(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Tether’s transparently phony transparency v. Justin Sun’s stable self-hacking | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Tether’s plan to offer greater transparency into its stablecoin operations is far less than advertised, while the shadiness surrounding Justin Sun’s stablecoin, TUSD, just keeps getting darker.

Last week, Bloomberg published an article detailing Tether CTO Paolo Ardoino’s recent promotion to CEO, which takes effect in December. Ardoino claimed Tether’s current CEO, Jean-Louis van der Velde, and CFO Giancarlo Devasini, “are not public people,” and Ardoino’s promotion was simply because Tether’s slim executive ranks “pulled from sticks and I had the shortest one.”

Any week now, Tether will publish its Q3 ‘independent auditors’ report’ detailing the real-world assets allegedly backing the $84 billion in USDT stablecoins currently out there in the wild. Tether has been criticized for the inadequacy of these ‘reports’—most definitely not independent third-party audits—as well as for its inability to produce CUSIP data on the $55.8 billion in U.S. Treasuries that Tether claimed to possess in its Q2 reserves report.

Ardoino told Bloomberg that Tether planned to start publishing online data on its reserves in real-time “in the coming year.” However, Bloomberg later amended its report to clarify that Tether “had no hard-and-fast deadline by which to achieve this goal.”

Ardoino and the only other Tether exec willing to speak publicly—general counsel Stuart Hoegner—routinely bitch about skeptics harping over Tether’s lack of transparency. They seem willfully blind to the fact that their failure to submit the reserves to a third-party audit—despite Hoegner making promises over two years ago that an audit was “months, not years” away—bolsters the belief that there is far less to Tether’s reserves than meets the eye.

Real-time publishing of non-audited data is as worthless as Tether’s static three-month attestations. It’s the same manually-entered spreadsheet, offering a non-legally binding breakdown of how the imaginary reserves are divided into T-bills, money market funds, the ‘secured loans’ that Tether promised to eliminate but actually grew in the Q2 report, and ‘other assets’ of undetermined quality.

Honestly, Tether’s new ‘live’ updates will be as convincing as Eric Idle declaring he has £90,000 ($109,912) in his pyjamas. He can say it, but unless he’s willing to unbutton and show us banknotes taped to his abdomen, it’s only words and numbers, signifying nothing.

CNBC you next Tuesday

Ardoino went on CNBC last week to celebrate his CEO appointment but ran headlong into questions about Tether’s refusal to submit to an audit. Ardoino insisted he had “always supported the process of going through a full audit” and claimed this process “is continuing.”

The lack of progress is “not because of the lack of willingness” on Tether’s part but due to “the complexity and the fear from the top-four auditing firms to actually take the risk.” Ardoino then claimed this process was “actually fairly easy,” which directly contradicted his earlier ‘complexity’ claim, but never mind.

No, the main thing keeping audits at bay is “the reputational risk when it comes to a new technology,” which suggests that Ardoino believes T-bills and cash have only recently been unleashed upon an auditing sector more conditioned to counting beads, shells, and Rai stones.

Ardoino was also quizzed as to Tether’s (alleged) efforts to restrict USDT-based terrorist financing and the recent TRM Labs report that labeled USDT the preferred currency of Islamic terror groups. Asked what Tether was doing proactively rather than reactively to requests/demands from law enforcement, Ardoino tossed a word salad about how the ‘good usage’ of new technologies would eventually overtake ‘bad usage,’ so future victims of terrorism should sleep well. Or something.

Nonetheless, Ardoino warned anyone planning on using USDT for “any criminal activity, I say just think twice.” Ardoino talked up the traceability of blockchain transactions, leaving out the key point that once USDT is sent to an exchange like Changpeng ‘CZ’ Zhao’s Binance or Justin Sun’s HTX (formerly Huobi), it goes back inside its transactional black box. And sometimes, it just disappears forever.

The hack is coming from inside the house

Speaking of Justin Sun, Tether minted another $1 billion USDT last week, which, like the majority of issued USDT, was destined for Sun’s Tron blockchain. This extra hot air in the ‘crypto’ zeppelin helped fuel this week’s unwarranted price pump of the BTC token (although perhaps not to the degree that Binance’s fave new stable FDUSD did), with an assist from Justin’s TUSD stablecoin.

And speaking of TUSD, the company backing it—the not-at-all-controlled by Sun TrueUSD—is denying that it had anything to do with this month’s launch of TEURO, a Euro-based stablecoin that debuted with a mint of around €70 million.

Despite the token being deployed by the same address that deployed the original TUSD smart contracts, TrueUSD’s official X/Twitter account claimed it had “zero affiliation” with TEURO. (This same address subsequently created a second unapproved stablecoin TrueCNY, based on the Chinese yuan.) TrueUSD further claimed that this incident had ”NO impact on TUSD’s operations.”

However, TrueUSD simultaneously claimed that TrueCoin—which TrueUSD had “engaged as TUSD operator until 13 Jul 2023”—had been notified by a third-party vendor that the vendor’s security team had detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”

In emails sent to customers, TrueUSD claimed to have been notified about this breach on September 20. While TrueCoin’s “own internal systems” were allegedly “not compromised,” TrueUSD noted that TrueCoin “holds certain [know your customer] and transaction history of TUSD users.” Some of this data was “potentially exposed” by the attacker who targeted TrueCoin’s third-party vendor.

The plot sickens

Online skeptics immediately plowed into the Byzantine explanations above, including wondering why Sun et al. waited a month before alerting TUSD users that their personal data had been compromised.

Blockchain sleuths ChainArgos believe a more likely explanation for TrueUSD’s tale of woe is that “someone has some of TrueUSD’s private keys.” That opens up the possibility that as much as $865 million of the cash reserves (allegedly) supporting TUSD “have been stolen by someone armed with the corporate private keys.” And ‘someone’ in this case may well be Sun himself.

Over $800 million of TUSD was minted immediately before this TrueCoin ‘hack’ occurred and sent to a Huobi wallet. While that TUSD was quickly burned after a few more wallet hops, an address known to belong to Sun simultaneously minted a similar amount of stUSDT (staked Tether) that was deposited to Sun’s Tron-based lending platform JustLend.

stUSDT is another of Sun’s Rube Goldberg devices that (allegedly) stakes Tron/Ethereum users’ USDT with a decentralized autonomous organization (DAO) of unknown origin. Launched over the summer, this DAO pinky-swears to invest the real USDT in unspecified ‘real-world assets’ and pay stakers back with interest (paid in stUSDT).

In September, Bloomberg reported on Huobi’s (HTX) transformation following Sun’s acquisition of the exchange. Before July 1, USDT accounted for nearly 9% of Huobi’s reserves. By September 15, USDT’s share was below 5%. Over that same period, stUSDT went from nothing to 14.5%, while TRX (Tron’s native token) rose by 7.5 points to 29.1%.

In other words, HTX has been hollowed out from within, then refilled with Sun-affiliated shitcoins. Worse, most exchange users appear blissfully aware that their USDT has been offloaded and replaced with Sun’s even less redeemable proxy.

In August—because Sun doesn’t do subtle—stUSDT began permitting users to stake TUSD to mint stUSDT. So someone with a lot of TUSD on hand—or the ability to create it out of thin air—could create even more bogus stUSDT to replace actual USDT on HTX.

Meanwhile, Sun can sell his users’ actual USDT for other assets on HTX, likely for Circle’s stablecoin USDC, the only token in this scenario that has access to U.S. banking and thus can actually be redeemed for cash.

Tether has denied any affiliation with stUSDT, calling it “an independent project.” And yet Tether continues to send billions of new USDT to Tron, knowing full well a lot of it will end up on HTX, where some users will stake it on Justin’s latest scam while others will simply never be aware their USDT has been replaced with an IOU. Regardless, they’ll all find out when he pulls the rug.

Hey, Paolo… what was that you were saying about being able to easily tell when Tether was being used for “criminal activity?”

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of group—from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbase, Ripple,
EthereumFTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.



Click Here For The Original Story From This Source.

National Cyber Security