Shaurya Malwa · 3 days ago · 2 min read
News › Ethereum › China › Hacks
China report claims a hacked crypto-exchange is behind three abnormal multi-million Ethereum (ETH) fees
Since the past few days, certain, and rather strange, transactions are stirring up debate in the Ethereum community. Data shows someone, an entity or individual, spent millions in transaction fees for just a few hundreds of dollars in the actual transfer – a rarely seen occurrence.
But a new report out of China claims a cryptocurrency exchange has fallen victim to hackers, explaining over $5.7 million spent on Ethereum fees earlier this week.
The first of such came earlier this week on June 10, when reports stated someone accidentally fat-fingered millions of dollars by presumably mistaking the transaction fees and transfer values.
Over 10,000 ETH paid as a transaction fee 😬 pic.twitter.com/gpxnK6SoyX
— Anthony Sassano | sassal.eth (@sassal0x) June 10, 2020
Theoretically, anyone holding millions in ETH is likely not a first-time user of cryptocurrencies, exchanges, or wallets. Furthermore, transactions of that amount are usually cut up into smaller values, precisely to avoid any potential missending of funds.
Most shoved away the first such instance of the million-dollar transaction fee as an unfortunate fat-finger trader. Some observers on Twitter raised money laundering concerns but were voiced down by others.
Ethereum fees, in the meanwhile, shot up to over $2 million per transaction, on-chain firm Glassnode noted.
Then came the second instance, a day after the first, on June 11. The transaction was exactly the same as previously, even coming from the same address:
This time, money laundering concerns increased, with some added chatter of an exchange, “whale,” or crypto fund possibly held at ransom. Others cited possible operational error, or even a transactional algorithm running haywire. Both factors could have explained how the transactions were the way they were.
Then came the third.
Dovey Wan of Primitive Ventures tweeted:
WOW another abnormal ETH transaction with over 2K ETH fee just emerged, following the previous two incidences each with over 10K ETH fee
This to me is NOT a bug, more like a MESSAGE. A whild guess us certain exchange/wallet/ETH services is being “kidnapped” by hacker (explain👇🏻 pic.twitter.com/gZSL7V5AoM
— Dovey 以德服人 Wan 🪐🦖 (@DoveyWan) June 12, 2020
Wan said the transactions, all three, showed all characteristics of exchange or similar cryptocurrency service being hacked. The hacker, she presumed, was able to able to move funds only to whitelisted addresses, or faced constraints, explaining the use of singular addresses.
Wan pointed out the first two transactions were sent from “0xcdd6a2b,” “very likely” meaning a hot wallet with a lot of incoming and outgoing flows.
Ethereum co-founder Vitalik Buterin chimed in with his analysis of the matter, citing a report by a Chinese blockchain analytics company that seemed to confirm the hacking allegations.
So the million-dollar txfees *may* actually be blackmail.
The theory: hackers captured partial access to exchange key; they can't withdraw but can send no-effect txs with any gasprice. So they threaten to "burn" all funds via txfees unless compensated.https://t.co/kEDFGp4gsQ
— vitalik.eth (@VitalikButerin) June 12, 2020
The local Chinese firm, called PeckShield, claimed hackers have indeed gained access to the funds of an unnamed exchange, and are able to transfer to accounts marked “reliable,” not their own.
The above is leading to a ransom-like scenario. Hackers are allegedly causing losses to the tune of millions of dollars by broadcasting high-fee transactions until they are allowed to transfer to their own accounts, the report noted.
If PeckShield is to be believed, there are more such abnormal transactions coming in the upcoming days.
CryptoSlate reached out to PeakShield for verifying claims of its report. Any correspondence will be updated in the article.
Another $ETH transaction with a huge fee just went through.
This time the fee was exactly the same as the last one and it was from the same address… which makes this very weird. pic.twitter.com/AmN6w3Z9Zv
— WhalePanda (@WhalePanda) June 11, 2020