Alleged Ponzi scheme would be behind the $5 million in Ether paid in transaction fees


After a week of investigation, it appears that at least two of Ether’s (ETH) suspicious transactions have been found to have a huge per-transaction fee.

As reported on June 16 by Chinese blockchain analysis company PeckShield, the source address appears to be from the Korean platform GoodCycle, a recently launched peer-to-peer (P2P) exchange that „offers investment opportunities“ for its users.

Experts are divided over Ether’s second transaction which has a fee of USD 2.6 million

According to PeckShield, this platform shows all the signs of a Ponzi scheme, which would explain its rapid rise in popularity.

Analysts conducted a thorough study of the block chain and found that a wallet starting with „0xcdd6a2b“ was the source of the first two transactions. The team was able to make a deposit on the GoodCycle platform and proved conclusively that it went in that direction.

The ransomware theory is the most likely
Analysts argue that, because GoodCycle is based on a pyramid scheme, it makes sense why it did not move forward to claim the money, as it would affect its users‘ trust in the platform and subsequently bring down the company.

PeckShield co-founder Jeff Liu told Cointelegraph that GoodCycle may have been the victim of an attack, but added that „there are still other possibilities, such as internal operational errors.

There’s blackmail behind ETH’s multi-million dollar transfer fees, researchers say

PeckShield’s report notes that the exchange does not use the encrypted HTTPS protocol, which would make it trivial to hack into its page through a Man-in-the-Middle Attack (MITM).

A communication from GoodCycle itself seems to confirm that the platform is being hacked, subsequently blocking withdrawals and performing a „security update“.

Announcement from GoodCycle

The victim contacted the mining pools
Two transactions sent to SparkPool and Ethermine today from a wallet identified as GoodCycle’s are signed with a message that says „I am the sender“.

It seems likely that the team finally regained control, as it is unlikely that hackers could have carried out the transaction.

One researcher refutes the „blackmail“ theory behind Ether’s mysterious transactions
When Liu was asked why the exchange did not close more quickly, which was one of the criticisms of the blackmail theory, he replied:

„In my opinion, they are not very experienced and may need professional help to deal with these operational problems.“

However, Ethermine has already decided to distribute the funds to the miners, while SparkPool has committed to start the process today as well.

The PlusToken connection

Anonymous researcher Frank Topbottom was able to identify that several addresses connected to PlusToken’s large Ponzi scheme had interacted with the address later associated with GoodCycle. Specifically, PlusToken’s known funds sent ETH to the same deposit address used for some GoodCycle transactions.

It is unclear whether the association goes deeper. It is possible that GoodCycle was simply another location used by the scammers to launder their money.