How to lose $2.5M, twice
As part of our ongoing research on blockchains, we were able to spot some highly abnormal Ethereum transactions (Tx) early on. We’re referring to two recent transactions that led to millions of dollars in network fees being paid unnecessarily, instead of standard fees, that are usually less than $1. As a result, the sender lost this money as fees were paid to the block miner.
Our initial findings, posted on Twitter, were quickly noticed by the press.
In this article, we will briefly summarize the issue at hand. We’ll continue to update with more findings as additional data is gathered.
How did we discover these transactions?
We observed both transactions in real-time using our newly launched Ethereum fees observatory tool. This tool visualizes the fees of pending transactions in the Ethereum node’s Txpool. It can be used by users and analysts to monitor the current Ethereum fees and network congestion level.
With their extremely unusual fees, the transactions in question dwarfed all other transactions, making them highly visible and impossible to miss.
At first, we assumed something was wrong with our data, but when we dived a little deeper, we quickly verified its validity. Using the Ethereum fees observatory tool, we were one of the first to identify the abnormal transactions.
Transactions details
There were two huge transaction fees. The first happened on June 10, 2020, and the second on the following day (today).
There are certain unmistakable similarities between the transactions, as they share the same sender, and the same exact fees (10,668.73185 Ether). However, some parameters weren’t the same as the blocks were mined by different miners ( SparkPool, Ethermine ) and were sent to different receiving addresses.
What it is not
Some had suggested this might be a sophisticated money-laundering scheme to covertly send money from the sender to the miner. However, we find this theory highly unlikely due to the following reasons:
- This Tx was broadcasted and visible to the world (that’s how we saw it in our tool). If the intention was to commit money laundering, the sender should have sent the transaction directly to a colluding miner to prevent other miners from collecting it.
- Sending via fees was spotted and became a very public event, defeating the purpose.
- The second Tx with $2.5M fees was mined by a different miner.
What it might be
Our assumption is that the transactions result from some sort of bug in an automated script that operates this account. Supporting evidence for this hypothesis:
- Same sender, with the same exact, not rounded fees.
- The account used to send a transaction approximately every minute, so this did not look like a human operator.
- The account continued to send transactions after the first $2.5M, including the recent additional transaction with $2.5M fees, so the error was not identified. If operated by a human, the issue would have likely been identified immediately and cause the account to stop sending.
We don’t yet know the bug’s exact details, but both transactions stood out in several parameters compared to other transactions with “normal fees” from this address. They were the only transactions with a relatively round value (0.55 and 350 ETH) sent from this account.
These additional characteristics might suggest the transactions with enormous fees belong to a different process than transactions with normal fees, and the bug only affects this process.
Concluding thoughts
The most important conclusion we can draw is that due to the automated characteristics of these transactions, the sender’s large remaining balance, and the continued operation of the sender, we may see a third transaction with $2.5M fees.
At ZenGo, we’re keeping a close watch on this situation. We’ll keep you updated here and on our official and personal Twitter accounts. Stay tuned!
Originally published at https://zengo.com on June 11, 2020.
