系绳的资金冻结机制的延迟使犯罪分子超过7800万美元

Amlbot的一份新报告显示，Tether的筹款机制的延迟使罪犯可以利用该系统并搬出超过7800万美元

A new report by AMLBot has highlighted a critical vulnerability in Tether’s fund-freezing mechanism, allowing criminals to exploit a delay in the process and move over $78 million in USDT across Ethereum and Tron since 2017.

Amlbot的一份新报告强调了Tether的资金冻结机制的关键脆弱性，使罪犯可以利用该过程的延迟，并自2017年以来以太坊和TRON的USDT搬迁超过7,800万美元。

As the world’s largest issuer of stablecoins, Tether is regularly involved in freezing tokens tied to illegal activities. This process usually begins with a multi-signature setup, requiring multiple parties to sign the transaction to add an address to the blacklist and confirm the freeze on the blockchain. However, AMLBot discovered that there is a time window during which some wallets managed to move funds despite the pending freeze request.

作为世界上最大的Stablecoins发行人，Tether经常参与与非法活动相关的冻结代币。此过程通常始于多签名设置，要求多方签署交易以在黑名单中添加地址并确认区块链上的冻结。但是，Amlbot发现有一个时间窗口，尽管冻结了冻结请求，但一些钱包还是设法移动资金。

This operational gap, which varies between 40 minutes and two hours, was sufficient for some actors to make up to three transactions before the freeze became active. According to AMLBot’s findings, 4.88% of all blacklisted wallets on Tron exploited this lag, transferring a total of $49.6 million. Smaller in volume but no less significant, Ethereum-based wallets also took advantage of this operational anomaly. Since 2017, the total amount of USDT moved by such wallets despite being blacklisted comes to $28.5 million.

这种操作差距在40分钟到两个小时之间变化，足以使某些参与者在冻结变得活跃之前最多可以完成三笔交易。根据Amlbot的发现，Tron上所有黑名单的钱包中有4.88％利用了这一滞后，总计4,960万美元。体积较小，但同样重要的是，基于以太坊的钱包也利用了此操作异常。自2017年以来，尽管被列入黑名单，但该钱包的总金额为2850万美元。

The time lag was exploited especially effectively by bad actors who may be using tools to monitor for specific smart contract calls. Such tools scan for the submitTransaction() function, a standard part of the freezing process. If the call is detected, the tool notifies the wallet owner, giving them time to move funds before the freeze is fully executed.

不良演员可能会使用工具来监视特定智能合约调用的情况下，特别有效地利用了时间滞后。此类工具扫描submitTransaction（）函数，这是冷冻过程的标准部分。如果检测到呼叫，该工具将通知钱包所有者，让他们有时间在冻结完全执行之前移动资金。

The vulnerability is a known issue with multi-signature wallets, which are used to enhance security by requiring multiple parties for important actions, ultimately slowing them down. As such, it might be possible to bundle the request and signatures into a single on-chain transaction, an innovation that could be useful for urgent actions like freezing transactions.

脆弱性是多签名钱包的已知问题，该问题用于通过要求多方进行重要动作来增强安全性，最终使它们减慢。因此，可能有可能将请求和签名捆绑到单个链接交易中，这是一种对诸如冻结交易之类的紧急行动有用的创新。

Slava Demchuk, CEO of AMLBot, stated, “Tools can be programmed to monitor the blockchain for specific contract interactions, such as submitTransaction() calls linked to freeze requests.” He added that while the firm has not observed the bots directly, the on-chain behavior strongly indicates automated systems are involved.

AMLBOT首席执行官Slava Demchuk表示：“可以编程工具以监视特定合同互动的区块链，例如submitTransaction（）链接到冻结请求的呼叫。”他补充说，尽管公司没有直接观察到机器人，但链上的行为强烈表明涉及自动化系统。

Earlier this year, Teuther partnered with Chainalysis to integrate its monitoring and analysis tools into the stablecoin firm’s new tokenization platform, Hadron. The collaboration is set to enhance Tether’s compliance efforts and provide deeper insights into blockchain activity.

今年早些时候，Teuther与Chainalysis合作，将其监视和分析工具集成到Stablecoin公司的新令牌化平台Hadron中。该协作旨在增强Tether的合规性工作，并为区块链活动提供更深入的见解。