A new report by blockchain compliance firm AMLBot reveals that delays in Tether’s wallet blacklisting mechanism allowed over $78 million worth of illicit USDT to escape freezing on Ethereum and Tron blockchains.

Blacklisting Delay Creates Exploitable Window

Tether’s process for blacklisting wallet addresses is not instantaneous, resulting in a vulnerability exploited by malicious actors. The AMLBot report, published on 15 May, attributes the lag to Tether’s multisignature contract setup. Instead of an immediate freeze, the blacklisting unfolds in two distinct transactions — the first acting as a public signal of the intent to blacklist, followed by a second transaction that enforces the freeze.

According to AMLBot, “This delay originates from Tether’s multisignature contract setup on both Tron and Ethereum, transforming what should be an immediate compliance action into a window of opportunity for illicit actors.”

In one example cited in the report, a suspicious address on the Tron blockchain was marked for blacklisting at 11:10:12 UTC. However, the freeze did not take effect until 11:54:51 UTC — a delay of 44 minutes, during which the wallet owner had time to move assets.

Over $78 Million Evaded Freezes

AMLBot’s data shows that from 28 November 2017 to 12 May 2025, approximately $28.5 million in USDT was moved during blacklisting delays on Ethereum. A larger amount — around $49.6 million — was reportedly withdrawn during delay windows on the Tron blockchain. This brings the total amount of USDT that evaded blacklisting to over $78.1 million.

On Tron alone, 170 out of 3,480 wallets (roughly 4.88%) exploited the delay, with each making 2–3 transfers on average. The average amount withdrawn during these windows was approximately $291,970.

“These delays are golden for blockchain-savvy attackers,” the report notes. “By tracking Tether’s calls in real time, a fraudster can be instantly alerted that their address is being targeted.”

Technical Limitations or Operational Lag?

When asked whether the delay stems from a technical constraint or the time taken by multisignature wallet key holders to act, AMLBot said it could not determine the cause without access to Tether’s internal procedures.

Tether, the company behind the USDT stablecoin, had not responded to requests for comment at the time of publication.

Tether’s History of Asset Freezing

Tether has long touted its asset-freezing capability as a key compliance tool. In 2024, the company collaborated with Tron and blockchain analytics firm TRM Labs to freeze over $126 million in USDT tied to illicit activity. Despite these efforts, the AMLBot report raises doubts about the responsiveness and overall effectiveness of Tether’s enforcement mechanisms.

The multi-step approach — while presumably adding a layer of administrative oversight — may be inadvertently aiding criminals. AMLBot suggests that for proactive compliance, a more immediate mechanism may be required to prevent fund transfers after a blacklisting is initiated.

Questions of Trust and Security

The findings pose broader questions for the crypto community and regulators regarding the transparency and agility of asset-freezing protocols in stablecoin ecosystems. While the ability to freeze assets offers a path toward regulatory compliance, delays such as these could erode confidence in the effectiveness of those controls.

As stablecoins like USDT continue to play a significant role in global crypto transactions, improving real-time enforcement mechanisms could become a priority for ensuring both compliance and user trust.