Blockchain is Manipulated, and Here’s How

Have you ever seen suspicious (or seemingly impossible at first glance) transactions in a blockchain ledger? This story unveils secrets behind some unusual things, most of which go unnoticed in the blockchain space and explains in detail how it is possible for those things to even happen. These situations are not about well-known hacks and hackers, rather it’s more about what goes unnoticed in thousands of transactions happening minute by minute. Blockchain is still a secure thing if used properly. However, miners have a few more privileges than other network participants. TL;DR Before We Begin This article is about , currently the world’s most popular smart contract platform. We will look onto examples happening in Ethereum, through many of them apply to other blockchain platforms. Ethereum Note that this article doesn’t blame Ethereum nor any other blockchain. Ethereum is great and has many ways to improve like any other tech. We are living on the bleeding edge of technology, and such things as different crypto platforms change insanely quickly. There is little hope that this article will be accurate in a couple of years, if not months! Article’s Quick Agenda How to send transactions without paying transaction fees A list of actors that play with you and how you can play with them Where to find thousands of easily accessible (or not quite, and why) $ Where peoples’ investments RIP and how to avoid the same A couple more interesting cases and real examples Let’s Dig In Almost all public blockchains are transparent (except those which hide details by design like ), meaning that anyone can easily see all transactions in its history. That’s one of the main blockchain features — if you do something, it will become viewable history. Blockchain’s transparency enables us to explore and analyze the data. Monero Zero-Fee Transactions Take a look at as an example. This is a simple Ether (Ethereum “native” currency) transfer from one account to another. this transaction Transaction details screenshot from Etherscan You may notice that it transfers a very small amount of Ether (the equivalency of less than $0.000001). Obviously, such a small transfer doesn’t make sense, because the average transaction fee on Ethereum is about $0.01 to $0.1. However, this transaction was free to execute for its sender! As we can see from the image, the gas price was set to 0, which makes the transaction’s fee equal $0 (transaction fees in Ethereum are determined by multiplying the gas used for a transaction by the gas price set by a transaction signer, so ). Does this mean that someone has found a way to mine transactions for free? 21000 * 0 = 0 Well, one could guess that this transaction was possible because the network wasn’t loaded with other transactions at that moment, leaving miners with no option other than to include a free transaction on the blockchain. But that’s not the case, as there were thousands of other transactions in the pool at that moment. If everyone were able to execute their transactions for free, the network would have been overloaded with traffic it could not support. To understand how such a transaction could even happen, we need to look at some blockchain background. You might know that the data goes into blockchain after mining — a particular miner finding the right hash to a next block (that’s how Proof of Work, PoW consensus algorithm works). It’s not a secret that the who mines the block determines which transactions will be included. While most miners try to maximize their earnings by including transactions with the highest fees, nothing prevents them from choosing any other transaction they want. miner Thus, one thing that miners can do is to choose their own, “prepared in advance” transactions as candidates to be a part of the next block. Because Ethereum blockchain allows any transaction fee (gas price) to be set, miners have a chance to cheat a little with transactions, for example, by slightly changing their mined timestamps or mining their own transactions out of order. However, they still cannot tamper with other transactions (which are cryptographically secured by a public key cryptography), which makes blockchain as powerful and secure as it is today. You may be wondering, what about Proof of Stake (PoS) and other consensus algorithms or other blockchains? In Proof of Stake, for example, there’s no “mining”; the next miner is chosen in a pseudo-random way depending on some factors like the amount of currency they hold, block number, etc. But still, there is always a chosen guy who assembles the next block, and hence there is a chance for him to include or exclude particular transactions. The consensus algorithm can account more restrictions to prevent miners from cheating, but there are two things which are not easily dealt with: Excluding (banning) particular transactions from a block by a miner. Enabling miners to add their own transactions in-place. Not easily dealt with, at least for blockchain. Other distributed ledger technologies, like , can solve some of these problems, but nevertheless, they introduce that blockchain doesn’t have. There are not yet any known or practically proven algorithms that solve all these issues, including scalability. hashgraph other types of problems Miners that Play with You In Ethereum, we can simply identify which miners do these zero-fee transactions. Talking about feeless transaction we can see the block in which it was mined and that actually mined that transaction. We have no other information about the miner except for what is in Ethereum’s transactions history. Anyway, we can identify them easily by just by performing a quick search: that find the miner address 0x52e44f279f4203dcf680395379e5f9990a69f13c 0xb75D1e62b10E4ba91315C4aA3fACc536f8A922F5 0xb2d0cba76ed764c068d25bc9b620365fd5bf4a35 0xd4383232c8d1dbe0e03bdfab849871fa17e61807 … If we get back to the above zero-fee transaction and take a look at the destination address, we will find out that almost every transaction towards this address was mined for free by these miners. Let’s discover what the purpose of doing this is. By doing just a little more clicking on these addresses, we can find that suspicious address: (for example). Take a look at its transaction history: 0xa8015df1f65e1f53d491dc1ed35013031ad25034 There are a few things to note: This address has a lot of valuable tokens. The private key from this address was unveiled in comments by some anonymous guys (seems like you can take these tokens?). They also post private keys from other addresses with some tokens on them. To transfer tokens, you have to have some Ether in the account which owns these tokens in order to make a token transfer transaction (that’s how Ethereum and particular token smart contracts work). So to get tokens out of this address, you first need to make a transaction sending some Ether to this address, and then a transaction withdrawing tokens. But notice, once this address receives Ether, it almost immediately transfers it somewhere else, leaving the address with insufficient Ether for a token transfer. If we take a closer look at the outgoing transaction, we notice that its gas price is ridiculously high (sometimes 1000 times higher than required). So what is going on? Technically experienced people are fooling others who think that it’s easy to get tokens back from this address (because they have a private key!). But actually, all attempts to get tokens back are doomed. Bad actors run a script, which monitors this address for inbound Ether transactions and, once a transaction happens, they immediately publish their own transaction to the network grabbing sent Ether, because they own a private key too. Moreover, even if you publish two transactions at a time (one which deposits Ether and one which withdraws tokens), which practically can end up being mined in the same block, scammer’s script will immediately replace your second transaction with theirs, by always setting a higher gas price than yours. Hence, their transaction will always be mined before yours. This also explains the high gas prices above (4.). Taking into account that these scammers are somehow related to mining, you have no chance of beating them at their own game. You know how you beat Bobby Fischer? Play him in anything except chess. This “game” of stealing Ethereum worth almost $0 from exposed Ethereum accounts looks unprofitable for scammers unless someone sends a lot of Ether to these Ethereum addresses. story tells more about exactly how these scammers get , by hacking so-called “brain wallets” — Ethereum wallets generated from weak passwords or phrases. This such a big crypto portfolio More Historic Examples which fee is 1,000,000 times bigger than required. Intentionally (or mistakenly) overpriced transaction The most expensive in Ethereum history so far ( ). transaction more details Over 500+ before the tricky miner finally transferred their tokens without a fee (looks like they failed because the token smart contract locked them until the ICO finished; however, the miner could have been more clever and avoided wasting their resources on notoriously unsuccessful transactions by simply checking the success of the transaction before publishing it). failed transactions How many can the block include? ? (Mined by alpereum — one of the earliest Ethereum mining pools). free transactions More Conclusion Blockchain is quite secure by design. However, you have to take extra care and educate yourself before using blockchain for big things. In the widespread implementation of blockchain, miners (mining pools, staking pools, etc) eventually have more privileges than network users. They can include or exclude any transaction they want, without breaking any network rules. But still, they are motivated to keep the network fair to increase the value of their assets in it. However, nothing prevents them from cheating a little. While this type of cheating is mostly not harmful to others, having a network participant with more privileges is always unfair, and this is what is trying to be solved today. Explore Yourself Here’s a couple of useful resources for Ethereum: (quite popular Ethereum explorer) etherscan.io (displays many interesting tools and statistics) bloxy.info (displays network fees and has many stats on this) ethgasstation.info (interesting visualization of how blocks are mined) ethviewer.live (nice real-time visualization of mining activities) ethstats.net deadcoins.com (a curated list of dead coins) More related stories: A Christmas Ethereum Mystery Frozen: the story of the largest wallet burglary in Ethereum’s history, a massive mystery, and a tiny sliver of hope ( which is actually related to accounts described in this story) A cracker tool for cryptocurrency brainwallets and other low entropy key alogrithms (regarding problems with miners in ) The EOS Elephant in the Room EOS Currently, we’re developing a crypto ecosystem for , the ultimate teambuilding and skill-growing platform. We’ve already launched the (DREAM) and started accepting payments in it after . There’s more to come in the next few months. Follow our if you’re interested in learning more and following our progress. DreamTeam DreamTeam Token the real-world blockchain testnet application on 500k+ users DreamTeam Medium Hope you’ve found this article useful! for more interesting stories about crypto, development, and other useful things. Thanks! Follow me on Medium