Cyber Incident Victim: Tether

On or around February 28, 2021, Tether, a prominent cryptocurrency organization, received a ransom demand threatening the public release of sensitive internal documents unless a payment of 500 Bitcoin (approximately $24 million USD at the time) was made within 24 hours. The extortionists claimed the leaked documents would cause significant harm to the broader Bitcoin ecosystem. Tether became aware of the threat on Sunday, February 28, and promptly issued public statements via its official Twitter account over that weekend to address the situation. The company characterized the extortion attempt as "pretty amateur" and explicitly stated it would not comply with the ransom demand. No specific details were disclosed regarding how the threat was delivered, the exact nature of the documents involved, or whether attackers had substantiated their claims of possessing confidential materials.

Tether's immediate response included a categorical refusal to negotiate with the threat actors, emphasizing its stance against rewarding criminal behavior. The organization announced it had reported the incident to law enforcement agencies, though no specific agencies were named in their public communications. By March 2, 2021, Tether confirmed its decision not to pay remained unchanged despite the expiration of the 24-hour deadline. The company did not disclose whether any documents were leaked following its refusal or whether the threatened harm to the Bitcoin ecosystem materialized. Public reporting indicated no subsequent disclosures of compromised systems, data exfiltration methods, or operational disruptions tied to the incident. Tether's communications focused exclusively on rejecting the extortion attempt without elaborating on defensive measures, incident investigation findings, or long-term impacts on its business operations or cryptocurrency market stability.