is a permissionless green layer 1, a science-backed blockchain that balances privacy with accountability through its ID layer and Zero-Knowledge-Proofs. Creating trust with ID is key to scaling businesses. Concordium provides a fast, secure, and high-scale blockchain platform that makes building use cases and using dApps easy. Concordium differs by having verified ID and instant finality with high throughput and low transaction fees pegged to FIAT. With leadership from Fortune 500 companies, Volvo, IKEA, Credit Suisse, Uber, and successful Fintech platforms, the team is scaling the chain to its extensive network of the world’s biggest enterprises. For more information: concordium.com

Web3 Social Platform “Cardano Spot” Unveils New Features to Empower Cardano Enthusiasts 4290

0IMG 0811

First all-in-one social media platform for everything Cardano, Cardano Spot, has unveiled a series of innovative features. The platform, founded and developed with direct input from the Cardano community, aims to address fragmentation within the Cardano ecosystem, provide a 360-view, and foster enhanced community interaction.

Desktop Project Library

Latest Enhancements for a More Robust Experience

Cardano Spot has launched its latest features to facilitate the expansion of native Cardano projects and their communities.

Open Access. In its upgraded version you can now access both News Feed and Project Library without being required to sign in.

Multilingual News Feed. Additionally, Cardano Spot provides access to a diverse multilingual News Feed, featuring content from Portuguese, Vietnamese, and Indian community members.

Desktop News List

Simplified Registration. The platform now also provides a number of alternative ways for registration, including Twitter, TikTok, and GitHub accounts.

Explore Page. Offers a better user experience through a simple curated view on the latest information about the Cardano ecosystem.

Refer-a-Friend. The newly launched “Refer a Friend” feature enables users to invite friends through a personalized referral link.

A peek into other features:

  • Community Hub: A customized homepage tailored to individual user interests, empowering content creation, user connections, and discovering like-minded communities.
  • News Feed: A source for the latest Cardano ecosystem news, offering educational content, articles, and videos to expand knowledge horizons.
  • Project Library: A comprehensive repository spotlighting projects built on the Cardano Blockchain, complete with explanations, whitepapers, introductory videos, and essential links for personal research.
  • Events Calendar: A consolidated calendar showcasing Cardano-related events, including webinars, discussions, product launches, and more.
  • Market Status: Real-time insights into native token prices, market trends, and tokenomics.

Desktop Events

Sebastian Zilliacus, Managing Director at EMURGO, explained, “Cardano Spot aims to provide trust, transparency, and accurate information about the Cardano ecosystem. We partner with native Cardano projects to achieve this objective.”

About Cardano Spot

Cardano Spot is the first product from EMURGO Media. This Cardano enthusiasts-focused social network serves end-to-end information for the Cardano community. It provides a user-generated interactive platform specifically designed for investment in, distribution, consumption, and monetization of Cardano content. Cardano Spot solves the issue of fragmented content in the Cardano ecosystem by aggregating valuable, quality content from reliable sources in the Cardano ecosystem to give up-to-date developments in the Cardano ecosystem.

For more information, please visit: https://bit.ly/CardanoSpotWeb3Platform.

Wirex and Polygon CDK Join Forces to Revolutionize Digital Payments With W-Pay 4526

Wirex, a major player in crypto payments with over 6 million users, has chosen to partner with Polygon CDK (Chain Development Kit) to create a new App Chain focused on payments, named W-Pay. This move marks a significant development in the world of cryptocurrency payments.

By utilizing Polygon CDK, an advanced blockchain technology toolkit, Wirex aims to enhance the performance and security of its payment system. This technology facilitates faster and more secure transactions.

Pavel Matveev, Wirex’s CEO, explained, “Using Polygon CDK allows us to transition our payment infrastructure to the blockchain, improving efficiency and enabling seamless integration with various decentralized applications.”

Wirex’s status as a regulated entity and a principal member of Visa and Mastercard positions it uniquely to innovate in the payment industry. Matveev added, “Our initial plan includes introducing a non-custodial Visa card for cryptocurrency transactions, making digital assets more accessible in everyday life. Our goal is to bring all 6 million Wirex users into this ecosystem.”

Jordi Baylina, Co-Founder of Polygon, expressed excitement about the partnership, stating, “Wirex’s adoption of Polygon CDK to create their payment system has the potential to introduce fresh ideas and expand the adoption of digital payments.”

To further enhance the utility of the Wirex ecosystem, the new Wirex App Chain will use Wirex’s own token, WXT, for transactions. This move is expected to increase the demand and functionality of WXT, prompted by interest from large enterprises.

Wirex’s presence with users across various regions underlines its commitment to transforming digital-age payments. With millions of users worldwide, Wirex has been instrumental in making cryptocurrencies accessible for everyday transactions since its inception in 2015.

Founded by Pavel Matveev and Dmitry Lazarichev, Wirex has provided a user-friendly platform for buying, storing, and using cryptocurrencies alongside traditional currencies. Their specialized card allows users to make cryptocurrency transactions in their daily lives.

Wirex continues to evolve its product offerings to align with market trends, while also adhering to regional regulations and securing necessary licenses. As a pioneer in the industry, Wirex introduced its own native utility token, WXT, and initiated the world’s first cryptocurrency reward program, Cryptoback™, offering users cryptocurrency rewards for their transactions.

To adapt to the growing Web3 landscape, Wirex expanded its product suite to enable mainstream access to decentralized finance (DeFi) and wealth management, introducing features like high-interest savings and partnering with decentralized finance platforms.

While headquartered in London, Wirex has expanded its presence globally and processed over $20 billion worth of transactions. With rapid expansion into new territories, including the United States and Australia, Wirex is well-positioned to support and promote the mass adoption of cashless transactions through innovative solutions.

Website: wirexapp.com