Those Million Dollar Ethereum Transactions? Could Be a Hacked Exchange
The story of the $5 million Ethereum transaction fee may have finally been solved. According to PeckShield, this incident has all the markings of an exchange that lost control of its private key and is being blackmailed.
Theories Around the Ethereum Transactions
Two transactions with a combined $5 million in fees have been making the rounds on social media.
PeckShield speculates that the hacker might have stolen the credentials to access the funds of a crypto exchange by luring them to a phishing website.
According to the firm, the transactions could be the result of an exchange losing control of its funds to a hacker. But the address could only send funds to a few other whitelisted addresses.
Since the hacker was thus unable to steal funds directly, they threatened to send small transactions with massive fees if they weren’t compensated.
Per this theory, the exchange didn’t comply, and the hackers executed these Ethereum transactions. If this was the work of a hacker, their plan seems to have backfired.
The mining pools that validated the blocks containing those transactions – Sparkpool and Ethermine – have promised a solution, with Ethermine explicitly stating they will return the funds to the address if contacted.
Today our Ethermine ETH pool mined a transaction with a ~10.000 ETH fee (https://t.co/B5gRWOrcPf). We believe that this was an accident and in order to resolve this issue the tx sender should contact us at via DM or our support portal at https://t.co/JgwX4tGYr4 immediately! pic.twitter.com/sWxVRx5muv— Bitfly (@etherchain_org) June 11, 2020
Speculation and Warnings
Even before PeckShield’s report, hardware wallet Trezor highlighted this problem as an attack vector imposed by malware.
The chances of this being an accident repeated twice by the same user are slim. At this point, one can presume bad faith – either malware or a hacker.
It doesn’t need to be an exchange for this story to hold.
But the high number of deposits and withdrawals skews the probability in favor of this being a business. It could be any entity that deals with customer deposits – an exchange, a mining pool, or even a Ponzi scheme.
The address still has over $3 million of Ethereum transactions and is actively sending out transactions. It is presumably draining funds from the vulnerable account unless the hacker still has control and is toying around.