Researcher Refutes ‘Blackmail’ Theory Behind Mysterious Ether Transactions

Published at: June 16, 2020

Last week, the crypto community spotted transaction fees of up to $2.6 million featured in several transactions on the Ethereum network. Vitalik Buterin has since suggested that the abnormous fees “may actually be blackmail," but some researchers have now challenged that claim. 

Blackmail theory

The first suspicious transfer took place on June 10, when $2.6 million in fees was paid to move just 0.55 Ether (ETH). Within 24 hours, a second transaction of 350 ETH was made from the same wallet, spending the exact same amount — $2.6 million — in gas.

The next day, the Ethereum blockchain processed a third abnormal transfer, although from a different wallet. The transaction saw 2,310 ETH — or roughly $0.5 million dollars — being paid to transfer 3,221 Ether.

On June 12, Chinese analysis firm PeckShield concluded that the multimillion dollar fees were paid by hackers seeking to ransom a cryptocurrency exchange after gaining limited access to the platform's operational functions. According to PeckShield, the hackers are threatening to empty the exchange’s wallet if they are not paid a bribe.

Vitalik Buterin has since retweeted that article, elaborating on the theory:

"Hackers captured partial access to exchange key; they can't withdraw but can send no-effect [transactions] with any gas price. So they threaten to 'burn' all funds via [transaction fees] unless compensated."

ZenGo researcher criticizes the theory

In a recent interview with Cointelegraph, Alex Manuskin, a blockchain researcher at Tel Aviv-based cryptocurrency wallet company ZenGo, said the blackmail theory “takes some very peculiar circumstances for it to be possible”. 

Manuskin stressed that after the first incident, the supposedly hacked account did not change its behavior, continuing to run in normal mode:

“Transactions continued going in and out. If the hackers controlled the key, why did they [the hacked entity] continue operating the service as usual?”

According to Manuskin, if hackers indeed gained limited access to the key that allowed them to send transactions to the “whitelist” addresses (such as customer addresses that have been preapproved by the entity controlling the hacked wallet), the hacked service would “do all it can to halt all operations and not put additional funds at risk.”

“If indeed this was a bug, not noticing such an incident is crazy,” Manuskin went on to argue, suggesting that the story behind the transactions remains a mystery for now. He added:

“But to imagine a service that operates 10M USD worth of funds, and does not keep backups for the keys of such funds and doesn't do anything to try and seal the breach is also crazy.”

The blockchain researcher suggests that the address could belong to “some service in east Asia” that users access “from various exchanges including Bithumb, OKEx, Coinone and others.”

Miners say no one approached them regarding the transactions

This week, two mining pools involved in the abnormal string of transactions — Etherchain and Sparkpool — both announced they are going to distribute the millions of dollars in fees they received from the strange transactions. Both pools have stressed that they have given sufficient time for the sender to get in touch with them.

“If it were indeed a blackmail attack, we would expect the victim to immediately contact the miners to retrieve the lost funds,” Manuskin argued in a blog post.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
US Treasury blacklisted a non-existent ETH address in connection with alleged Russian election interference
Earlier today, the U.S. Department of the Treasury updated its Specially Designated Nationals List, adding several individuals and a number of cryptocurrency addresses. One of the individuals added was Artem Mikhaylovich Lifshits — a Russian national, accused of interfering in the U.S. elections. In addition to disclosing his personal information, the site lists a number of cryptocurrency addresses that he allegedly controls. One of the Ethereum addresses, found at 0xa7e5d5a720f06526557c513402f2e6b5fa20b00, does not seem to exist, however. Source: U.S. Department of the Treasury. There was likely a mixup somewhere in the chain of command and the Treasury meant to blacklist 0xA7e5d5A720f06526557c513402f2e6B5fA20b008 …
Regulation / Sept. 10, 2020
Unitize Roundup: Top 10 Quotes From the Virtual Blockchain Conference
The five-day Unitize virtual blockchain conference organized by BlockShow and San Francisco Blockchain Week ended with the final session on Friday. The event saw appearances from Heath Tarbert, the chairman of the Commodity Futures Trading Commission; Vitalik Buterin, a co-founder of Ethereum; and Tim Draper, a serial blockchain investor, as well as other speakers from a diverse pool of market segments both within and outside the crypto space. Blockchain adoption, decentralized finance, central bank digital currencies and the future of Bitcoin (BTC) dominated the conversation in many of the panels. The event also saw speakers chart possible paths forward for …
Adoption / July 12, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Thanks to Ethereum, 'altcoin' is no longer a slur
Altcoin originally meant “Bitcoin alternative” because, in the early stages of cryptocurrency development, every blockchain-based currency was seen as a sort of Bitcoin (BTC) knockoff. Cryptocurrencies back then were mainly used for payments, such as Litecoin (LTC), XRP (XRP) and Peercoin (PPC). Altcoin was used as a catchall term for cryptocurrencies other than Bitcoin. That’s changed since 2011. With the emergence of more than 20,000 cryptocurrencies, each linked to different types of crypto projects and tokens. We have also seen the dexterity of coins stretch across sectors of public chains, decentralized finance (DeFi), layer 2, decentralized autonomous organizations (DAOs), stablecoins …
Technology / Dec. 4, 2022