Yesterday a transaction went through with an insane amount of miner fees.
Almost 20 bitcoin were paid to miners for a mere 0.074 BTC transaction.
That’s 500.000 dollars in today’s price.
You can see the transaction on the mempool block explorer.
https://mempool.space/tx/d5392d474b4c436e1c9d1f4ff4be5f5f9bb0eb2e26b61d2781751474b7e870fd
The pool’s owner, Satofishi posted that he could refund them if claimed.
https://x.com/satofishi/status/1701042302238724512?s=20
Even Mempool.space made fun of it with a meme.
Turns out, the sender was Paypal:
BREAKING: the entity that spent $510K on a single #Bitcoin transaction fee was PayPal
The software bug took them 24 hours to realize & halt withdrawals.
https://x.com/mcshane_writes/status/1701981466958184755?s=20
Mononaut did some blockchain sleuthing and figured out who it was:
https://x.com/mononautical/status/1701968059597042077?s=20
🚨🚨🚨 BREAKING 🚨🚨🚨
The fat fingers belong to PayPalI had initially discounted that possibility, but after receiving a tip-off I took another look.
The overpaid fee came from a hot wallet reusing the address bc1qr3…zpw3, which started operating in June of this year.
The on-chain activity is consistent with automated processing of fiat-denominated withdrawals, and also closely matches the behavior of a now inactive wallet bc1qhs…kx4n, which is labelled as PayPal on http://oxt.me.
https://oxt.me/address/bc1qhs3gptkxem5y7yaq2yg0un2m8hae6wt87gkx4n
In fact, the transition from the old wallet to bc1qr3…zpw3 is clearly visible on-chain, via an intermediate address bc1qlm…yvaf: https://mempool.space/tx/b7754e398d2ab2d2ac4c99d57146e6221293584a12eeacc8977f2a3f321e01e7
To make doubly sure, I verified by looking up some actual known PayPal withdrawals on-chain. Of course, it’s possible this is run by a third-party vendor, but as far as I know PayPal manages their Bitcoin in-house.
All evidence now points to a software bug like this as the cause of the error. I really feel for the developer who wrote that code – it’s such an easy mistake to make, and it should have been caught in review.
More importantly, there should have been monitoring and sanity checks in place to prevent actual loss of funds.
In reality, the system was apparently running completely unmonitored, since PayPal didn’t notice or halt withdrawals for almost 24 hours 😱
Some other thoughts:
– Single-address wallets are terrible for privacy. It was trivial to unravel PayPal’s entire wallet structure and payment history from one known tx.
– Bitcoin software is complex and unforgiving.
– Big companies are way worse at it than you might expect.
UPDATE:
https://x.com/Pledditor/status/1702062680394129852?s=20
Turns out that 500k USD #bitcoin network fee from earlier this week was a fat finger by custodial provider
@Paxos They *claim* it was only their corporate treasury and no customer funds were lost…. ….but that’s what they all say. Don’t leave your funds on custodians!
What do you think? Will you ever fat-finger a payment like that or will you be careful?
