Company identified who paid $5 million for transaction fee

  • Blockchain analysis platform PeckShield managed to uncover the identity behind the mystery transactions that paid a $5 million fee in Ethereum.
  • PeckShield claims that the Good Cycle exchange is behind the transactions and because of their low security they could have been hacked and blackmailed. 

The blockchain analysis firm PeckShield apparently managed to solve a mystery that has kept the crypto community intrigued for the last several days. Last week there were 2 transactions that paid a $5.2 million fee in Ethereum (ETH) to be validated. The community was more intrigued by the low amounts of transfers, the first sent a total of 0.55 ETH and the second 350 ETH.

Of course, there was plenty of speculation regarding the transactions. Some thought this was a mistake, including Ethereum co-creator Vitalik Buterin. Others said it was a system bug. However, the most accepted theory claimed that an unknown exchange could have been hacked. The attackers, having only partial control of the platform’s funds, sent these transactions to permitted addresses with the threat of “burning” all the funds from the exchange unless they received compensation. PeckShield’s discovery seems to support this theory.

Was it a Ponzi in Ethereum or a system failure?

After doing some research PeckShield determined that the Korean Good Cycle exchange was behind the referred transactions. The exchange is new and therefore its security is low and makes it susceptible to cyber attacks. In addition, PeckShield claims that the platform is part of a Ponzi scheme:

We have identified the victim, a small P2P exchange in Korea called Good Cycle, which appears to be a Ponzi Scheme project. Our investigation found that their security is really lacking, e.g., using HTTP instead of HTTPS, and could be easily hacked.

Vice President of Research at PeckShield, Chiachih Wu, explained how they verified the exchange’s identity. According to Wu, the PeckShield research team registered an account at the exchange and deposited 0.5 ETH at the address of the exchange. They verified that the amount they sent arrived at the address of the hot wallet of the exchange confirming the identity behind the mystery transactions.

It is rare, however, that the exchange did not speak out or report the theft of its funds or a possible blackmail. This could confirm that the Ponzi scheme theory and that they refused to report the transactions in order to keep a low profile. On the contrary, researcher Alex Manuskin says that the theory of robbery or blackmail is unlikely.

Manuskin explained that if it had been a blackmail, the system would have put an immediate defensive stop to all operations in the exchange. Operations would have been resumed once the security problems had been resolved. However, the address continued with its operations, Manuskin said. The researcher maintains that the transactions occurred because of a bug in an automated script that operates the account:

We don’t yet know the bug’s exact details, but both transactions stood out in several parameters compared to other transactions with “normal fees” from this address. They were the only transactions with a relatively round value (0.55 and 350 ETH) sent from this account.

Last updated on