The mysterious high fee ETH transactions could be the result of foul play, reveals investigation.
- The transactions could be the result of an exchange getting hacked.
- The hacked address could only send funds to other whitelisted addresses, so the hacker may have used the massive fees as a means of ransom.
- Mining pools involved in mining the two transactions are trying to find a solution and return the funds.
The story of the $5 million Ethereum transaction fee may have finally been solved. According to PeckShield, this incident has all the markings of an exchange that lost control of its private key and is being blackmailed.
Theories Around the Ethereum Transactions
Two transactions with a combined $5 million in fees have been making the rounds on social media.
PeckShield speculates that the hacker might have stolen the credentials to access the funds of a crypto exchange by luring them to a phishing website.
According to the firm, the transactions could be the result of an exchange losing control of its funds to a hacker. But the address could only send funds to a few other whitelisted addresses.
Since the hacker was thus unable to steal funds directly, they threatened to send small transactions with massive fees if they weren’t compensated.
Per this theory, the exchange didn’t comply, and the hackers executed these Ethereum transactions. If this was the work of a hacker, their plan seems to have backfired.
The mining pools that validated the blocks containing those transactions – Sparkpool and Ethermine – have promised a solution, with Ethermine explicitly stating they will return the funds to the address if contacted.
Speculation and Warnings
Even before PeckShield’s report, hardware wallet Trezor highlighted this problem as an attack vector imposed by malware.
The chances of this being an accident repeated twice by the same user are slim. At this point, one can presume bad faith – either malware or a hacker.
It doesn’t need to be an exchange for this story to hold.
But the high number of deposits and withdrawals skews the probability in favor of this being a business. It could be any entity that deals with customer deposits – an exchange, a mining pool, or even a Ponzi scheme.
The address still has over $3 million of Ethereum transactions and is actively sending out transactions. It is presumably draining funds from the vulnerable account unless the hacker still has control and is toying around.
Crypto Briefing will update this article as the story develops.