繫繩的資金凍結機制的延遲使犯罪分子超過7800萬美元

Amlbot的一份新報告顯示，Tether的籌款機制的延遲使罪犯可以利用該系統並搬出超過7800萬美元

A new report by AMLBot has highlighted a critical vulnerability in Tether’s fund-freezing mechanism, allowing criminals to exploit a delay in the process and move over $78 million in USDT across Ethereum and Tron since 2017.

Amlbot的一份新報告強調了Tether的資金凍結機制的關鍵脆弱性，使罪犯可以利用該過程的延遲，並自2017年以來以太坊和TRON的USDT搬遷超過7,800萬美元。

As the world’s largest issuer of stablecoins, Tether is regularly involved in freezing tokens tied to illegal activities. This process usually begins with a multi-signature setup, requiring multiple parties to sign the transaction to add an address to the blacklist and confirm the freeze on the blockchain. However, AMLBot discovered that there is a time window during which some wallets managed to move funds despite the pending freeze request.

作為世界上最大的Stablecoins發行人，Tether經常參與與非法活動相關的凍結代幣。此過程通常始於多簽名設置，要求多方簽署交易以在黑名單中添加地址並確認區塊鏈上的凍結。但是，Amlbot發現有一個時間窗口，儘管凍結了凍結請求，但一些錢包還是設法移動資金。

This operational gap, which varies between 40 minutes and two hours, was sufficient for some actors to make up to three transactions before the freeze became active. According to AMLBot’s findings, 4.88% of all blacklisted wallets on Tron exploited this lag, transferring a total of $49.6 million. Smaller in volume but no less significant, Ethereum-based wallets also took advantage of this operational anomaly. Since 2017, the total amount of USDT moved by such wallets despite being blacklisted comes to $28.5 million.

這種操作差距在40分鐘到兩個小時之間變化，足以使某些參與者在凍結變得活躍之前最多可以完成三筆交易。根據Amlbot的發現，Tron上所有黑名單的錢包中有4.88％利用了這一滯後，總計4,960萬美元。體積較小，但同樣重要的是，基於以太坊的錢包也利用了此操作異常。自2017年以來，儘管被列入黑名單，但該錢包的總金額為2850萬美元。

The time lag was exploited especially effectively by bad actors who may be using tools to monitor for specific smart contract calls. Such tools scan for the submitTransaction() function, a standard part of the freezing process. If the call is detected, the tool notifies the wallet owner, giving them time to move funds before the freeze is fully executed.

不良演員可能會使用工具來監視特定智能合約調用的情況下，特別有效地利用了時間滯後。此類工具掃描submitTransaction（）函數，這是冷凍過程的標準部分。如果檢測到呼叫，該工具將通知錢包所有者，讓他們有時間在凍結完全執行之前移動資金。

The vulnerability is a known issue with multi-signature wallets, which are used to enhance security by requiring multiple parties for important actions, ultimately slowing them down. As such, it might be possible to bundle the request and signatures into a single on-chain transaction, an innovation that could be useful for urgent actions like freezing transactions.

脆弱性是多簽名錢包的已知問題，該問題用於通過要求多方進行重要動作來增強安全性，最終使它們減慢。因此，可能有可能將請求和簽名捆綁到單個鏈接交易中，這是一種對諸如凍結交易之類的緊急行動有用的創新。

Slava Demchuk, CEO of AMLBot, stated, “Tools can be programmed to monitor the blockchain for specific contract interactions, such as submitTransaction() calls linked to freeze requests.” He added that while the firm has not observed the bots directly, the on-chain behavior strongly indicates automated systems are involved.

AMLBOT首席執行官Slava Demchuk表示：“可以編程工具以監視特定合同互動的區塊鏈，例如submitTransaction（）鏈接到凍結請求的呼叫。”他補充說，儘管公司沒有直接觀察到機器人，但鏈上的行為強烈表明涉及自動化系統。

Earlier this year, Teuther partnered with Chainalysis to integrate its monitoring and analysis tools into the stablecoin firm’s new tokenization platform, Hadron. The collaboration is set to enhance Tether’s compliance efforts and provide deeper insights into blockchain activity.

今年早些時候，Teuther與Chainalysis合作，將其監視和分析工具集成到Stablecoin公司的新令牌化平台Hadron中。該協作旨在增強Tether的合規性工作，並為區塊鏈活動提供更深入的見解。