A recent report by blockchain compliance firm AMLBot has revealed that a significant delay in Tether’s USDT blacklisting process enabled the transfer of over $78 million in illicit funds before enforcement actions took effect. The findings raise serious concerns about the effectiveness and timeliness of Tether’s compliance mechanisms on both the Ethereum and Tron blockchains.

Delay in Multisignature Process Creates a Loophole

According to AMLBot’s report published on 15 May, the blacklisting procedure for Tether’s stablecoin USDt is hindered by delays caused by its multisignature contract setup on Ethereum and Tron. This process transforms what should be an immediate action into a vulnerability window that can be exploited by malicious actors.

The blacklisting is a two-step process: first, a Tether administrator initiates a transaction marking an address as a blacklist candidate through a multisignature call to the “addBlackList” function on the USDT-TRC20 contract. This public transaction acts as a warning signal. The actual enforcement occurs only after a second multisignature transaction confirms the blacklist, resulting in an “AddedBlackList” event on-chain.

Critical Delay Allows Funds to Evade Freezing

The time gap between the two transactions is crucial. In one notable example cited by AMLBot, a blacklist submission on the Tron network occurred at 11:10:12 UTC, but the enforcement wasn’t finalised until 11:54:51 UTC — a delay of 44 minutes. During this window, the targeted wallet had ample time to move assets before they could be frozen.

AMLBot notes that such delays serve as an unintended alert for “blockchain-savvy attackers,” who can monitor Tether’s contract calls in real time. Once a submission is detected, the wallet owner can act swiftly to launder or transfer funds before enforcement kicks in. The report calls this time gap a “critical attack window.”

Millions Moved During Delay Periods

The report quantifies the scale of exploitation. On the Ethereum blockchain, AMLBot recorded over $28.5 million in USDT moved during these delay periods between 28 November 2017 and 12 May 2025. On average, over $365,000 was transferred during each delay instance.

The situation on Tron appears even more severe, with $49.6 million in illicit funds withdrawn before enforcement. AMLBot highlighted that out of 3,480 wallet addresses subject to blacklisting on Tron, 170 wallets — or 4.88% — exploited the delay. Each of these wallets reportedly made two to three transactions during the lag, averaging $291,970 in withdrawals.

Uncertainty Over Cause of Delay

AMLBot researchers could not determine whether the delay stems from technical limitations of the multisignature setup or simply sluggish action from Tether’s internal key holders. Without access to Tether’s operational protocols, the report cannot confirm if the lag is deliberate or incidental.

When contacted for comment, Tether had not responded by the time of publication.

Tether’s Track Record on Asset Freezing

Tether has often highlighted its ability to freeze assets as a compliance measure. In 2024, the company worked alongside Tron and analytics firm TRM Labs to freeze over $126 million in USDT linked to illicit activity.

Despite such efforts, the AMLBot findings cast doubt on the speed and reliability of Tether’s blacklisting process. While the system is capable of freezing assets, the vulnerability introduced by the procedural delay allows a significant amount of illicit capital to slip through enforcement cracks.

The report calls for greater scrutiny of the technical and operational aspects of Tether’s compliance framework and suggests that unless the delay is resolved or minimised, blacklisting may serve more as a warning than a deterrent.