A customer of our platform has told us that he has run out of credit after sending a deposit to his account.
We checked that just received 10 POLs, we are in the polygon network, an almost automatic transaction of 1 POL to the next account was executed:
Apart from the fact that his private key is probably compromised what caught our attention is that the theft is done via gas.
That is, the transaction is small, but what leaves the account empty is the cost of gas, which is usually 100 times the amount of the transaction as you can see in the image:
This account is constantly receiving balance with exaggerated gas costs from probably hacked accounts.
This is our assumption. But I share this post for you to analyse this case and you can confirm or not what we think. That it is a miner who has hacked these accounts capturing the profit through gas and not through transactions.
Seems like transferring 1 POL with the value of 9 POL, maybe the user just wants the transaction to be confirmed as quickly as possible, or maybe the user passed the value incorrectly, it should be sending 9 POL with the value of 1 POL, not sure.
I see, that makes sense, the account has been hacked, so the hacker uses a high gas price to transfer funds. As for if the hacker is the miner, not sure, high gas just means confirmation quickly.
Both user and hacker can control the account, so now, if the account has 10 POL, the user wants to withdraw funds, may he can send with 1 POL as gas, the hacker wants to get the funds, he has to use a higher gas to make his transaction confirmed before the user. So how to decide this higher gas, the hacker use 9 POL as gas to get 1 POL, for the user, maybe he will do not do like this, but for the hacker, these funds are not him, so it does not matter to spend 9 POL as gas.
Even though the hacker is a miner, he can not guarantee he mines the next block to get the high gas, so the high gas just ensures that the transaction is confirmed as quickly as possible.