Alleged Ponzi Scheme Sent the $5 Million in Ether Gas Fees

Published at: June 17, 2020

After a week of searches, it appears that the culprit behind at least two of the anomalous high fee transactions on Ether (ETH) was found.

As reported by Chinese blockchain analytics company PeckShield on June 16, the originating address appears to be coming from Korean platform GoodCycle, a recently launched peer-to-peer exchange that provides “investment” opportunities to its users.

According to PeckShield, this platform shows all the signs of a Ponzi scheme, which would explain its rapid rise in popularity.

The analysts conducted a thorough blockchain analysis and found that a wallet beginning with “0xcdd6a2b” was the origin of the first two transactions. The team was able to make a deposit on the GoodCycle platform and conclusively proved that it went to that address.

Ransomware theory more likely

The analysts argue that due to GoodCycle relying on a pyramid scheme, it makes sense why it has not come forward to claim the money, as that would erode trust in the platform from its users and subsequently collapse the venture.

Jeff Liu, a co-founder of PeckShield, told Cointelegraph that GoodCycle is likely to be the victim of an attack, though he added that “there are still other possibilities, such [as] internal operation errors.”

The report from PeckShield notes that the exchange does not even use the encrypted HTTPS protocol, which would make it trivial to hack the exchange through “man-in-the-middle” attacks. 

A communication from GoodCycle itself seems to confirm that the platform is suffering a hack, subsequently blocking withdrawals and performing a “security upgrade.”

Announcement from GoodCycle. Source: PeckShield

Victim got in contact with the mining pools

Two transactions sent today to SparkPool and Ethermine from the wallet that was identified as GoodCycle’s are signed with a message stating “I am the sender.” 

It appears likely that the team finally regained control back, as it is unlikely that the hackers would have been able to make the transaction. 

When asked why the exchange did not move sooner in shutting itself down, which was one of the criticisms of the blackmail theory, Liu replied: 

“In my opinion, they are not very experienced exchange operators, and may need some professional help on how to deal with these operation issues.”

However, Ethermine has already decided to distribute the funds to miners, while SparkPool pledged to begin the process today as well.

The PlusToken connection

Anonymous researcher Frank Topbottom was able to identify that several addresses connected to the massive PlusToken Ponzi scheme were interacting with the address later associated with GoodCycle. Specifically, funds from a known PlusToken sent ETH to the same deposit address used for some transactions on the GoodCycle address.

It is unclear whether the association runs deeper. It is possible that GoodCycle was simply another venue used by the scammers to launder their proceeds.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
Alleged $3.6B crypto Ponzi's 'victims' still believe the exchange is legit
Victims of an alleged $3.6 billion crypto Ponzi scheme in South Korea are reportedly hampering the progress of a police investigation and a joint lawsuit — as they still believe in the project and hold out hopes of getting a return on their investments. On June 4, Korean law firm Daegon reportedly filed a joint complaint against V Global, its CEO, and three executives on behalf of 130 investors and the Gyeonggi Nambu Police Agency. The Gyeonggi Nambu Police Agency is reportedly investigating V Global for an alleged crypto Ponzi scheme that reportedly defrauded around 69,000 people out of 4 …
Business / June 10, 2021
Bank of Korea selects Kakao’s blockchain arm for digital won tests
The central bank of South Korea has chosen a blockchain subsidiary of local internet giant Kakao as a technology provider for its digital currency pilots. Kakao’s Ground X won the Bank of Korea’s central bank digital currency (CBDC) tender, becoming the principal technology supplier for blockchain-based digital won simulations, local news agency Korea JoongAng Daily reported Tuesday. The central bank announced that Ground X will participate in the South Korean CBDC project in cooperation with United States-based blockchain company ConsenSys as well as other Kakao affiliates like KakaoBank and Kakao Pay. Focused on infrastructure and decentralized applications for the Ethereum …
Technology / July 20, 2021
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023