Have you ever seen suspicious (or seemingly impossible at first glance) transactions in a blockchain ledger?
This story unveils secrets behind some unusual things, most of which go unnoticed in the blockchain space and explains in detail how it is possible for those things to even happen. These situations are not about well-known hacks and hackers, rather it’s more about what goes unnoticed in thousands of transactions happening minute by minute.
TL;DR Blockchain is still a secure thing if used properly. However, miners have a few more privileges than other network participants.
Before We Begin
This article is about Ethereum, currently the world’s most popular smart contract platform. We will look onto examples happening in Ethereum, through many of them apply to other blockchain platforms.
Note that this article doesn’t blame Ethereum nor any other blockchain. Ethereum is great and has many ways to improve like any other tech. We are living on the bleeding edge of technology, and such things as different crypto platforms change insanely quickly. There is little hope that this article will be accurate in a couple of years, if not months!
Article’s Quick Agenda
- How to send transactions without paying transaction fees
- A list of actors that play with you and how you can play with them
- Where to find thousands of $ easily accessible (or not quite, and why)
- Where peoples’ investments RIP and how to avoid the same
- A couple more interesting cases and real examples
Let’s Dig In
Almost all public blockchains are transparent (except those which hide details by design like Monero), meaning that anyone can easily see all transactions in its history. That’s one of the main blockchain features — if you do something, it will become viewable history. Blockchain’s transparency enables us to explore and analyze the data.
Take a look at this transaction as an example. This is a simple Ether (Ethereum “native” currency) transfer from one account to another.
You may notice that it transfers a very small amount of Ether (the equivalency of less than $0.000001). Obviously, such a small transfer doesn’t make sense, because the average transaction fee on Ethereum is about $0.01 to $0.1.
However, this transaction was free to execute for its sender! As we can see from the image, the gas price was set to 0, which makes the transaction’s fee equal $0 (transaction fees in Ethereum are determined by multiplying the gas used for a transaction by the gas price set by a transaction signer, so 21000 * 0 = 0). Does this mean that someone has found a way to mine transactions for free?
Well, one could guess that this transaction was possible because the network wasn’t loaded with other transactions at that moment, leaving miners with no option other than to include a free transaction on the blockchain. But that’s not the case, as there were thousands of other transactions in the pool at that moment.
If everyone were able to execute their transactions for free, the network would have been overloaded with traffic it could not support. To understand how such a transaction could even happen, we need to look at some blockchain background.
You might know that the data goes into blockchain after mining — a particular miner finding the right hash to a next block (that’s how Proof of Work, PoW consensus algorithm works). It’s not a secret that the miner who mines the block determines which transactions will be included. While most miners try to maximize their earnings by including transactions with the highest fees, nothing prevents them from choosing any other transaction they want.
Thus, one thing that miners can do is to choose their own, “prepared in advance” transactions as candidates to be a part of the next block. Because Ethereum blockchain allows any transaction fee (gas price) to be set, miners have a chance to cheat a little with transactions, for example, by slightly changing their mined timestamps or mining their own transactions out of order. However, they still cannot tamper with other transactions (which are cryptographically secured by a public key cryptography), which makes blockchain as powerful and secure as it is today.
You may be wondering, what about Proof of Stake (PoS) and other consensus algorithms or other blockchains? In Proof of Stake, for example, there’s no “mining”; the next miner is chosen in a pseudo-random way depending on some factors like the amount of currency they hold, block number, etc. But still, there is always a chosen guy who assembles the next block, and hence there is a chance for him to include or exclude particular transactions. The consensus algorithm can account more restrictions to prevent miners from cheating, but there are two things which are not easily dealt with:
- Excluding (banning) particular transactions from a block by a miner.
- Enabling miners to add their own transactions in-place.
Not easily dealt with, at least for blockchain. Other distributed ledger technologies, like hashgraph, can solve some of these problems, but nevertheless, they introduce other types of problems that blockchain doesn’t have. There are not yet any known or practically proven algorithms that solve all these issues, including scalability.
Miners that Play with You
In Ethereum, we can simply identify which miners do these zero-fee transactions. Talking about that feeless transaction we can see the block in which it was mined and find the miner address that actually mined that transaction. We have no other information about the miner except for what is in Ethereum’s transactions history. Anyway, we can identify them easily by just by performing a quick search:
If we get back to the above zero-fee transaction and take a look at the destination address, we will find out that almost every transaction towards this address was mined for free by these miners. Let’s discover what the purpose of doing this is.
By doing just a little more clicking on these addresses, we can find that suspicious address: 0xa8015df1f65e1f53d491dc1ed35013031ad25034 (for example). Take a look at its transaction history:
There are a few things to note:
- This address has a lot of valuable tokens.
- The private key from this address was unveiled in comments by some anonymous guys (seems like you can take these tokens?). They also post private keys from other addresses with some tokens on them.
- To transfer tokens, you have to have some Ether in the account which owns these tokens in order to make a token transfer transaction (that’s how Ethereum and particular token smart contracts work). So to get tokens out of this address, you first need to make a transaction sending some Ether to this address, and then a transaction withdrawing tokens. But notice, once this address receives Ether, it almost immediately transfers it somewhere else, leaving the address with insufficient Ether for a token transfer.
- If we take a closer look at the outgoing transaction, we notice that its gas price is ridiculously high (sometimes 1000 times higher than required).
So what is going on?
Technically experienced people are fooling others who think that it’s easy to get tokens back from this address (because they have a private key!). But actually, all attempts to get tokens back are doomed.
Bad actors run a script, which monitors this address for inbound Ether transactions and, once a transaction happens, they immediately publish their own transaction to the network grabbing sent Ether, because they own a private key too. Moreover, even if you publish two transactions at a time (one which deposits Ether and one which withdraws tokens), which practically can end up being mined in the same block, scammer’s script will immediately replace your second transaction with theirs, by always setting a higher gas price than yours. Hence, their transaction will always be mined before yours. This also explains the high gas prices above (4.).
Taking into account that these scammers are somehow related to mining, you have no chance of beating them at their own game. You know how you beat Bobby Fischer? Play him in anything except chess.
This “game” of stealing Ethereum worth almost $0 from exposed Ethereum accounts looks unprofitable for scammers unless someone sends a lot of Ether to these Ethereum addresses. This story tells more about exactly how these scammers get such a big crypto portfolio, by hacking so-called “brain wallets” — Ethereum wallets generated from weak passwords or phrases.
More Historic Examples
- Intentionally (or mistakenly) overpriced transaction which fee is 1,000,000 times bigger than required.
- The most expensive transaction in Ethereum history so far (more details).
- Over 500+ failed transactions before the tricky miner finally transferred their tokens without a fee (looks like they failed because the token smart contract locked them until the ICO finished; however, the miner could have been more clever and avoided wasting their resources on notoriously unsuccessful transactions by simply checking the success of the transaction before publishing it).
- How many free transactions can the block include? More? (Mined by alpereum — one of the earliest Ethereum mining pools).
Blockchain is quite secure by design. However, you have to take extra care and educate yourself before using blockchain for big things.
In the widespread implementation of blockchain, miners (mining pools, staking pools, etc) eventually have more privileges than network users. They can include or exclude any transaction they want, without breaking any network rules. But still, they are motivated to keep the network fair to increase the value of their assets in it. However, nothing prevents them from cheating a little.
While this type of cheating is mostly not harmful to others, having a network participant with more privileges is always unfair, and this is what is trying to be solved today.
Here’s a couple of useful resources for Ethereum:
- etherscan.io (quite popular Ethereum explorer)
- bloxy.info (displays many interesting tools and statistics)
- ethgasstation.info (displays network fees and has many stats on this)
- ethviewer.live (interesting visualization of how blocks are mined)
- ethstats.net (nice real-time visualization of mining activities)
- deadcoins.com (a curated list of dead coins)
More related stories:
- A Christmas Ethereum Mystery
- Frozen: the story of the largest wallet burglary in Ethereum’s history, a massive mystery, and a tiny sliver of hope
- A cracker tool for cryptocurrency brainwallets and other low entropy key alogrithms ( which is actually related to accounts described in this story)
- The EOS Elephant in the Room (regarding problems with miners in EOS)
Currently, we’re developing a crypto ecosystem for DreamTeam, the ultimate teambuilding and skill-growing platform. We’ve already launched the DreamTeam Token (DREAM) and started accepting payments in it after the real-world blockchain testnet application on 500k+ users. There’s more to come in the next few months. Follow our DreamTeam Medium if you’re interested in learning more and following our progress.
Hope you’ve found this article useful! Follow me on Medium for more interesting stories about crypto, development, and other useful things. Thanks!