Two transactions spotted on the Chinese mining pool Spark Pool have stunned everyone in the Ethereum community over the last two days. While nearly 20,000 ETH worth $5.2 million was paid as the transactions fees, the value transferred was only 350 ETH worth less than $90,000 — and one of them was only 0.55 ETH or $133.
At glance, the crypto community suggested that the sender mistakenly mixed up the fields on the value of the transfer and the fee. Today, however, Ethereum’s Co-Founder Vitalik Buterin and China-based blockchain analytics company PeckShield floated the idea that a yet-to-be-disclosed exchange is being held to ransom by hackers who gained unauthorized access to its wallets.
Criminals are thought to have captured partial permissions, such as server management or something similar. But since the exchange’s private key has a multi-signature verification, which help protect against theft by requiring multiple private keys to sign each outgoing transaction, they were unbale to send crypto holdings to their own wallets.
So, the unusual transactions that grabbed the community’s attention were carried out by the ransomware gang to blackmail the exchange and force them to send their chunk, otherwise they would continue to burn their assets though paying excessively high transaction fees.
Ethereum’s Co-Founder further explained that “Similar situations could happen in “scorched earth” games, including scorched-earth vaults aka “Moeser-Eyal-Sirer” vaults, as well as scenarios where hackers can slash but not steal staked funds”.
While the story is yet to be confirmed, the human error theory doesn’t make sense any more as if it was true with the first transaction, the second one might invalidate this assumption. In addition, it can easily be noted that wallet address sending the few ethers and paying generous gas price belongs to a crypto whale. The shipper’s wallet had over 21,000 ETH left in the address, worth more than $5 million, even after the $5.2 million transaction fee was paid out.
Further, the sender’s wallet has been very active all the time, showing several transactions almost every minute, which matches operations carried out by a trading venue.
Blackmail campaigns are not uncommon in the crypto space. A few months ago, Binance revealed that a pro-claimed hacker previously demanded 300 BTC from it for “withholding 10,000 photos that bear similarity to Binance KYC data.” After he refused to give the team any irrefutable evidence regarding the source of breach, Binance ended conversation, but the hacker then started distributing the KYC data online and to media outlets.