Tether.to, the company that's had some suspicious patterns of behavior of late, has announced that it's been hacked for 31 million USDT. Remember, Tether is a company which has central authority to issue USDT tokens. USDT tokens are allegedly issued in a 1:1 ratio with real USD deposits. This holds true if we observe the price graph over time, as fluctuations are truly minimal.
What's interesting is that USDT were stolen, and not another cryptocurrency, which is odd given that Tethers are actually worthless. Tethers aren't in fact a cryptocurrency, they're merely a token on the Omni layer which isn't a blockchain per-se – it's a software layer on top of the Bitcoin network, which adds new features to Bitcoin's underlying transactions.
The approach they took in “solving” this problem is odd. They decided to make a change to the wallet software – a hard fork – which renders all current versions of the software incompatible with the old ones. Specifically, the code of the wallet has been altered in such a way that a single address was blocked and blacklisted as a sender, but not as a recipient. This means the address can receive funds, but not send them out, effectively trapping the stolen USDT in place.
This is what's problematic about this:
- Tether shows how centralized USDT is as a cryptocurrency. All decisions are in their hands, just like the issuance of new USDT is.
- Tether the company clearly show how much power they have over the software used to transfer the tokens. The fact that they were able to apply this fix so quickly and without community consensus, and managed to start pushing for exchanges to implement this software update, has all the hallmarks of a centralized corporation.
- Tether's ability to directly alter an account's ability to transfer funds lends itself to attack from government and regulatory institutions.
Where to next?
The only way to make Tether secure is to add a layer of regulation on top, as explained here. There's absolutely no chance of this happening, however – they'd never allow a full audit or regulatory supervision at this point. So, what can we expect in the future? Where do we find out more?
Given that we've been warning people about Bitfinex / Tether for a while now in posts and live at conferences, these slipups aren't surprising in the least, and we're only expecting things to get worse. If you'd like to find out more about the whole Bitfinex / Tether problem area, please see the below Youtube Hangout between Tone Vays, Jimmy Song, Bitfinexed, Flibber, and BTCVIX in which a lot is actually revealed about the trustworthyness or lack thereof towards Bitfinex. It's starting to sound a whole lot like MtGox again – the scandal in which the most popular Bitcoin exchange in the world just suddenly “lost” 800000 BTC.
To successfully defend against new MtGox scandals, our advice remains the same – keep your funds off of exchanges and secure your private keys.