Tether Faces $31 Million Security Breach

Summary

On November 19, 2017, Tether, a company behind the USDT stablecoin pegged 1:1 to the US dollar, announced a malicious action by an external attacker. The attacker maliciously removed tokens from the Tether Treasury wallet and sent them to an unauthorized Bitcoin address. As a result, approximately $31 million worth of USDT was taken. In response to the breach, Tether temporarily suspended its back-end wallet service and initiated steps to prevent the stolen coins from entering the ecosystem. New builds of Omni Core, the software used to support Omni Layer transactions, were provided to the community. This move effectively created a temporary hard fork in the Omni Layer, preventing any tokens from being sent from the attacker’s address.

Attackers

The identity of the attacker remains undisclosed. The following Bitcoin addresses were utilized by the attacker:

• 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r

Losses

Tether reported a loss of $30,950,010 USDT from its Treasury wallet.

Timeline

• November 19, 2017, 05:10 AM UTC: The first malicious transaction was executed on the Bitcoin chain.
• November 20, 2017: Tether released a new build of Omni Core on GitHub to prevent any movement of the stolen coins from the attacker’s address, creating a temporary hard fork in the Omni Layer.
• November 21, 2017: Tether releases a critical announcement detailing the breach and the actions taken.

Security Failure Causes

Compromised Private Key: The exact details of the attack have not been disclosed. The most likely reason for the unauthorized movement of tokens is a compromised private key.