The two Ethereum transactions where senders paid millions of dollars in fees for transactions worth as little as $130 are widely believed to be blackmail. According to research from analytics company PeckShield, the hackers were reportedly blackmailing an unknown exchange by sending out transactions with exorbitant fees in order to circumvent the multi-signature security of the exchange and get away with the funds they stole through a phishing attack.
Over $5 Million Paid in Ethereum Transaction Fees
Earlier this week, separate transactions were sent on the Ethereum network that accrued over $5.6 million in fees for the mining pools that processed it. According to data from Etherscan, an unknown wallet sent out transactions worth just several hundred dollars, but paid tens of thousands of ETH in fees.
The news about the exorbitant Ethereum transaction fees spread fast through the crypto community, leading many to believe that it could be more than an honest mistake in which the sender switched the amount they wanted to send with the fee they wanted to pay.
Many prominent voices in the industry noted that this could be a malicious act done by a hacker either to blackmail or cause another type of harm to a company. PeckShield, a blockchain analytics company based in China, believes that this is a classic case of blackmail, where the exorbitant Ethereum transaction fees were actually gas price ransomware attacks.
What Most Likely Happened
According to PeckShield’s report, the “attacks” most likely began when an exchange’s hot storage fell victim to a phishing attack, in which hackers took over the company’s servers. However, as most exchanges have a private key that requires multi-signature verification, the hackers wouldn’t have been able to access its funds and transfer them to their own addresses.
Instead, PeckShield researchers speculated, they realized that there was a group of addresses whitelisted by the exchange where funds could be sent without the need for multi-signature verification. By sending out minuscule transactions with exorbitant fees, the hackers were literally burning the exchange’s funds. According to ChainNews, this was most likely done in order to pressure the exchange to pay a ransom to the hackers.
This, however, couldn’t last forever, as the address taken hostage by the hackers has a balance of 21,000 Ethereum.
While certainly feasible, it’s important to note that this is still only a theory. PeckShield’s report didn’t identify the exchange they believe was affected, nor did they provide any other information about the hackers.