Recently, the team behind TrueUSD was forced to disclaim TEURO — a token deployed at the same address — suggesting that private keys historically associated with its TUSD token have been compromised.
Funds related to this false token have also been tied to the deployment of TCNY, another apparently fake token unaffiliated with the ‘real’ TrueTokens. This comes as TrueUSD has had to disclose a hack of customer information.
This token was deployed by address 0x7bA7EF06A2621267f063eF2DB2d482D5B507D8b3, which does correspond to the address that originally deployed the TUSD contracts. However, TrueUSD now claims that this address “has NO permissions over TUSD smart contracts; it was exclusively designated for token deployment.”
The company also claims, “It holds NO authority over current TUSD contracts or user token assets and has NO impact on TUSD’s operations. This address is NOT owned or controlled by the TUSD team, and there is NO affiliation between the TUSD team and this address.”
The firm concludes, “Since the end of 2020, the TUSD team has gained ownership of the TUSD contract. Rest assured, your TUSD tokens are secured by our smart contracts, which are securely owned and managed by the TUSD team. Once again, the security of TUSD remains our top priority.”
This statement, in some sense, appears to contradict a previous claim from Monica Ho of Archblock to Protos, where she discussed how, for TrueUSD, “the private keys have been handed over to the Techteryx engineering team.”
Independent crypto researcher ZachXBT tracked fund movements related to the deployment of TEURO, noting that one of the addresses that received TEURO bridged funds over to Arbitrum before bringing them back to Ethereum. The original TrueAUD deployer then created another fake token in TrueCNY.
Further complicating this story is the fact that TrueUSD recently had to disclose that it was compromised, tweeting, “TUSD team was informed by TrueCoin that they received a third-party vendor’s notification that the vendor’s Security Team detected ‘an anomalous’ account chance within [TrueCoin’s] organization made by a compromised support vendor.'”
Blockchain intelligence firm ChainArgos highlighted how this represents a potentially larger attack on TrueUSD. It highlighted that TUSD allows for more ‘automated’ minting and redemption by users than many other stablecoins, potentially allowing hackers to quickly obtain funds related to the stablecoin.
ChainArgos says a potential attack relies on the hacker being able to mint more TUSD into accounts and transfer them to the stUSDT mint address. That account was able to burn those TUSD, potentially redeeming those tokens and accessing those funds.
Read more: FTX knew Justin Sun tried to acquire TrueUSD
These transfers all happened before the disclosed hack date and rely on loss of control of keys, which so far hasn’t been disclosed. This means that these transfers could be related to non-hack activity by Justin Sun.
Protos has previously reported that stUSDT is almost entirely controlled via entities and addresses believed to be owned or controlled by Sun.
Protos has reached out to TrueUSD with a series of questions to clarify the nature of this hack.