A Chinese cybersecurity firm called SlowMist recently announced that it uncovered a double-spending flaw in Tether (USDT) after evaluating transactions on the platform.
According to SlowMist, the flaw is not the result of a flaw with the cryptocurrency itself but rather the result of poor practices by some cryptocurrency exchanges. The Chinese research firm made the announcement on June 28 in a tweet through which it revealed that its researchers managed to send USDT to an exchange which they did not name, without using correct field values in the transactions.
?It appears that what happened here is that an exchange wasn’t checking the valid flag on transactions,? an OmniLayer founder pointed out.
OmniLayer is the platform on which Tether was developed. The OmniLayer founder further explained that users on the platform may be credited without actually sending the cryptocurrency in a transaction, thus resulting in a double-spend situation. He also explained that the exchange validated a transaction with ?valid=false? yet that should not have been the case in a transaction and also accepted a ?valid=true? in another transaction.
In addition to confirming that Tether was affected by a double spend error, the Chinese research firm also confirmed in the tweet that an actual attack took place. This means hackers already exploited the flaw in order to score some loot. SlowMist also recommended that the exchange (name not revealed) should temporarily suspend transactions involving Tether.
OKEx responds to the announcement
Meanwhile, OKEx, one of the largest cryptocurrency exchange platforms in the crypto market announced that it was notified of a double-spend error by SlowMist. The exchange also revealed that it carried out a series of tests through which it concluded that it was not exposed to the double-spend vulnerability.
According to SlowMist, the vulnerability could occur if crypto exchanges fail to employ strict measures in verifying the status of their ?valid? parameters as is the case with the unnamed exchange. The Chinese research firm also added that there was no need for panic. Tether also issued 250 million new USDT tokens on June 25, causing some backlash from critics who are skeptic about the cryptocurrency being backed by the U.S dollar.