In the last days, a user managed spend $ 5.2 million on fees, made in only two transactions, and one of them was only for $ 130. And now, another user has made a third transaction, albeit for a fee of only $ 500,000. So has Ethereum (ETH) been hacked?
Word first spread through Telegram, according to Steven Zheng from The Block. Similarly, an administrator for a Telegram group noted that there was an issue with Balancer, a DeFi protocol focused on facilitating token exchange.
Referring to the fact that Ethereum has been hacked, Zheng was one of the first to spread the news, posting a tweet: “Apparently someone drained a Balancer Pool consisting of WETH and STA and ran away with $ 500k in WETH“
Hours after Zheng’s tweet, the attack was confirmed by Ethereum-based decentralized exchange 1inch and Mike McDonald, co-founder of Balancer Labs.
Ethereum has been hacked for $ 5.2 million
Meanwhile, the exchange’s investigation found that the attacker used a smart contract to manipulate Balancer:
“These funds were used to exchange WETH tokens to STA over and over again 24 times.”
For its part, 1inch, has classified the attacker as a “highly sophisticated smart contract engineer with extensive knowledge and understanding of DeFi’s main protocols“
Regarding this, Larry Sukernik, an investor in Digital Currency Group, argued that DeFi products are too complicated:
“A very high IQ can be an obstacle to building highly successful products. You get people with a big brain that need to be put to work“
“And when they get to work, the result is often a complex, brilliant product, but enormously unusable.”
Vitalik Buterin’s theory regarding Ethereum being hacked
In recent weeks, as described by Vitalik, the increase in transaction fees on the Ethereum network has caused quite a stir. It should be emphasized that three relatively minor Ethereum transactions were sent for a fee of millions of dollars.
- The first transaction was recorded on June 10 and paid $ 2.6 million in fees for sending 0.55 ETH.
- A second transaction occurred on June 11, 350 ETH, approximately $ 86,000, was sent for a transaction fee of $ 2.6 million. What’s more, the community still thought this was a mistake.
- On June 13, a third transaction of 3,221 ETH was recorded, shipped for a fee of 2,300 ETH. Completely eliminating speculation that it was a mistake. Undoubtedly, the clues indicate something worse than initially supposed.
Importantly, an analysis by Glassnode indicated that the second transaction came from the same address as the first. In addition, the investigative firm also determined that the fee for the second transaction was identical to the first transaction.
At this point, speculation arose that it could be a hack and blackmail, as the research firm Peckshield claimed. According to them, an exchange was the victim of a phishing attack and one or more computer hackers obtained partial access to the platform’s keys.
The investigation of PeckShield
Blockchain analysis company PeckShield, points to Good cycle as the victim of the three mysterious Ethereum transactions, which totaled $ 5.2 million in commissions.
On his official Twitter account, he confirms that the mysterious Ethereum transactions were made by bots from the Good Cycle company.
According to the signature, all transactions were tracked from the address that sent the first two transactions.
To test this hypothesis, the PeckShield firm points out that it sent 0.5 ETH to a Good Cycle address, and that after a few minutes, the 0.5 ETH was sent to the same address from which the two transactions were made.
Likewise, PeckShield indicated that it is a small exchange that has a rather poor security system. And it was because of this low security that hackers were able to access the account and carry out transactions.
Ethereum audit has ended
In summary, the PeckShield researchers claim that computer hackers have gained access to Ethereum funds. Most notably, they can send money to certain accounts on the list that are marked as trustworthy in the exchange’s database, but not their own.