[HELP] Ethereum Transaction

[GreatArkansas]

I just want to ask some questions about what I saw in a post in social media with this  guy lost almost 1 ethereum.

Here's what happened;

The guy got an ethereum from exchange and withdraw it there going to his metamask wallet (ethereum).

After the transaction from exchange for withrawal confirmed in Ethereum network, after 3-5 seconds, there is a new transaction made from his metamask wallet that the ethereum was recently received it were sent to another ethereum address.

The weird here is the amount of ethereum was sent to another address is too small, example like 0.08 eth was sent and the transaction fee is 0.8 eth.
Transaction fee is much higher than the value sent.

The miner was Spark Pool (https://etherscan.io/address/0x5a0b54d5dc17e0aadc383d2db43b0a0d3e029c4c)


Anyone got idea about this? Does it seem his metamask wallet is compromised?

[Little Mouse]

Metamask is not compromised, it's the wallet of the user which got compromised and a kind of bot/script was made to automation of transaction once the address receive any ETH.
Interesting part is why the hacker would use such high fee? I have no idea about the fee part.

[sheenshane]

It's been rumored about the high fees of ETH last month and probably a mistake or even this is their new ATH.  


Source:

I assumed this is a mistake by miners, try to approach the exchange company to talk or try to communicate the mining pool company the "Spark pool" that might recover the high fee sent. Another option is your friend directly communicate with the Spark Pool mining. ( support@sparkpool.com )

As I see, this is a very common problem now by the Ethereum, a huge high fees in the transaction.

[pakhitheboss]

The fee is certainly very high, I read somewhat same issue last month but the fee was later on refunded back to the users wallet. You can read it here

That automatic transfer on Metamask cannot happen unless the user has set up the transfer, or if the wallet has got compromised. The chance of wallet getting compromised is very high.

[GreatArkansas]

Metamask is not compromised, it's the wallet of the user which got compromised and a kind of bot/script was made to automation of transaction once the address receive any ETH.

Sorry, what I mean is the wallet of the person is compromised, not the metamask itself.

(....)
I assumed this is a mistake by miners, try to approach the exchange company to talk or try to communicate the mining pool company the "Spark pool" that might recover the high fee sent. Another option is your friend directly communicate with the Spark Pool mining. ( support@sparkpool.com )

(....)
That automatic transfer on Metamask cannot happen unless the user has set up the transfer, or if the wallet has got compromised. The chance of wallet getting compromised is very high.

The exchange is not involve any of this anymore because the transaction from the withdrawal of users on their exchange is already successful.

The transaction I am talking is new, once the address got available balance after the first transction was succeed (exchange withdrawal) there is new transaction made and that's the time transaction fee is much higher compare the value was sent.

And as per user, he didn't initiate any transaction of that, what only he did was withdraw the ethereum from the exchange to his ethereum wallet.

[Little Mouse]

Sorry, what I mean is the wallet of the person is compromised, not the metamask itself.

Sorry my bad. I was on phone and felt sleeping. That's why may be I have misunderstood you.
Anyway, I just found a thread where there was a same hacking case- https://bitcointalk.org/index.php?topic=5136644.msg50791077#msg50791077, you may get some idea.

[Yaunfitda]

It's probably that the ETH wallet itself was compromised. However, the attacker might have a flow in his code that's why you see some weird transactions, fee is high as compare to the amount being transfer. So obviously, the next logical thing to do is not used that wallet anymore, or better yet, check the machine itself, it could have been some virus/malware that can potentially steal more of his crypto. It's good thought that the amount is not the big.

[MadeMen]

I believe the issue of compromise was from the users wallet and not from metamask. I personally don't use metamask anymore after my wallet was compromised and it sent 0.45 ethereum twice to an unknown wallet and I lost about 1 ethereum to the hacker. It feels really bad because that was the first time I got 1 ethereum that I can call mine. I later found out that I installed a compromised extension from the app store and it gave the hacker access to my funds.

[Chuky92]

Metamask has been around for a long time now and hence has built a good reputation for themselves thus I might find it hard believing that the fault is from Metamask, however I think somehow the users wallet is compromised. No one might adequately say how the wallet got compromised except the owner or maybe not but nevertheless scammers are getting more Informed everyday and hence we have to be careful as well. Lastly, the fee part looks absurd and looks likely to what happened few weeks ago on how a huge ETH was used as fee for a small amount of ETH; but however this is a case of compromised wallet and therefore the owner should consider using another wallet henceforth.

[Krislaw]

There is no reason other than wallet being compromised.
Some friends experienced same thing in 2018 but in their case it was their tokens. Some sort of script was programmed in their wallet whereby any incoming transaction gets sent out automatically to a wallet address.
I guess in that guy's case, the script was not written well, making the fee high instead of the amount.
My advice is for the guy not to use the wallet or even the PC because it might have some malware in it.

[Little Mouse]

There is no reason other than wallet being compromised.
Some friends experienced same thing in 2018 but in their case it was their tokens. Some sort of script was programmed in their wallet whereby any incoming transaction gets sent out automatically to a wallet address.
I guess in that guy's case, the script was not written well, making the fee high instead of the amount.
My advice is for the guy not to use the wallet or even the PC because it might have some malware in it.

The issue here is not of being hacked the wallet but the strange transaction where the fee was 0.80 ETH for a tx of 0.08 ETH. I think that's what OP is looking answer for. Otherwise, it is easily detectable that wallet was compromised.
Someone on the earlier 1m + fee issue on ETH has pointed out that sparkpool has some kind of relation with that tx other than mining it only. May be this one too.

[tabas]

The guy probably has downloaded some app that contains malware and has it activated. While the culprit is just waiting for him to transact and receive some ETH from that wallet and then the hacker has transferred it quickly without him noticing it.
He has to recall all the apps he has used and required his wallet to log in.