AMLBot Exposes Vulnerability in Tether’s Wallet Freezing System

Blockchain analysts at AMLBot have identified a vulnerability in Tether’s wallet freezing procedure, which over six years has allowed criminals to withdraw $78.1 million.

The issue stems from a delay between the request to freeze and its execution on the network.

According to the report, Tether’s multi-step transaction approval process creates a “window of opportunity”: perpetrators manage to transfer funds before the freeze is activated.

For instance, in TRON, a delay of 44 minutes was recorded—during this time, some addresses conducted up to three transactions. In TRON, $49.6 million was withdrawn, and in Ethereum, $28.5 million.

A Tether representative told Decrypt that the term “loophole” is incorrect, emphasizing that the company has blocked $2.7 billion in illicit assets.

“The short delay is a compromise for the security of an ecosystem exceeding $100 billion. We are working to mitigate the risks,” he stated.

Tether reiterated that USDT remains “the most tracked asset,” and the company collaborates with law enforcement. The issuer blocked funds linked to the Bybit hack more swiftly than its competitor Circle, the representative highlighted.

Experts at PeckShield confirmed AMLBot’s findings, noting that the issue is related not to smart contract code but to operational processes. To address it, they suggested combining the freeze request and signatures into a single transaction.

However, PeckShield warned that delays are an inevitable part of multisignature systems, where multiple parties must agree.

AMLBot’s head, Slava Demchuk, speculated that perpetrators are aware of the aforementioned delay and use bots to monitor freeze requests:

“Automation allows funds to be withdrawn in seconds before the freeze is confirmed.”

In April, Tether halted the movement of $870,000 across three crypto wallets.

Later, the issuer froze 28.7 million USDT across 13 addresses.