Criminal loophole: how to bypass the blocking of Tether’s USDT

Particularly scrupulous researchers have noticed a “delay” between sending a USDT blockchain request and freezing funds on the Tron and Ethereum networks. GetBlock AML Research explains whether this discovery should be taken seriously.

Technical question

The AMLBot service gave an example of a situation where the “delay” time for USDT blocking on the Tron network amounted to 44 minutes (initiation, confirmation). During this period, a special multi-signature transaction was initiated (which must be confirmed by several other privileged participants of the network) and then the transaction must be approved at the blockchain level. Because of these two factors and the features of the Tron and Ethereum blockchains — the USDT blocking is not instantaneous, just like sending cryptocurrency within the network.

Such technical features do create a “window of opportunity” for attackers. They can create special software tools that track and alert on the emergence of USDT blocking requests to have time to withdraw stablecoins from blocked addresses.

According to the researchers’ report, 4,88% of addresses on the Tether blacklist used the “delayed” blockchain to hide $78 million USDT from the issuer.

Tether’s adequate response

Tether commented to Decrypt about the suddenly discovered “loophole” and explained a few things:

1. Tether believes that it is incorrect to call this situation a “loophole,” as such wording could mislead users into thinking that the company is in any way assisting criminals in laundering funds;
2. In contrast to the hidden $78 million USDT thanks to the “delay,” $2,7 billion in illegally obtained USDT was frozen during the same period. Tether hinted that this ratio speaks to their high efficiency in preventing money laundering despite the “delay”.

“Yes, this structure introduces a short delay, but it’s a trade-off for responsible responsiveness to a $100+ billion ecosystem,” Tether added.

Tether’s position was confirmed by research firm PeckShield. According to its employees, the “delay” in blocking USDT is observed not because of problems in the smart contract of the stablecoin, but because of the operational features of the platforms on which USDT is implemented.

Double bottom

AMLBot, the company that claimed to “delay” the USDT blockchain, has already been implicated in providing its infrastructure to darknet attackers to circumvent AML mechanisms and facilitate the laundering of dirty cryptocurrency. This came to light back in 2021 from a KrebsOnSecurity investigation.

The platform provided APIs to services on the darknet, which were actively used by attackers for additional payment. One such service (Antinalysis) was highly popular on various darknet marketplaces. After information about criminals’ use of the AMLBot API became public, the company stopped providing Antinalysis services.

Only four years later (already in 2025) AMLBot publicly reported on what security measures were implemented after the incident. But Antinalysis and similar services continue to operate to this day.

ZachXBT, a well-known, blockchain investigator, claims that AMLBot’s reputation has been destroyed, and no self-respecting company uses its services