It seems that the strange and multi-million dollar transactions that took place on the Ethereum network recently are the result of a case of extortion. A crime carried out by one or more hackers when gaining access to the cryptographic funds of a possible custody company or exchange.

The strange transactions that took place in Ethereum For three consecutive days, they earned miners more than $3 million in fees. The amounts transferred in these transactions barely exceeded $5,7.

Likewise, the co-founder of Ethereum, Vitalik Buterin, spoke about this fact through his official Twitter account. Buterin believes that the hackers were able to access the accounts and funds available within an exchange. But when they tried to steal the money in custody, they found that they could not make withdrawals to new addresses, since the account operated under addresses multi-signatures and the hackers did not have all the private keys necessary. So they decided to modify the gas of the transactions on the Ethereum network to send the millionaire commissions. It is as if it were a threat to burn all the funds available in the hacked accounts. Buterin, for his part, estimates that the hackers were hoping to be contacted to stop the attack and request a reward.

Likewise, peckshield, a well-known blockchain research and analysis firm, issued a report explaining that these strange events may indeed be related to a case of extortion and blackmail. In the report, they indicate that the victim is possibly an exchange, a custody service, or a wallet.

For its part, similar to Buterin's comments, PeckShield believes that the hackers were unable to gain full control of the funds. Instead, they were only able to access certain addresses controlled by the victim himself, who fortunately had a security mechanism that prevented them from adding new addresses and stealing the funds for themselves. Even so, the hackers sent the million-dollar commissions in order to burn the funds in the form of gas until the victim contacted them and rewarded them in some way.

It may interest you: Most expensive transaction in history: Ethereum user pays $2,6 million transaction fee

Phishing attack on the Ethereum network

It is not yet clear how the hackers were able to partially control these funds, but the analysis firm believes that it could have been an attack PhishingThrough this means, cybercriminals were able to access several of the private keys associated with the addresses from which transactions were made on the Ethereum network.

For those who don't know what a phishing attack is, it is an attack vector executed by cybercriminals. This attack aims to send a series of email messages to victims impersonating a trusted source. For example, the email received may appear to come from a bank, a financial service or even the police.

But in reality, these are addresses that are manipulated to trick the victim into sending personal and confidential information, or into accessing a service from these fraudulent addresses. Thus, when a person logs into a service through these messages, hackers can obtain this access information and use it to steal from the victim later.

Learn with Bit2Me Academy: Learn how to protect your cryptocurrencies and funds from possible attacks.

Detailed report by PeckShield

So, in the report PeckShield details, it is estimated that first, the main address of the exchange or custodian was hacked through a phishing attack. And from there, the hackers were able to take control over the account management permissions. However, because the funds are controlled by multi-signature, they only have partial control.

The hackers quickly discovered that they could only send funds to a certain number of limited addresses, and that they could not add new addresses. But they also realized that they could modify the gas fees on the network at will. That is why they implemented the expensive transactions with the list of addresses they were allowed to.

With this method, hackers used a form of blackmail or extortion. Through the GasPrice, the hackers, although they could not transfer the funds to themselves, were able to spend them. And boy did they spend them; paying $2,6 million in each fee.

On the other hand, it is believed that hackers may still be in control of these funds. Since the Ethereum address from which the transactions were sent, 21.000 ETH remain available, equivalent to more than 5,8 million dollars at the time of this publication.

Hypothesis about the strange and millionaire commissions

Initially, it was believed that the transaction occurred due to a costly human error. Or that it could have been due to a case of money laundering. However, these hypotheses were eliminated when it was proven that the mined blocks where the transactions are were extracted by different mining pools. Firstly, it was spark pool who mined the block that included the first transaction. This was a transaction made for an amount of 133,8 dollars with a commission of almost 2,6 million.

While the second transaction, made just a few hours later, was included in a block of EthermineIn this case, the transaction was for $82.197,5 with a commission exactly the same as the previous one. When this event occurred for the second time, the hypothesis of human error was completely eliminated.

Also, a third This transaction took place on Ethereum for the third day in a row. Although this transaction was not made by the same user as in the previous cases. Also, the third, but equally strange transaction was made to move a total of 3.221 ETH ($759.696,2), with a fee of 2.310 ETH ($544.721,1) paid to the miners. Although this last fee cost much less compared to the previous ones of $2,6 million each, it is still an unusual and quite high sum.

On the other hand, the mining pools that mined the blocks on Ethereum have confirmed that the funds remain in custody. Therefore, they have not been distributed to the miners. This is until the veracity of the events that occurred is verified and the true owners of the funds are contacted for their possible return.

To date, it remains a mystery who the perpetrators of the attack were, or which custodian companies or exchanges were the victims. No cryptocurrency exchange, wallet or custodian service has reported a possible attack or any case of extortion.

Continue reading: Ethereum's most expensive transaction now has an equally expensive sister and the same origin