Tether Faces $31 Million Security Breach

November 19, 2017

Summary #

On November 19, 2017, Tether, a company behind the USDT stablecoin pegged 1:1 to the US dollar, announced a malicious action by an external attacker. The attacker maliciously removed tokens from the Tether Treasury wallet and sent them to an unauthorized Bitcoin address. As a result, approximately $31 million worth of USDT was taken. In response to the breach, Tether temporarily suspended its back-end wallet service and initiated steps to prevent the stolen coins from entering the ecosystem. New builds of Omni Core, the software used to support Omni Layer transactions, were provided to the community. This move effectively created a temporary hard fork in the Omni Layer, preventing any tokens from being sent from the attacker’s address.

Attackers #

The identity of the attacker remains undisclosed. The following Bitcoin addresses were utilized by the attacker:

16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r

Losses #

Tether reported a loss of $30,950,010 USDT from its Treasury wallet.

Timeline #

November 19, 2017, 05:10 AM UTC: The first malicious transaction was executed on the Bitcoin chain.
November 20, 2017: Tether released a new build of Omni Core on GitHub to prevent any movement of the stolen coins from the attacker’s address, creating a temporary hard fork in the Omni Layer.
November 21, 2017: Tether releases a critical announcement detailing the breach and the actions taken.

Security Failure Causes #

Compromised Private Key: The exact details of the attack have not been disclosed. The most likely reason for the unauthorized movement of tokens is a compromised private key.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam