Key Takeaways
- A new report reveals a critical time delay in Tether’s blacklisting process on Ethereum and Tron.
- Criminals exploited the gap to move nearly $50 million before wallets were frozen.
- The vulnerability stems from Tether’s multi-signature enforcement setup, with delays of up to 60 minutes.
Tether has long touted its ability to freeze wallets linked to illicit activity, often assisting law enforcement and exchanges in tracking stolen or suspicious funds.
However, a new report has uncovered a glaring flaw in that process, revealing how a delay in on-chain enforcement has been systematically exploited to launder millions.
In response to the findings, Tether defended its approach, highlighting a $2.7 billion track record in frozen funds and pointing to governance trade-offs designed to protect the integrity of its system.
You’ll Want To See This
Loophole in USDT Freeze Timing
In an exclusive report shared with CCN, blockchain analytics firm AMLBot revealed that criminals have been exploiting a critical lag in Tether’s wallet-freezing process.
The loophole centers on a delay between Tether’s announcement of a freeze and the actual on-chain enforcement, particularly on Tron (TRX) and Ethereum (ETH).
This delay, caused by Tether’s multi-signature contract setup, creates a vulnerability window of up to an hour where flagged wallets can still move funds freely.
“A deeper analysis of Tether’s on-chain behavior, AMLBot’s team uncovered the broader scale of this vulnerability: $49.6 million was withdrawn during freeze delay windows on the Tron blockchain,” AMLBot told CCN.
In one case, there was a 44-minute gap between the time a wallet was flagged for blacklisting and when the freeze took effect.
During that window, the wallet’s owner was able to move the funds out, dodging enforcement entirely.
Exploit in Action: 170 Wallets Bypassed the Freeze
The report analyzed 3,480 blacklisted wallets on Tron and found that 170 of them (about 4.88%) successfully exploited the lag.
Each of these wallets made up to three transactions during the delay window, withdrawing an average of $291,970, with a median of $65,370 per wallet.
In most cases, the exploiters were monitoring Tether’s on-chain activity in real time. Once a freeze request was detected, they acted fast, draining the wallets before the freeze could take effect.
“This analysis shows that Tether’s on-chain enforcement mechanism, especially on Tron, contains a structural delay that weakens its role as a compliance safeguard. This turns the concept of “on-chain enforcement” into a false sense of security,” the report noted.
Tether Responds: $2.7 Billion Already Frozen
In response to the findings, a Tether spokesperson emphasized to CCN that the report lacks necessary context.
While acknowledging the multi-signature delay, the company argued that its track record of freezing over $2.7 billion in illicit funds, including assets tied to terrorists, sanctioned entities, and fraud rings, demonstrates the system’s overall effectiveness.
“Let’s be clear: the $76 million referenced in this report should be put in context of the more than $2.7 billion in USD₮ that Tether has successfully frozen and blocked to date. That’s not theoretical — that’s real assets stopped from reaching terrorists, sanctioned entities, fraud rings, and other criminals,” Tether told CCN.
Tether pointed out that the transparency of blockchain gives it an edge over traditional banking systems, allowing it to monitor, trace, and freeze suspicious transactions across Ethereum, Tron, and other networks.
The company said it collaborates with more than 255 law enforcement agencies in 55 countries and often acts faster than other players in the industry.
In one cited case involving North Korean-linked hackers, Tether claimed it froze the funds within hours, faster than other exchanges or services, which took over 24 hours to respond.
Tether attributed the reported delay to its governance structure, which relies on a multi-signature protocol to prevent unilateral freezes.
“The delay cited in the report stems from our multi-signature governance model, designed to prevent unilateral freezes and protect the integrity of our system. Yes, this structure introduces a short delay, but it’s a trade-off for responsible responsiveness to a $100+ billion ecosystem. We are actively refining this process to work to eliminate any potential advantage for bad actors,” the spokesperson explained.
While this setup introduces a short enforcement lag, it also protects against abuse of power, the company said. It added that improvements are underway to reduce the window of opportunity for bad actors.
“If you think you can use Tether to move illicit funds, think again. USDT is arguably the most traceable asset on the planet, and we will continue working relentlessly with our industry partners to identify you, freeze your funds, and ensure you are brought to justice,” the spokesperson said.
Was this Article helpful?
