Miner hacks through the gas in the polygon network?

A customer of our platform has told us that he has run out of credit after sending a deposit to his account.

We checked that just received 10 POLs, we are in the polygon network, an almost automatic transaction of 1 POL to the next account was executed:

Apart from the fact that his private key is probably compromised what caught our attention is that the theft is done via gas.

That is, the transaction is small, but what leaves the account empty is the cost of gas, which is usually 100 times the amount of the transaction as you can see in the image:

We have never seen anything like this before.
And it doesn't make much sense unless the miner is the one stealing from the accounts he captures.

Does this make any sense?

Our client received 10 POLs. And a transaction of 1 POL with a gas of 9 POLs was executed immediately and the balance was emptied:

This account is constantly receiving balance with exaggerated gas costs from probably hacked accounts.

This is our assumption. But I share this post for you to analyse this case and you can confirm or not what we think. That it is a miner who has hacked these accounts capturing the profit through gas and not through transactions.

I share the account:

No one sees anything strange about this account?

Seems like transferring 1 POL with the value of 9 POL, maybe the user just wants the transaction to be confirmed as quickly as possible, or maybe the user passed the value incorrectly, it should be sending 9 POL with the value of 1 POL, not sure.

No.
The user did not make such transactions.
The account was hacked.
He received 10 pols and they immediately made a 1 pol transaction with that gas.

If you look at the image that account keeps receiving transactions from many sites with a gas ten times higher than the transaction itself.

The question I was asking is why is the hacker acting like this?
Could it be that the hacker is the miner?

I see, that makes sense, the account has been hacked, so the hacker uses a high gas price to transfer funds. As for if the hacker is the miner, not sure, high gas just means confirmation quickly.

But if you hacked an account you would send the entire balance and not pay that gas to be confirmed first?

It doesn't make sense.

Unless you are the miner and capture that transaction on the blockchain and take it with you. Hiding your theft since the transaction is small.

Does this make sense?

Both user and hacker can control the account, so now, if the account has 10 POL, the user wants to withdraw funds, may he can send with 1 POL as gas, the hacker wants to get the funds, he has to use a higher gas to make his transaction confirmed before the user. So how to decide this higher gas, the hacker use 9 POL as gas to get 1 POL, for the user, maybe he will do not do like this, but for the hacker, these funds are not him, so it does not matter to spend 9 POL as gas.

Even though the hacker is a miner, he can not guarantee he mines the next block to get the high gas, so the high gas just ensures that the transaction is confirmed as quickly as possible.

So the mystery continues.

1 Like