In brief
- ZenGo research refutes the theory that a recent spate of million-dollar Ethereum transaction fees were the result of blackmail.
- Less than a ransom, the fees were snafus in the automated scripts the entity used to send transactions, the researcher claims.
- A scenario that posits hackers to blame is "improbable," ZenGo research said.
Did a group of hackers really breach a cryptocurrency exchange’s hot wallets only to burn millions of dollars of EthereumEthereum as ransom? If that scheme sounds far fetched, well, that’s because it just might be, according to analysis by the ZenGo cryptocurrency wallet.
According to a blog post authored by ZenGo researcher Alex Manuskin, a spate of transactions that included millions of dollars in Ethereum fees were not an attack at all but a bug, as many initially suspected.
Following our discussion with @VitalikButerin, we updated our blog post to discuss the blackmail theory.
TL;DR - we don’t buy it.
Read why here 👉 https://t.co/peZ1Ar3x8Z https://t.co/PmlVXaS46R
— ZenGo (@ZenGo) June 16, 2020
The blackmail theory put forth recently by China-based blockchain analytics firm PeckShield made the case that these fees were orchestrated via a complex “gas price ransomware attack.” The researchers claimed that the hackers gained access to an unnamed crypto exchange’s key management system for its wallets, but the hackers could only spend the wallet balances on transfers to so-called whitelisted addresses that only require a single authorization when sending a transaction to them.
The idea here is that the attackers will keep sending exorbitant fees in these transactions as a type of blackmailing technique; they don’t control the wallets they’re sending to, but it doesn’t matter because they’ll just keep sending Ethereum unless their demands are met.
This scenario is “improbable,” according to Manuskin, not least because whoever owned the funds did nothing to halt the series of outflows. If this were a blackmail attempt, then we can assume that the victims tried to do everything they could to stop it and retrieve their funds, but for whatever reason were unable to do so, the researcher argued.

Hackers blackmail exchange with $5 million of Ethereum fees - report
It’s been an expensive week for users of the Ethereum blockchain. In the last two days one user managed to spend $5.2 million in fees to make just two transactions—and one of them was only for $130! And now, a third transaction has taken place by another user, albeit for a fee of just $500,000, which seems small in comparison. And these absurd transactions are prompting far-fetched theories. While initially thought to be a bug, it appears an exchange is being blackmailed. Image: Shutterstock. “T...
“For this to happen, the process controlling the address could not be operated from the victim’s environment, because if this were the case, they could have just shut it down, even if it meant shutting down all operations,” Manuskin wrote.
The address sending the transactions was not a smart contract either, so it could not function without someone controlling it with the private key. So if the attacker took control of these keys outside of the victim’s environment, then they would have had full control over funds and not have to burn ETH as ransom bait in the first place.
Manuskin also pointed out that the two mining pools that received the transaction fees said they would return the funds to the owners if they stepped forward—but so far, none have.

More than $2 million worth of Ethereum goes unclaimed
It looks like more than $2 million worth of ETH will go unclaimed. After waiting four days, Austria-based blockchain innovation company Bitfly will distribute the proceeds of an Ethereum transaction sent with a fee of more than $2.4 million. The transmission was one of a pair of transactions broadcast last week spending a total of more than $5.2 million in fees, raising speculation of a major undetected bug in a seldom used smart contract, or financial blackmail carried out by hackers. The fro...
All of this evidence paints a dubious picture for the blackmail theory, Manuskin argued in the post. “Our assumption is that the transactions result from some sort of bug in an automated script that operates this account,” he wrote.
What’s more, we shouldn’t be surprised if this happens again, according to Manuskin: “The most important conclusion we can draw is that due to the automated characteristics of these transactions, the sender’s large remaining balance, and the continued operation of the sender, we may see a third transaction with $2.5M fees.”