Tether has frozen over $3.3 billion in USDT since 2023. That’s the headline.
Here’s what most people miss: every single one of those freezes had a delay. A gap between the moment a freeze was proposed on-chain and the moment it actually took effect. We analyzed 8,293 executed freeze proposals across Ethereum and Tron. The median delay? Over 5 hours on Ethereum. About 2.6 hours on Tron.
That’s not a bug. It’s how multisig wallets work. But it’s a window — and it’s wide enough for anyone watching the blockchain to move their funds before the freeze lands.
We call this the “freeze gap.”
How Tether Freezes Work (And Why They’re Never Instant)
Tether doesn’t freeze addresses with a single transaction. On both Ethereum and Tron, the USDT contract’s blacklist function is controlled by a multisignature wallet. Freezing an address requires multiple signers to approve a proposal before it executes.
On Ethereum, the multisig requires 3 confirmations:
On Tron, it’s 2:
The process works like this:
- A signer submits a proposal — a
submitTransaction()call to the multisig contract. This transaction is immediately visible on-chain. It contains the target address and the action type (addBlackList). - Other signers confirm — each signer calls
confirmTransaction()with the proposal ID. - Once the threshold is met, the proposal executes — the USDT contract’s
addBlackListfunction fires, and the target address is frozen.
Here’s the critical part: step 1 is public. The moment that submitTransaction() call hits the blockchain, anyone monitoring the multisig contract can see exactly which address is about to be frozen — and the freeze hasn’t happened yet.
The time between step 1 and step 3 is the freeze gap.
The Data: 8,293 Freeze Proposals Exposed
We analyzed every executed addBlackList proposal in BlockSec’s USDT Freeze Dashboard, covering both Ethereum and Tron from 2017 through February 2026.
The Big Picture
| Metric | Ethereum | Tron |
|---|---|---|
| Total freeze proposals executed | 2,731 | 5,562 |
| Median delay | ~5.1 hours | ~2.6 hours |
| Required multisig confirmations | 3 | 2 |
| Executed within 1 hour | 21.8% | 33.3% |
| Executed after 1 day | 24.6% | 20.8% |
Only about 5% of all freezes across both chains execute within 5 minutes. Less than 30% execute within an hour.
That means for over 70% of all USDT freezes, there’s at least a one-hour window between the public proposal and the actual freeze.
Delay Distribution: Where Most Freezes Land
The most common delay bucket on both chains is 1 to 6 hours — 35.8% of Ethereum proposals and 32.4% of Tron proposals fall here. A few hours between proposal and execution. That’s the “typical” freeze.
But the tails are where it gets ugly:
- On Ethereum, 24.5% of freezes take more than a day. That’s 671 proposals where the target had over 24 hours of warning.
- On Tron, 20.8% take more than a day — 1,155 proposals.
- On Ethereum, 13.5% take more than a week. Some have taken months.
On the fast end, both chains have a handful of near-instant freezes (0 seconds delay). These are cases where all required confirmations were submitted in the same block — a coordinated batch operation by Tether’s signers.
The Cumulative View
The ECDF chart breaks it down cleanly:
- Within 5 minutes: only ~1.9% of Ethereum freezes and ~7.1% of Tron freezes have executed
- Within 1 hour: 21.8% on Ethereum, 33.3% on Tron
- Within 1 day: 75.4% on Ethereum, 79.2% on Tron
If someone has a bot monitoring the multisig contract, they’ve got at least an hour to move funds in 70-80% of all freeze events. For a quarter of freezes, they’ve got over a day.
The Attack: Front-Running Freezes by Monitoring Proposals
This isn’t theoretical. It’s already happening.
How It Works
- Monitor the multisig contract — Tether’s multisig addresses on both Ethereum and Tron are publicly known
- Parse
submitTransaction()calls — when a new proposal appears, decode the calldata to extract the target address and action type - If the action is
addBlackList— immediately alert the target address owner - Move funds — transfer USDT to a fresh address before the proposal reaches enough confirmations to execute
A bot can do this in real time. You’re watching a public contract for a specific function call, then decoding ABI-encoded parameters. Any developer with basic blockchain experience can build this in an afternoon.
The Scale of the Problem
On-chain research shows approximately $78 million in USDT was moved during freeze delay windows since 2017 — $49.6 million on Tron and $28.5 million on Ethereum.
Put that in context:
- 54% of all blacklisted addresses had transferred out more than 90% of their funds before the freeze landed
- 10% of blacklisted addresses had a balance of exactly $0 at the time of freeze
- On Tron alone, 170 out of 3,480 wallets (4.88%) successfully used the delay to drain their accounts
In many cases, it’s essentially closing the barn door after the horse has already bolted.
Real Examples From the Data
These aren’t hypothetical scenarios. Here are real cases from our database where funds moved out during the freeze gap.
Case 1: $37.3 million drained in under 4 minutes (Tron)
On June 5, 2025 (UTC), Tron Proposal #3839 was submitted to freeze address TD3bLbnVvcvucnJm8uhvVYGwinUzFUFgud. The total delay was just 5 minutes and 42 seconds — fast by historical standards.
It didn’t matter. Exactly 3 minutes and 42 seconds after the proposal was submitted, a single transaction moved $37,300,258 to address TEVcwpWwS8wYz837TSBPd8fwMYBYrhnTQC. When the freeze executed 2 minutes later, the balance was $0.
One transaction. Sub-4-minute reaction time. $37.3 million gone.
Case 2: $27.1 million moved in 5 minutes on Ethereum
On July 26, 2025 (UTC), Ethereum Proposal #4461 was submitted (Phalcon Explorer) targeting address 0x928b8864151ee6C1E057964460bf5c7ADDbcA97f. The freeze took 14 minutes to execute.
Within 5 minutes and 12 seconds of the proposal submission, a single transaction (Phalcon Explorer) moved $27,121,615 to 0x414Cf116d546185911361782361fA541424c662a. The freeze executed (Phalcon Explorer) and captured $0. The address was later unfrozen in January 2026 — but there was nothing left to unfreeze.
Case 3: The scatter pattern — $5.76 million across 12 addresses in 11 minutes
This one’s the most sophisticated. On November 9, 2023 (UTC), Tron Proposal #952 was submitted targeting TSYYMXK8PLSiMrHBadHAVpRKFfL5veuA7c. The freeze took 32 minutes to execute.
Starting 20 minutes into the delay window, the operator systematically scattered $5,759,461 across 12 different addresses in rapid succession — one transfer roughly every minute. Here’s a sample of the scatter:
- Transfer 1: $199,878 →
TB55S4haj8f8EBHxP7dbMzxUBC3cmxGmRD - Transfer 3: $934,871 →
THvxgQ5Sm9ufSdASUagG2D8WHzGoasujVM - Transfer 12: $1,329,199 →
TJLy2xfasb6Xvky3Zurjk1r6AD39CR3bbG
When the freeze executed: $206 remaining. The address was unfrozen less than 24 hours later. Only $206 was returned.
Case 4: The 5-hour slow drain — $11.9 million over 15 transactions
TBikF4W7t6AFbTiA77GgsfXnR8aoYAVqnF was targeted by Tron Proposal #1859, submitted on September 17, 2024 (UTC). The freeze took over 5 hours to execute.
The operator made 15 transfers to 6 addresses over that window — the first major transfer sent $1.3 million, and the largest single transfer moved $2.7 million. The primary destination TFjBdjNQnX7UxrWjvTvzhPu838h67iTV5J received $8.3 million across 5 transactions. In total, $11,948,840 was moved out. But this time, the operator didn’t fully drain the account — $2,903,018 was still captured when the freeze executed, making this a partial escape (80.5% of funds moved).
The pattern is clear: across these four cases alone, $82.1 million was moved during freeze windows, with only $2.9 million actually caught — a 96.5% escape rate.
On the opposite end, Ethereum has pulled off same-block freezes. Proposals #4861 through #4864, submitted and executed at the same timestamp on November 9, 2025. Zero delay. This proves it’s technically possible when signers coordinate tightly.
The gap between best-case and worst-case is enormous: from 0 seconds to over 5 hours, in the same year, on the same system.
Is Tether Getting Faster?
Yes — but the improvement is uneven.
In the early years (2017-2022), delays were all over the place. Proposals sat pending for weeks, sometimes months. The median delay regularly exceeded 25 days in some quarters.
Something shifted in late 2023. Median delays dropped hard:
Ethereum:
| Quarter | Median Delay | Proposals |
|---|---|---|
| Q4 2024 | ~1.5 hours | 185 |
| Q1 2025 | ~1.9 hours | 175 |
| Q3 2025 | ~1.8 hours | 191 |
| Q1 2026 | ~1.4 hours | 68 |
Tron:
| Quarter | Median Delay | Proposals |
|---|---|---|
| Q4 2024 | ~47 minutes | 494 |
| Q1 2025 | ~2.6 hours | 573 |
| Q2 2025 | ~2 hours | 767 |
| Q1 2026 | ~55 minutes | 258 |
The trend is real. But it’s volatile — Tron Q3 2025 saw the median jump to ~24.5 hours, driven by a batch of proposals that sat pending for an extended period.
Tether is getting faster, especially on Tron where the 2-of-N threshold is lower. But “faster” still means hours in most cases. Not minutes. Not seconds.
Growing Volume
Freeze volume has exploded. In 2020, Ethereum saw ~250 freeze proposals for the entire year. In 2024, over 700. Tron went from a few hundred in 2022 to over 4,000 in 2025 — with July 2025 alone hitting 1,070 proposals.
More proposals. Tighter turnaround. But the fundamental constraint remains: as long as the multisig requires sequential on-chain confirmations, there will always be a gap.
Why This Matters: Compliance Implications
The GENIUS Act Question
The U.S. GENIUS Act, signed in July 2025, is the first comprehensive federal framework for stablecoins. It requires issuers to be able to “seize, freeze, burn or prevent the transfer of” tokens at law enforcement direction.
Tether can do all of that. But how quickly?
If a law enforcement agency requests an emergency freeze and the multisig takes 5 hours, does that count as “freeze capability”? What about 6 days?
The GENIUS Act doesn’t specify a time requirement. That’s a practical gap in the regulation. When Tether’s typical freeze takes hours, the targets are likely long gone.
What Compliance Teams Should Do
If you’re running compliance at an exchange or financial institution:
- Don’t rely solely on Tether’s blacklist as a real-time control. By the time an address shows up on the blacklist, the funds may already be elsewhere.
- Monitor proposal submissions, not just executions. The
submitTransaction()call is public and happens hours before the actual freeze. If a freeze proposal appears for an address depositing to your platform — act immediately. - Treat the proposal as the signal, not the execution. In your risk models, the relevant timestamp is the proposal submission, not the blacklist event.
The Need for Real-Time Monitoring
The freeze gap creates a need for proactive proposal monitoring — not just watching for AddedBlackList events. By the time that event fires, the window has closed.
BlockSec’s Phalcon Compliance provides exactly this. Instead of reacting to freeze events after they happen, compliance teams can detect freeze proposals the moment they’re submitted — flagging deposits from targeted addresses, halting withdrawals, or alerting investigation teams while the window is still open.
You can explore the full proposal data, including real-time delay tracking and ECDF charts, on the BlockSec USDT Freeze Dashboard.
What Could Fix This?
The freeze gap is an architecture problem. A few approaches could reduce or eliminate it:
Pre-signed batch freezes. Coordinate all required signatures off-chain, submit in a single block. Our data shows this already happens sometimes — those 0-second-delay proposals prove it works. Make it the default.
Emergency single-signer path. A dedicated freeze function requiring only one authorized signer for time-critical blacklisting. This trades decentralization for speed — a reasonable trade-off for compliance operations.
Commit-reveal scheme. Submit a commitment hash first, reveal the target address only at execution time. The multisig governance structure stays intact, but front-running bots can’t see who’s being targeted.
Off-chain signing, on-chain execution. Move the approval process off-chain (EIP-712 typed signatures or similar), then bundle all signatures into a single on-chain transaction. No more visible “pending proposal” state.
Each approach trades something — speed for decentralization, transparency for security. But the status quo, where illicit actors get hours of advance warning that a freeze is coming, is the worst outcome for everyone except the people being frozen.
Conclusion
Tether’s freeze capability is real and growing. The $3.3 billion frozen since 2023 shows genuine investment in compliance. But the data is clear: the multisig process creates a predictable, exploitable delay that undercuts the effectiveness of every freeze.
8,293 proposals. The numbers:
- Median delay: 2.6-5.1 hours depending on chain
- ~70% of freezes take more than 1 hour
- ~22% take more than 1 day
- The delay is publicly visible to anyone watching the multisig contract
The takeaway: monitor proposals, not just executions. The freeze gap is where compliance enforcement meets illicit fund movement — and right now, the gap is wide open.
Explore the full dataset on the BlockSec USDT Freeze Dashboard. Filter by chain, time period, status, and see the execution delay for every individual proposal.
This analysis uses data from the BlockSec USDT Freeze Dashboard. Delay = difference between submit_time (block timestamp of multisig submitTransaction()) and execute_time (block timestamp of addBlackList execution). Data as of February 18, 2026.
For real-time compliance monitoring that catches freeze proposals the moment they’re submitted — not after they execute — see BlockSec Phalcon Compliance.