TrueUSD recently faced a series of disclaimers and security concerns surrounding its tokens. The first notable issue revolved around TEURO, a token that shared an address with the TUSD token, leading to suspicions of private key compromise.
This raised concerns about the security of user funds and TUSD’s overall integrity. Additionally, TCNY, an unrelated token masquerading under the TrueTokens umbrella, became linked to the deployment of TEURO. It was evident that the TrueTokens ecosystem was facing a significant challenge in maintaining the authenticity and security of its assets.
The token deployment address, 0x7bA7EF06A2621267f063eF2DB2d482D5B507D8b3, was initially associated with the deployment of the TUSD contracts. TrueUSD clarified that this address, despite its history, had no authority or control over TUSD smart contracts or user assets. It was, in fact, reserved exclusively for token deployment and was not owned or managed by the TUSD team. The company reassured users that TUSD tokens were secured through the platform’s smart contracts, firmly under the TUSD team’s ownership and management. This assertion aimed to restore confidence in TUSD’s security measures and its commitment to user protection.
However, this declaration seemed to contradict previous statements made by Monica Ho of Archblock, who claimed that TrueUSD had entrusted private keys to the Techteryx engineering team. The discrepancy in statements added to the confusion surrounding TUSD’s security protocols.
Independent researcher ZachXBT uncovered fund movements linked to the TEURO deployment. Notably, an address receiving TEURO tokens transferred them to Arbitrum and then back to Ethereum. Furthermore, the original deployer of TrueAUD introduced another false token, TrueCNY. These developments illustrated the intricacy of the situation.
1/3 If they legitimately did not create TEURO as stated then I would agree the deployed private key is probably compromised since the TUSD deployer also deployed the TEURO contract.
— ZachXBT (@zachxbt) October 23, 2023
Following where they minted TEURO tokens is where things get a bit more interesting…
Compounding the security issues, TrueUSD disclosed a compromise incident where they received a notification from a third-party vendor regarding an anomalous account change made by a compromised support vendor. This revelation raised concerns about potential vulnerabilities within TrueUSD.
Blockchain intelligence firm ChainArgos pointed out that TrueUSD’s unique feature, allowing automated minting and redemption by users, could make it a target for potential attackers. The rapid minting and transfer of TUSD could lead to unauthorized access to funds. ChainArgos suggested that a potential attack might involve minting TUSD into accounts and transferring them to the stUSDT mint address for redemption. These actions occurred before the disclosed hack date and relied on an undisclosed loss of control over keys.
These intricate developments highlighted the challenges in safeguarding stablecoins and the complexities surrounding TrueUSD’s security and integrity. As the cryptocurrency landscape evolves, the need for robust security measures becomes increasingly vital. TrueUSD’s commitment to enhancing its security and addressing these concerns is paramount to maintain user trust and asset protection.
ALSO READ
- TrueUSD Shorted $4M as Issuer Temporarily Halts Mints and Redemptions
- HTX Recovers $8M in Stolen Funds, Offers 250 ETH Bounty to Hacker
- FTX Hacker Stirs Again, Moves $17M in ETH