On June 12th, 2020, a single user on the Ethereum blockchain paid about 20,000 ETH in fees, which are worth a staggering $5.2 million, to make two small transactions totaling to less than $500. A second user also paid $500K in fees for a similarly minor transaction.
These three abnormal transactions spotted on the Chinese mining Spark Pool have triggered blackmail or bug error speculations among crypto experts and the community as a whole.
Dovey Wan, a Founding Partner at Primitive Crypto, believes that the ridiculous transaction fees aren’t a result of a bug in the ETH blockchain, but are instead the work of a hacker.
Blockchain analytics firm PeckShield shared Wan’s sentiments in an investigative report published by Chainnews.com, stating that the transactions could be a gas price blackmail attack launched by hackers.
This hacking technique is a typical phishing attack where hackers use bogus websites to snatch login info from user accounts, then send small amounts of digital coins but at enormous fees.
How the Attack was Carried Out
PeckShield’s analysis found that the hackers gained access to several user accounts. Still, it wasn’t able to siphon funds out of these accounts to theirs, as the accounts use the multi-sig function that necessitates multiple passwords to send funds.
Still, the hackers managed to identify several whitelisted addresses. They could send ETH coins without triggering the multi-sig security function.
Realizing this, they began to tack on an excessively large transaction fee to blackmail the account owners into parting with funds, for the transactions to stop.
Even if the hackers weren’t getting any of the funds, they cost the exchange heavily, and that allowed them to demand a hefty ransom.
PeckShield Analytics concluded that the hackers would likely continue sending coins from the compromised crypto exchange until its operators succumb to their ransom demands.
Ethereum Co-Founder Confirms Ransom Attack
Ethereum Co-Founder Vitalik Buterin confirmed via twitter that an undisclosed exchange is being held to ransom by hackers who gained unauthorized access to its wallets.
He further explained:
“Hackers captured partial access to the exchange key; they can’t withdraw but can send no-effect txs with any gas price. So they threaten to ‘burn’ all funds via tx fees unless compensated.”
It is now apparent that wallet addresses sending the few ETH and paying generous gas prices belong to a crypto whale. The shipper’s wallet had more than 21K ethers left in the address, even after the $5.2M transaction fee was paid out.
Blackmail campaigns, as well as other malicious attacks, are not uncommon in the crypto industry. In August 2019, Binance revealed that a hacker had earlier blackmailed the exchange into paying 300 BTC for withholding 10,000 photos that bear similarity to Binance KYC data.