Hackers blackmail exchange with $5 million of Ethereum fees - report
In the last two days, three bizarre Ethereum transactions have spent $5.7 million on fees. But a report claims it’s not a bug—an exchange is being blackmailed.
It’s been an expensive week for users of the Ethereum blockchain. In the last two days one user managed to spend $5.2 million in fees to make just two transactions—and one of them was only for $130! And now, a third transaction has taken place by another user, albeit for a fee of just $500,000, which seems small in comparison.
And these absurd transactions are prompting far-fetched theories.
While initially thought to be a bug, it appears an exchange is being blackmailed. Image: Shutterstock.
“The 3rd abnormal tx on ethereum with over 2000 ETH fee went [through]. Someone believes it could be a hacker's blackmail to some exchange,” tweeted NEO co-founder Da Hongfei.
“A [wild] guess [is] certain exchange/wallet/ETH services is being “kidnapped” by hacker,” speculated Primitive Crypto founding partner Dovey Wan.
But, according to China-based blockchain analytics company PeckShield, reported by Chainews, these theories aren’t so wild after all. PeckShield’s analysis explains that the million-dollar snafus were probably “gas price ransomware attacks.”
In short, the researchers claim that the hackers have gained access to an exchange’s funds. They are able to send money to certain whitelisted accounts that are marked as reliable in the exchange’s database to—but not to their own. So, they are sending the funds with excessively high transaction fees to sap the exchange’s accounts, and they’re demanding a ransom if it’s going to stop.
The research is aimed at the first two transactions, that spent $5.2 million in total on fees, but it may apply to the third one too. (Since publishing the article, it appears that the third transaction may have been unrelated and caused by a separate direct hack on another exchange).
Hackers blackmail the exchange
The hackers started by using a phishing attack (where they fake a website or an email to try to gain credentials) to gain some kind of access to the exchange, according to the report. It worked, they had part of the permissions to send a transaction. But there was a problem.
The exchange had a multi-signature security setting. This means that multiple keys (like passwords) are required to send the money. So, it seemed like there was nothing they could do.
An Ethereum user has accidentally sent two transactions with excessively large transaction fees in the last day.
As Decrypt reported yesterday, the user paid $2.6 million in fees to send just $130 of Ethereum. A second, similar mistake happened in the last few hours. This time, the user was sending a greater amount of money, some $86,000, but still spent the same amount as a transaction fee—another $2.6 million. How could this have happened?
Someone just made a $2.6 million mistake on Ethereum
“...
But then they realised they could circumvent this multi-signature security with a trick: they could send to whitelisted address, because these addresses only require a single authorization to send a transaction.
Only the hackers were unable to send the money to their own accounts in this way. Instead they figured they would send a small amount of Ethereum to one of the whitelisted addresses but tack on an excessively large transaction fee. While they weren’t getting any of the money, they were costing the exchange dearly. And that gave them room to demand a ransom.
And that’s the whole gambit: the hackers will keep sending ETH from this exchange until its operators cave to their demands, PeckShield’s analysis claims.
Decrypt could not immediately reach PeckShield for comment, nor could it verify which exchange (which is undisclosed in PeckShield’s report) has been affected.
This article has been updated with a comment on the third transaction.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Crypto asset manager 21Shares applied for an exchange-traded fund tracking the price of Sui, according to a filing with the U.S. Securities and Exchange Commission on Wednesday.
The 21Shares Sui ETF aims to broaden investors’ access to the native token of the layer-1 network designed for high-speed transactions, which has been dubbed by some as a “Solana Killer.”
The filing named Coinbase as a custodian to safeguard investors’ funds, according to the registration statement, but did not specify...
New CertiK estimates suggest about $364 million was lost through crypto hacks, scams and exploits in April alone.
The cybersecurity firm says the vast majority of this total, $337 million, is related to phishing attacks.
#CertiKStatsAlert 🚨
Combining all the incidents in April we’ve confirmed ~$364M lost to exploits, hacks and scams after ~$18.2m was returned.
KiloEx, Loopscale and zkSync all had funds returned by whitehat exploiters.
~$337M of the total is attributed to phishing.
More… pic.tw...
Anthony Pompliano, a high-profile crypto investor and social media personality, is looking to take his influence public—literally.
ProCap Acquisition Corp., a blank-check company led by Pompliano, filed paperwork with the U.S. Securities and Exchange Commission on Wednesday to raise $200 million in an initial public offering.
The company plans to trade on Nasdaq under the ticker “PCAPU,” with each $10 unit comprising a Class A ordinary share and one-third of a warrant.
Bitcoin Rewards App Fold...