Tether's USDT Freeze Delay Leads to $78.1M Loss

Generated by AI AgentCoin World
Thursday, May 15, 2025 10:17 am ET2min read
ETH
--
USDT
--

Blockchain forensics firm AMLBot has identified a significant delay between the request to freeze an address and its on-chain execution for Tether's USDT stablecoin. This delay has allowed malicious actors to exploit a "laundering loophole," resulting in the loss of over $78 million in USDT on Ethereum and

Tron
since 2017. Tether blacklists addresses connected to illegal activities, freezing the wallets from moving assets issued by the company. However, the delay in freezing these addresses has created a window of opportunity for illicit actors to move funds before their address is frozen.

The "laundering loophole" is a result of Tether's multi-signature contract setup. A freeze request is sent on-chain, requiring multiple signatures to approve before the freeze can be executed. This process creates a delay, allowing bad actors to move funds before their address is frozen. For instance, a 44-minute delay between the freeze request and confirmation on Tron enabled bad actors to withdraw $49.6 million since 2017. On Ethereum, $28.5 million USDT was withdrawn within the same timeframe, totaling $78.1 million across the two chains.

Security firm PeckShield reviewed the report and confirmed the existence of the loophole. According to PeckShield, the issue is not with the contract itself but an operational problem that creates a time window between when the blacklist transaction is submitted and when it is executed. Given the security-sensitive nature of the issue, improvements are necessary. Tether is the issuer of the largest stablecoin in crypto, USDT, which aims to peg its price to the U.S. dollar. The company blacklists addresses from trading their products if they’re connected to illegal activity, such as wallets linked to the $1.4 billion Bybit hack earlier this year. Being blacklisted means the address can no longer move Tether issued assets, effectively making the tokens worthless.

AMLBot believes malicious actors are aware of the delay and are creating tools to exploit it. Tools can be programmed to monitor the blockchain for specific contract interactions, such as submitTransaction() calls linked to freeze requests. The bots can alert wallet owners the moment a freeze is initiated but before it's enforced. Given the delay introduced by Tether’s multi-signature process, this provides a narrow but critical window for illicit actors to quickly move funds. While AMLBot hasn't directly observed the bots themselves, the on-chain behavior strongly suggests such automation is in play.

PeckShield warned that the lag is inherent to how multi-sig accounts are designed to function. It takes time to have multiple people sign a transaction, despite it being required in some cases to boost security. The firm suggested that Tether could bundle together the freeze request with the signatures into one transaction to eliminate the window. Tether did not respond to a request for comment in time for publication.