On November 21, 2017, an announcement was released by the Tether team declaring that an unknown hacker managed to usurp $30,950,010 worth of Tether tokens (USDT). The statement reads, "Yesterday, we discovered that funds were improperly removed from the Tether treasury wallet through malicious action by an external attacker. Tether integrators must take immediate action … to prevent further ecosystem disruption."
Tether said that the stolen USDT has been flagged and is now irredeemable, and it believes the attacker is holding the stolen USDT in the following address:
Users are urged not to accept USDT from this address or any address downstream from it.
Tether said it has taken steps to suspend the Tether.to backend wallet service temporarily while it performs an investigation of the attack to ensure it does not happen again. A new build of Omni Core software will be provided to users in a bid to freeze the USDT in the above-referenced address. Tether said that the software will issue a change to the consensus protocols that Omni Core clients currently utilize; indicating that the fix "is effectively a temporary hard fork."
"We strongly urge all Tether integrators to install [the Omni Core upgrade] immediately to prevent the coins from entering the ecosystem. Again, any tokens from the attacker's address will not be redeemed. Accordingly, any and all exchanges, wallets, and other Tether integrators should install this software immediately in order to prevent loss:
The announcement went on to assert that "after the protocol upgrades to the Omni Layer are in place, Tether will reclaim the stolen tokens and return them to treasury." It also said that issuances of USDT haven't been affected by the attack, maintaining that the Tether reserve still fully backs all USDT. "The only tokens that will not be redeemed are the ones that were stolen from Tether treasury yesterday. Those tokens will be returned to treasury once the Omni Layer protocol enhancements are in place."
It didn't take long for members of the community to dig around and posit hypotheses of who the culprit of the hack might be. One user put together a fairly extensive timeline that breaks down the incident beginning at a wallet address that transaction logs show was used to take 19,000 BTC from Bitstamp in 2015, according to the user's research. After this actor sent fractional amounts of BTC to other addresses in what might have been tests to ensure the hack would work, around 10:53 a.m. on November 19, 2017, a series of transactions transferred 30,950,010 USDT and 5 BTC out of Tether's treasury address. Eventually, the sum of these funds came to reside in the wallet address implicated in the company's official announcement.
ETHNews will continue to provide details about Tether's missing funds as they become available.