Back to the list

Chinese Firm Says South Korean Ponzi Behind Abnormal Ethereum Fees, but Another Firm Disagrees


btcmanager.com 19 June 2020 06:00, UTC
Reading time: ~2 m

Three abnormal Ethereum transactions last week stirred up massive debate in the broader crypto community. Valued at over $5.3 million in just fees for the transfer of a few ETH collectively, many suggested an exchange had been hacked. However, one firm believes the contrary.

China’s PeakShield Says Exchange Hacked

PeakShield, a Chinese blockchain analytics company, said on June 17 that the Ethereum transactions were confirmed to originate from a South Korean exchange called Good Cycle. However, the latter does not seem legit, and has links to a Ponzi Scheme. 

In a blog post, PeakShield stated the exchange has dismal security flaws, meaning the exchange’s website uses HTTP protocol instead of HTTPS which is susceptible to hackers using rather simple attacks. 

Good Cycle’s website now reflects this information as well, noted The Block

The website confirms “repeated” hacks. Furthermore, two transactions have now been sent to both Ethermine and SparkPool – the two pools that mined the abnormal blocks – with a message saying “I am the sender.”

As of today, SparkPool and Ethermin decided they would distribute the funds among their pool holders, waiting a whole five days before taking the decision.

At press time, it’s still uncleared who is behind Good Cycle’s hack. ast week, Ethereum creator Vitalik Buterin explained the blackmail theory: 

“Hackers captured partial access to exchange key; they can’t withdraw but can send no-effect txs with any gasprice. So they threaten to ‘burn’ all funds via txfees unless compensated.”

ZenGo Cites Misfiring Smart Contract

Meanwhile, another blockchain analytics firm stated it doesn’t believe a hack was behind the two transfers, albeit releasing a report before the Good Cycle development was made public. 

A blog post by ZenGo researcher Alex Manuskin on June 16 said the two transactions were a misfunctioning smart contract and were unlikely to be a case of blackmail. 

Manuskin believes a blackmail attempt would have been stopped by the victim or at least shown signs of stopping, before three such transactions taking place. Thus far, the PeckShield was that the fees were orchestrated via a complex “gas price ransomware attack.” 

Decrypt noted:

“The address sending the transactions was not a smart contract either, so it could not function without someone controlling it with the private key.”

Manuskin added if the attacker took control of these keys outside of the victim’s environment, they possessed full control over funds and burning ETH as ransom was unneeded. 

Back to the list