Anonymous hackers are presently holding an unknown cryptocurrency exchange to cash-out after an illegal cyber-attack forcing the Ethereum blockchain to facilitate 2 different transactions at a price of $5.2 Mln in fees.
The hackers might have gained control to the exchange’s funds but failed to transfer the cash into their personal wallets due to a new security setting that demands multiple several passwords while proceeding with a transaction.
Moreover, now they have turned to blackmail, trying to arm-twist the concerned platform into paying a ransom, consistent with Ethereum’s co-founder Vitalik Buterin.
Earlier on 12th June, while explaining the suspicious transactions, Buterin tweeted:
“Hackers captured partial access to exchange key; they can’t withdraw but can send no-effect transactions with any gas price. So they are now threatening to ‘burn’ all funds via transation fees unless compensated.”
Within the past this week, 3 Ethereum transactions took place: a customer paid $2.6 Mln to transfer $134 worth of ETH. Few hours later, the same customer transferred $86k worth of Ethereum for precisely the same fee. A 3rd transaction was by an anonymous user who paid $500k in fees, but it’s unrelated to the blackmail attack.
Until now, these deals are explained away as either a bug, money laundering or tax fraud. Others suspect this as human error.
Moreover an another report, however, turns the scales. Representing the two $5.2 Mln transactions, Renowned chinese cryptocurrency analytics firm Peckshield concluded that the uncertain ETH transfer ‘blunders’ are the results of “gas price ransomware attacks.”
Researchers added how the hackers were able to gain access to the exchange’s funds and servers via phishing attacks, granting them access to transfer money to trusted wallet addresses beneath the platform’s database, just not their own.
However, the multi-signature security setting on the platform prevented the thieves from making transfers to their own accounts, but there was a loophole that allowed them to transact to addresses that needed just single authorization.
So, they illegally transferred small amounts at ridiculously high transaction fees, to force payment. Consistent with the report, the hackers still have access to 21,000 Ethereum [ETH] that “if the exchange doesn’t provides a certain ransom via other means, the hackers will further spend the available cash .”