Researchers at blockchain analytics platform PeckShield have found out who owns the Ethereum address that, for some reason, paid $5.2 million in fees to send just two transactions last week. They have identified the owner as a small, peer-to-peer crypto exchange in Korea, called Good Cycle, and suggest that it could be operating a Ponzi scheme.
Update: We have identified the victim, a small P2P exchange in Korea called Good Cycle, which appears to be a Ponzi Scheme project. Our investigation found that their security is really lacking, e.g., using HTTP instead of HTTPS, and could be easily hacked.
“Update: We have identified the victim, a small P2P exchange in Korea called Good Cycle, which appears to be a Ponzi Scheme project. Our investigation found that their security is really lacking, e.g., using HTTP instead of HTTPS, and could be easily hacked,” PeckShield tweeted today.
PeckShield’s vice president of research, Chiachih Wu, added that they sent a transaction of 0.5 ETH to the exchange, which swiftly got picked up and sent to the address that made the two huge transaction fees. This, they say, demonstrates that the address belongs to the exchange.
The $5.2 million in Ethereum fees
Last week, two mysterious transactions were made that forced blockchain data companies to check their data wasn’t corrupted. While normal Ethereum transaction fees are around $0.17 per transaction, these two transactions both spent $2.6 million in fees; one of the transactions was to send just $100 in Ethereum.
An Ethereum user has accidentally sent two transactions with excessively large transaction fees in the last day.
As Decrypt reported yesterday, the user paid $2.6 million in fees to send just $130 of Ethereum. A second, similar mistake happened in the last few hours. This time, the user was sending a greater amount of money, some $86,000, but still spent the same amount as a transaction fee—another $2.6 million. How could this have happened?
Someone just made a $2.6 million mistake on Ethereum
“...
While many first thought the transaction was a bug, the second transaction muddied the waters even further. PeckShield was the first to report that it may be an exchange wallet—and that the exchange may have been targeted by blackmailers.
“So the million-dollar txfees may actually be blackmail. The theory: hackers captured partial access to exchange key; they can't withdraw but can send no-effect txs with any gas price. So they threaten to "burn" all funds via tx fees unless compensated,” Ethereum co-founder Vitalik Buterin tweeted about the research.
So the million-dollar txfees *may* actually be blackmail.
The theory: hackers captured partial access to exchange key; they can't withdraw but can send no-effect txs with any gasprice. So they threaten to "burn" all funds via txfees unless compensated.https://t.co/kEDFGp4gsQ
Then ZenGo cryptocurrency wallet researcher Alex Manuskin posted a response claiming that blackmail was unlikely. He doubled down on the idea that an automated system went wrong and accidentally sent the inordinate transaction fees.
Either way, the victim, which now appears to be Good Cycle, never came forward to claim the transaction fees. They have now been distributed out to miners.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Several Waymo autonomous taxis were vandalized and set on fire Sunday during a protest against the U.S. Immigration and Customs Enforcement raids in Los Angeles and the Trump administration’s deployment of National Guard into the region.
What the vehicles were doing there—who sent them, and why—is thus far unknown. Viral videos posted to social media show demonstrators climbing atop the self-driving taxis, smashing windows, and spray-painting the sides of the taxis. At least five vehicles were s...
Cetus Protocol, the leading decentralized exchange on the Sui blockchain, is officially back online after a malicious oracle attack led to an exploit of $233 million in May.
The exploit, which sent multiple SUI-based tokens tumbling 70-90%, manipulated price curves and reserve calculations, allowing the attacker to remove liquidity from pools on the DEX.
“The attacker exploited a vulnerability in a CLMM-dependent open source library, drained assets from our major pools, and conducted a large n...
French Pornhub users rushed to ProtonVPN this week after the adult site blocked access from France in protest of new government-mandated age verification rules, the company said, claiming that signups for the service surged 1,000% in just 30 minutes.
ProtonVPN is part of a suite of privacy tools developed by Proton AG, a Switzerland-based company best known for its encrypted email service, ProtonMail.
While ProtonVPN reported a 1,000% surge in French signups this week, it didn’t disclose the num...
