Skip to main content

Ethereum's $5.2 Million Fee Scandal Explained: Exchange Held to Ransom by Hackers

Hackers are holding an unnamed crypto exchange to ransom after an alleged cyber-attack forced the Ethereum blockchain to facilitate two separate transactions at a cost of $5.2 million in fees, new information suggests.


The hackers may have gained access to the exchange’s funds but failed to transfer the money into their own wallets because of a security setting that demands multiple passwords to process a transaction.

Now they have turned to blackmail, trying to arm-twist the concerned platform into paying a ransom, according to Ethereum (ETH) co-founder Vitalik Buterin.

Explaining the suspicious transactions, Buterin tweeted on June 12 that: “Hackers captured partial access to exchange key; they can’t withdraw but can send no-effect txs with any gas price. So they threaten to ‘burn’ all funds via tx fees unless compensated.”

In the last few days, three ETH transactions took place: a customer paid $2.6 million to send $134 worth of ether. Few hours later, the same individual transferred $86,000 of ETH for precisely the same fee. A third transaction by a different user paid $500,000 in fees, but it’s unrelated to the blackmail attack.

Until now, the deals have been explained away as either a bug, money laundering or tax evasion. Others suspect human error.

A new report, however, turns the scales. Focusing on the two $5.2 million transactions, Chinese crypto analytics firm Peckshield concludes that the extraordinary ethereum transfer ‘blunders’ are the result of “gas price ransomware attacks.”

Researchers explain how the hackers gained access to the exchange’s funds and servers through phishing, granting them permission to send money to trusted wallet addresses under the platform’s database, just not their own.

The multi-signature security setting on the platform prevented the thieves from making transfers to their own accounts, but there was a loophole that allowed them to transact to addresses that require single authorization.

So, they have weaponized their stolen authority, sending very small amounts at ridiculously high transaction fees, to force payment. According to the report, the hackers still have access to 21,000 ETH ($5 million) that “if the exchange does not give a certain ransom through other means, the hackers will further spend the money.”

In another tweet, Vitalik Buterin offered a different explanation. “Similar situations could happen in ‘scorched earth’ games, including scorched-earth vaults aka ‘Moeser-Eyal-Sirer’ vaults as well as scenarios where hackers can slash but not steal staked funds,” he said.

Source: news.bitcoin.com

What do you think about this ongoing ethereum fees debacle? 

Let us know in the comments section below.


Comments

Contact us

Name

Email *

Message *

Popular posts from this blog

Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry

These are exciting times for the UK gambling industry. The impact of internet technology is now being felt with online gambling now controlling the industry.  The adoption of cutting-edge technology is reasonable for the boom in the industry. From live casinos, mobile apps to artificial intelligence, incredible trends continue shaping the gambling industry. However, it is the rise of cryptocurrency casinos that seeks to redefine UK gambling.  Many operators now include crypto coins such as bitcoin, Ethereum and Litecoin as part of their banking methods. Others offer exclusive bitcoin payments and promotions based on digital tokens. This revolutionary trend has a huge impact due to enhanced safety and security on these platforms. Players looking for peace of mind when playing online now opt to use cryptocurrencies. This post looks at how cryptos guarantee the safety and security of players at online casinos. How Cryptocurrency Gambling Works There’s a lot of talk ab...

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...

Farm GRASS earn MONEY

  Use your Unused Internet Bandwidth to make $$$ In today’s interconnected world, the concept of passive income has taken on new dimensions, offering innovative ways for individuals to monetize underutilized assets.  One such groundbreaking avenue involves earning money by selling your unused internet connection.  By participating in decentralized networks like Grass, individuals have the opportunity to turn their dormant bandwidth into a valuable asset, contributing to a fairer and more equitable digital landscape while generating income. Grass is a decentralized network sharing application designed to offer an alternative to existing centralized networks.  It allows users to sell their unused bandwidth directly, without the need for exploitative middlemen.  The platform operates by enabling users to download a web extension that runs in the background, assisting others in accessing public web data in exchange for payment using the protocol’s native token. How ...