After a week of research, it seems so The culprit of at least two of the suspicious ether transactions has been found (ETH) had a huge transaction fee.
As reported by the Chinese blockchain analytics company on June 16 PeckShield, the source address appears to be from the Korean platform GoodCycle, a peer-to-peer exchange (P2P) published this recently “offers investment opportunities” for its users.
According to PeckShield, this platform is shows all the signs of a Ponzi scheme, that would explain its rapid increase in popularity.
Analysts conducted a comprehensive study of the blockchain and they discovered that A wallet starting with “0xcdd6a2b” was the source of the first two transactions. The team was able to make a deposit on the GoodCycle platform and finally demonstrated that this went in that direction.
The ransomware theory is most likely
Analysts argue that due to the fact that GoodCycle is based on a pyramid scheme, it makes sense why he hasn’t moved forward to claim the money since then would compromise the trust of its users in the platform and consequently, would demolish the company.
Jeff Liu, co-founder of PeckShield, Cointelegraph said that GoodCycle could have been the victim of an attack although he added that “there are other options such as: internal operational errors. “
The PeckShield report notes this The exchange does not use the encrypted HTTPS protocol. That would make it trivial to hack your site too a man-in-the-middle attack (MITM).
A message from GoodCycle appears to confirm that the platform is being hacked and then blocks withdrawals and performing a “security update”.
GoodCycle announcement. Source: PeckShield
The victim contacted the mining basin
Two transactions Shipping to SparkPool and Ethermine today from a wallet identified as GoodCycle They are signed with the message “I am the sender”.
It seems likely that the team finally regained control, because hackers are unlikely to be able to complete the transaction.
When Liu was asked why the exchange didn’t close faster, That was one of the criticisms of blackmail theory, he replied:
“In my opinion, they are not very experienced and may need professional help to solve these operational problems.”
However, Ethermine has already decided to distribute the funds to the miners. while SparkPool has be committed to start the process even today.
The connection with PlusToken
The anonymous researcher Frank Topbottom was able to identify himself that different addresses are connected to the big one PlusToken’s Ponzi scheme had interacted with the address that was later linked to GoodCycle. In particular the well-known means of PlusToken You have sent ETH to the same payment address is used for some transactions on GoodCycle.
It is not clear whether the association is deeper. It is possible that GoodCycle was just another place where fraudsters launder their money.