The report states that Tether's latency in enforcing the USDT blacklist has led to $78 million in suspicious funds evading freezing.

Source: Cointelegraph Original: “Tether’s USDT Blacklist Execution Delay Causes $78 Million in Suspicious Funds to Evade Freeze, Report Says”

According to a new report by the blockchain compliance company AMLBot, delays in the processing of blacklisting Tether wallets allowed over $78 million in illegal funds to be transferred before law enforcement actions took effect.

In a May 15, 2025 report, AMLBot’s on-chain investigation team explained that Tether’s address blacklist processing took a considerable amount of time to take effect after it was launched on the Ethereum and Tron networks.

The report states: “This delay stems from Tether’s multi-signature contract setup on Tron and Ethereum, turning what should have been an immediate compliance action into an opportunity window for illegal actors.”

Tether’s blacklisting procedure is a multi-step process, and the first transaction is actually a warning of an impending blacklist. First, a Tether admin’s multisig transaction submits a pending “addBlackList” call on the USDT-TRC20 contract.

This results in the destination address being publicly “submitted” as a blacklist candidate. Subsequently, a second multisig transaction confirms the submission, and finally emits an “AddedBlackList” event to make the blacklist take effect.

In an example shared with Cointelegraph, an on-chain transaction submitted a Tron address as a blacklist candidate at 11:10:12 AM UTC. However, the second transaction that actually executed this action did not occur until 11:54:51 AM UTC on the same day, resulting in a delay of 44 minutes.

In practice, this delay may be seen as a notification by USDt holders who are about to be blacklisted, prompting them to transfer assets to avoid being frozen. The report states:

“The delay between the freeze request and its execution on-chain creates a critical attack window, allowing malicious actors to preemptively execute, transfer, or launder funds before the freeze takes effect.”

“These delays are a golden opportunity for blockchain-savvy attackers,” the report claims. "By tracking Tether calls in real-time, scammers can immediately know that their address is being targeted. When asked by Cointelegraph if the delay was a technical limitation or a delay in the actions of multisig wallet key holders, AMLBot researchers said they could not determine the cause without knowledge of Tether’s internal procedures.

As of press time, Tether has not responded to Cointelegraph’s request for comment.

AMLBot claims that its data shows over $28.5 million in USDT was withdrawn during the delay period between two transactions on the Ethereum blockchain. This amount related to the evasion of freezing occurred between November 28, 2017, and May 12, 2025. The average amount transferred during the delay period exceeded $365,000.

Similarly, it has been reported that during the freeze delay window on the Tron blockchain, 49.6 million USD was withdrawn, bringing the total amount for Ethereum and Tron to 78.1 million USD. According to AMLBot, it is not uncommon to take advantage of such delays on Tron:

“On the Tron blockchain, among 3,480 wallets, 170 (4.88%) exploited this delay before being blacklisted. Each wallet made 2 to 3 transfers during the delay, with an average withdrawal amount of $291,970.”

Tether has previously advertised its ability to freeze assets as a compliance feature. In 2024, Tether, Tron, and analytics firm TRM Labs partnered to freeze more than $126 million in USDT related to illegal activities.

Nonetheless, AMLBot’s report raises questions about the effectiveness and speed of these enforcement actions.

Related news: After adding 1 billion USD in issuance, the USDT supply of Tron will exceed that of Ethereum.