Key Takeaways
- Peckshield’s theory that a hacked entity was being blackmailed turned out to be true.
- The sender missed their chance to retrieve this funds.
- Go Ethereum’s new release will reject any transaction with a fee more than one ETH.
Share this article
A South Korean Ponzi scheme owns the address from which the two transactions with $5 million of Ethereum fees originated. Ethereum developers have already created a solution to prevent similar situations in the future.
Mystery of Million Dollar Transactions Unravels
The sender of the Ethereum transactions with $5 million transaction fees is Good Cycle, a South Korean P2P cryptocurrency exchange, said Peckshield.
Update: We have identified the victim, a small P2P exchange in Korea called Good Cycle, which appears to be a Ponzi Scheme project. Our investigation found that their security is really lacking, e.g., using HTTP instead of HTTPS, and could be easily hacked.
— PeckShield Inc. (@peckshield) June 16, 2020
Further research from Peckshield revealed Good Cycle isn’t even an exchange, but a Ponzi scheme masquerading as an exchange.
Earlier in the week, someone sent out two Ethereum transactions with fees of $2.5 million each. The hunt began to find the entity behind the address as experts offered their take on why this happened.
From a botched script to a fat-finger error, there were several theories. But only one stood out.
Peckshield believed this was the result of an exchange losing partial control of its wallet. The hacker couldn’t quite steal the funds because the original owner whitelisted a few addresses for outgoing transactions.
To earn a bounty, Peckshield believed the hacker was blackmailing the original owner by sending funds to whitelisted addresses but with an expensive transaction fee. Vitalik Buterin corroborated this theory.
With PeckShield confirming the identity of the hacked address, this theory has turned out to be true.
Good Cycle has, however, failed to contact the miners who validated the blocks with those transactions. As a result, the miners who initially decided to return the fee if the sender contracted them ended up disbursing the proceeds to the participants of its mining pool.
Go Ethereum Has a Solution
Ethereum node software Go Ethereum has whipped up a simple solution to ensure events like this don’t happen in the future.
A new upgrade to the client introduces a feature where the software rejects transactions with a fee higher than one ETH.
New feature in the upcoming Geth release, courtesy of @Gary_Rong and @etherchain_org: Geth 1.9.16+ will refuse to accept txs with a fee > 1 ETH (change via `–rpc.txfeecap`) on its RPC interface.
It will of course still propagate such remote transactions.#golang #Ethereum pic.twitter.com/Aor86chuHZ
— Péter Szilágyi (@peter_szilagyi) June 17, 2020
One ETH is $235 at the time of writing, which is a reasonable ceiling for transactions.
There are still ways a hacker could blackmail exchanges with fees. For instance, if the hacker were to spam the blockchain with multiple one ETH transactions, rather than a single huge transaction, it would still have the same net effect.
But perhaps this gives the exploited entity more time to regain control of their address and prevent further bleeding.