Recently, the team behind TrueUSD was forced to disclaim TEURO — a token deployed at the same address — suggesting that private keys historically associated with its TUSD token have been compromised.
Funds related to this false token have also been tied to the deployment of TCNY, another apparently fake token unaffiliated with the ‘real’ TrueTokens. This comes as TrueUSD has had to disclose a hack of customer information.
📢📢📢
— TrueUSD (@tusdio) October 16, 2023
In regards to the recent $TEURO, we want to clarify that we have zero affiliation with it. When evaluating newly deployed contracts, it’s essential to be cautious and understand the potential risks
🚨We strongly advise you to step back and refrain from risky investments!
This token was deployed by address 0x7bA7EF06A2621267f063eF2DB2d482D5B507D8b3, which does correspond to the address that originally deployed the TUSD contracts. However, TrueUSD now claims that this address “has NO permissions over TUSD smart contracts; it was exclusively designated for token deployment.”
The company also claims, “It holds NO authority over current TUSD contracts or user token assets and has NO impact on TUSD’s operations. This address is NOT owned or controlled by the TUSD team, and there is NO affiliation between the TUSD team and this address.”
The firm concludes, “Since the end of 2020, the TUSD team has gained ownership of the TUSD contract. Rest assured, your TUSD tokens are secured by our smart contracts, which are securely owned and managed by the TUSD team. Once again, the security of TUSD remains our top priority.”
This statement, in some sense, appears to contradict a previous claim from Monica Ho of Archblock to Protos, where she discussed how, for TrueUSD, “the private keys have been handed over to the Techteryx engineering team.”
Independent crypto researcher ZachXBT tracked fund movements related to the deployment of TEURO, noting that one of the addresses that received TEURO bridged funds over to Arbitrum before bringing them back to Ethereum. The original TrueAUD deployer then created another fake token in TrueCNY.
1/3 If they legitimately did not create TEURO as stated then I would agree the deployed private key is probably compromised since the TUSD deployer also deployed the TEURO contract.
— ZachXBT (@zachxbt) October 23, 2023
Following where they minted TEURO tokens is where things get a bit more interesting…
Further complicating this story is the fact that TrueUSD recently had to disclose that it was compromised, tweeting, “TUSD team was informed by TrueCoin that they received a third-party vendor’s notification that the vendor’s Security Team detected ‘an anomalous’ account chance within [TrueCoin’s] organization made by a compromised support vendor.'”
Blockchain intelligence firm ChainArgos highlighted how this represents a potentially larger attack on TrueUSD. It highlighted that TUSD allows for more ‘automated’ minting and redemption by users than many other stablecoins, potentially allowing hackers to quickly obtain funds related to the stablecoin.
ChainArgos says a potential attack relies on the hacker being able to mint more TUSD into accounts and transfer them to the stUSDT mint address. That account was able to burn those TUSD, potentially redeeming those tokens and accessing those funds.
2/ This is particularly interesting if you know how $TUSD works. $TUSD customers all go through KYC/AML checks and each have an on chain redemption address that is tied to a real world bank account with "fintech".
— ChainArgos (@ChainArgos) October 23, 2023
Each TrueUSD customer has a pre-set limit on how much they can… pic.twitter.com/p06jmyOblk
Read more: FTX knew Justin Sun tried to acquire TrueUSD
These transfers all happened before the disclosed hack date and rely on loss of control of keys, which so far hasn’t been disclosed. This means that these transfers could be related to non-hack activity by Justin Sun.
Protos has previously reported that stUSDT is almost entirely controlled via entities and addresses believed to be owned or controlled by Sun.
Protos has reached out to TrueUSD with a series of questions to clarify the nature of this hack.