Blackmail is Behind Multi-Million ETH Transfer Fees, Say Researchers

Published at: June 13, 2020

Over the past week, the crypto community has been left befuddled by three small Ether (ETH) transfers that incurred millions of dollars in fees.

However, new reports have given weight to speculation that the seven-figure fees may have been deliberately spent as part of a blackmail scheme targeting a cryptocurrency exchange, with Chinese blockchain analysis firm PeckShield concluding that the transactions were likely resulting from extortion attempts.

Seven-figures ETH fees attributed to extortion

On June 12, Chinese media outlet Chainnews reported that analysis firm PeckShield has concluded that the string of multi-million dollar fees that were paid by hackers seeking to ransom a cryptocurrency exchange.

The report speculates that the exchange had been compromised in a phishing attack, allowing hackers to gain control over permissions for many of the platform's operational functions, including its servers. 

While the implementation of multi-sig restrictions prevented the attackers from draining the exchange’s funds to wallets under their control, they are able to make transfers to whitelisted addresses — determining the gas fees paid on said transactions.

As such, the researchers believe that the hackers are threatening to empty the exchange’s wallet if they are not paid a bribe, with PeakShield asserting 21,000 ETH remains in the wallet under the hackers’ control.

One wallet pays $5m to move 355.5 ETH in 24 hours

The first multi-million dollar transfer fee occurred on June 10, with $2.6 million in fees being paid to move just 0.55 ETH. Within 24 hours, a second transfer of 350 ETH was made from the same wallet, again spending $2.6 million in gas.

The following day saw the Ethereum network process a third curious transfer, this time from a different wallet. The transaction paid 2,310 ETH to move 3,221 Ether.

The obscure transfers elicited an array of theories from members of the crypto community seeking to explain the seven-figure fees, attributing the transactions to vengeful actions of a former exchange employee, fat-fingered human error, or a bug in a money-laundering bot.

Tags
Related Posts
Synthetix Reverses Oracle Error-Caused Misplaced sETH in Exchange for a Bug Bounty
Following a recent oracle issue, asset issuance platform Synthetix will reverse the misplaced 37 million synthetic ether (sETH) in exchange for a bug bounty, Synthetix founder Kain Warwick stated on June 25. According to the statement, Synthetix has now resumed trading and transfers after the platform yesterday suffered an oracle error that led to several trades with profits of 1000x, resulting in more than $1 billion in profits in under an hour. Warwick, who is also CEO of Australia-based payment operator blueshyft, has described the details of the accident, noting that the error, which led one of APIs on the …
Ethereum / June 25, 2019
NZ Police Report Says ‘Excellent Progress’ Being Made in Cryptopia Hack Investigation
Police in New Zealand are working with international law enforcement to track down hackers who reportedly stole over $16.1 million from local exchange Cryptopia, the police reported in a press release Feb. 7. Cryptopia, which suffered an attack beginning Jan. 15 and lasting around two weeks, has lost funds from tens of thousands of Ethereum (ETH) wallets. After confirming they were investigating the case Jan. 16, police revealed today that they are coordinating an international effort to track both the funds and perpetrators, in a report attributed to Detective Inspector Greg Murton. “The stolen cryptocurrency is being actively tracked by …
Ethereum / Feb. 7, 2019
New Analysis Suggests $16 Million in Crypto Stolen in Cryptopia Hack
As much as $16 million worth of Ethereum (ETH) and ERC20 tokens were stolen in the recent hack of New Zealand exchange Cryptopia, according to an analysis from blockchain infrastructure firm Elementus, Jan. 20. Elementus’ findings and analysis were published under a week after Cryptopia first publicly announced its detection of the breach. As reported, the exchange had initially informed the public that the platform was undergoing unscheduled maintenance, before avowing that a hack incurring “significant”— but unspecified — losses had occurred. According to Elementus, data on the Ethereum public blockchain indicates that funds began to be siphoned from Cryptopia’s …
Blockchain / Jan. 22, 2019
Crypto.com finally speaks out: 483 user accounts compromised
The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts. In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value. Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns. Following the 17th of …
Bitcoin / Jan. 20, 2022
Crypto sleuth debunks 3 biggest misconceptions about the FTX hack
On-chain sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack — taking to Twitter to correct a "ton of misinformation" about the event and the possible culprits. In a lengthy Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's true identity, and that the culprit is trading memecoins. 1/ I have seen a ton of misinformation being spread on Twitter and in the news about the FTX event so let me debunk the three …
Bitcoin / Nov. 21, 2022