Security company: wary of multiple Omni USDT double spend attacks

Recently, the OmniCore team has fixed a major security vulnerability. As the node does not handle the concurrency lock problem when receiving a new block, an attacker can send a specially constructed block to cause multiple transactions to be recorded in one transaction, making the account balance wrong. Earlier, the SlowMist security team captured a USDT fake recharge attack event against the exchange. After analysis, it was found that because some exchanges used older versions of the omnicore client (such as 0.5.0), hackers used carefully constructed transfers. The transaction can be marked as a successful transfer on the client of the old version, and displayed as a failure on the client of the new version, thereby achieving the purpose of false recharge. The SlowMist security team reminds the relevant node operators that using double-spend attacks using un-upgraded nodes is a common hacking method, especially on Layer 2 network applications such as OmniLayer. Such attacks will not cause the main chain The fork is not easy to be found. You should be very vigilant and upgrade the node to the latest version (0.8.0) in time.