- The $5.3 million in Ethereum fees sent last week were apparently sent by a Korean peer-to-peer exchange.
- Security company Peckshield claims that the exchange could well be a Ponzi scheme
- Moral debate about sending the funds back
The owner of the $5.3 million in Ethereum fees accidentally paid last week has been revealed – and it’s good news if you’re a fan of karma. The ‘victim’ of the bizarre series of losses is a Korean peer-to-peer exchange called Good Cycle which, according to security firm Peckshield, appears to be a Ponzi scheme. The theory behind the loss, first suggested by Ethereum founder Vitalik Buterin, is that the group was hacked and blackmailed due to their poor security, resulting in the loss of some of their funds through the enormous Ethereum gas fees.
Over 20,000 ETH Lost in Ethereum Fees
The series of odd transactions made headlines last week and caused a flurry of comment from the crypto community, with suggestions that the fees could have been a ‘fat finger’ (a mis-pressed key on a keyboard) or a faulty exchange withdrawal algorithm. However, Ethereum founder Vitalik Buterin quickly postulated that the huge ETH gas fees could in fact be something else:
So the million-dollar txfees *may* actually be blackmail.
The theory: hackers captured partial access to exchange key; they can’t withdraw but can send no-effect txs with any gasprice. So they threaten to “burn” all funds via txfees unless compensated.https://t.co/kEDFGp4gsQ
— vitalik.eth (@VitalikButerin) June 12, 2020
This theory was considered too far-fetched by some, but Peckshield confirmed that this was indeed the likely scenario late Tuesday:
Update: We have identified the victim, a small P2P exchange in Korea called Good Cycle, which appears to be a Ponzi Scheme project. Our investigation found that their security is really lacking, e.g., using HTTP instead of HTTPS, and could be easily hacked.
— PeckShield Inc. (@peckshield) June 16, 2020
Good Cycle seemed to confirm the theory by posting on their website that they had experienced a series of hacks in recent days, with the site itself currently down for maintenance. Conclusive proof was offered when they did what Craig Wright seems unable to do and proved their ownership of the Ethereum wallet that sent the Ethereum fees by sending transactions to the two mining pools that received the funds, Ethermine and SparkPool, with a message reading: “I am the sender”.
Should SparkPool Send Back the Ethereum Gas Fees?
Ethermine has already distributed the Ethereum fees to their mining pool after giving the owners some four days to come forward, but SparkPool is yet to do so. It remains to be seen what they will do with the funds. We only have Peckshield’s word that Good Cycle is a Ponzi scheme, but the suggestion that it might be puts SparkPool in a moral predicament – should they return funds that may not legally be theirs in the first place?