Last week, the crypto community discovered that the Ether Network (ETH) was showing transaction fees of up to $2.6 million on several transactions. Vitalik Buterin has since suggested that the abnormal fees „may actually be blackmail,“ but some researchers have now challenged that claim.
The blackmail theory
The first suspicious transfer took place on June 10, when $2.6 million in fees were paid to move only 0.55 ETH. Within 24 hours, a second transaction of 350 ETH from the same purse was made, spending exactly the same amount – $2.6 million – on gas.
15 people plead guilty to the BTC scams through bogus auctions
The next day, the Ethereum blockchain processed a third abnormal transfer, albeit from a different purse. In the transaction, 2,310 ETH – approximately half a million dollars – were paid to transfer 3,221 ETH.
PeckShield, the Etoro analysis company, had concluded on June 12 that the multi-million dollar fees were paid by hackers attempting to rescue a crypto-currency exchange after having obtained limited access to the platform’s operating functions. According to PeckShield, the hackers threatened to empty the exchange’s purse if they were not paid a bribe.
Vitalik Buterin has tweeted that article again, on the theory that:
„Hackers captured partial access to the exchange key; they can’t withdraw but they can send [transactions] without effect with any gas price. So they threaten to ‚burn‘ all the funds through [transaction fees] unless they are compensated.
Allegations of sextorsion at BitcoinAbuse increased by 1300% in April
A ZenGo researcher criticizes the theory
In a recent interview with Cointelegraph, Alex Manuskin, a blockchain researcher at the Tel Aviv-based ZenGo cryptomoney purse company, said the blackmail theory „requires some very peculiar circumstances to be possible.
Manuskin stressed that after the first incident, the supposedly hacked account did not change its behavior, and continued to operate in normal mode:
„Transactions continued to come in and out. If the hackers controlled the password, why did they [the hacked entity] continue to run the service as usual?
According to Manuskin, if the hackers did gain limited access to the key that allowed them to send transactions to „whitelisted“ addresses (such as customer addresses that have been pre-approved by the entity controlling the hacked wallet), the hacked service „would do everything possible to stop all transactions and not jeopardize additional funds.
„If this was indeed a mistake, not to notice an incident like that is insane,“ Manuskin continued to argue, suggesting that the story behind the transactions remains a mystery for now. He added:
„But to imagine a service that works with 10 million dollars of funds, and doesn’t keep backups of the keys to those funds and does nothing to try to seal the gap is also insane.“
MSU is the victim of a ransomware attack and refuses to pay the ransom
The blockchain researcher suggests that the address could belong to „some East Asian service“ that users access „from various exchanges such as Bithumb, OKEx, Coinone and others.
The miners say no one has approached them about the transactions
This week, two mining pools involved in the abnormal chain of transactions – Etherchain and Sparkpool – announced that they will distribute the millions of dollars in fees they received from the strange transactions. Both groups have stressed that they have given enough time for the sender to contact them.
„If this were really a blackmail attack, we would expect the victim to contact the miners immediately to recover the lost funds,“ Manuskin argued in a blog post.