The account that paid $500,000 to move $2,000 worth of Bitcoin was a Paxos server, the company said.
The account that paid more than $500,000 in fees on Sept. 10 for a Bitcoin (BTC) transfer belonged to Paxos, according to a Sept. 13 company statement. Paxos stated that end users were not affected and that all user funds are safe. Paxos is best known as an issuer of stablecoins, including PayPal USD (PYUSD) and Pax Dollar (USDP), but it also runs a cryptocurrency exchange that trades Bitcoin.
The statement comes after Twitter users speculated that PayPal may have been responsible for the transaction, due to a related wallet account that was identified by analytics platform OXT as belonging to PayPal. A Paxos representative told Cointelegraph that PayPal was not responsible, as the error was theirs, stating:
“Paxos overpaid the BTC network fee on September 10, 2023. This only affected Paxos corporate operations. Paxos customers and end users are not affected and all customer funds are safe. This was due to a single transfer error and has been fixed. Paxos is in contact with the mining company to recover the funds.”
The erroneous transaction was first discovered on September 10, shortly after it occurred. According to blockchain data, the sender paid fees of approximately 20 BTC (more than $515,000 at the time) to send just 0.07 BTC (worth less than $2,000 at the time). At the time, Casa Wallet co-founder Jameson Lopp stated that the sending account “looks like an exchange or payment processor with faulty software” as it had made more than 60,000 transactions at the same address.
The block containing the transaction was confirmed by the Bitcoin mining pool F2Pool. On September 10, the fund administration offered to return the funds to the sender of the transaction if the complaint was filed within three days. Otherwise, the exorbitant fee would be paid to the pool’s hash power contributors.
Before Paxos made its statement, Bitcoin enthusiast Mononaut claimed on Twitter that PayPal was responsible for the transaction.
According to Mononaut, the sender account bc1qr35hws365juz5rtlsjtvmulu97957kqvr3zpw3 exhibited behavior that “very closely resembles the behavior of a now-inactive wallet [bc1qhs3gptkxem5y7yaq2yg0un2m8hae6wt87gkx4n].” This inactive address has been marked as “Paypal” by blockchain analytics platform OXT.
To add further evidence to his hypothesis, Mononaut observed that this old wallet address transferred its funds to the new address through an intermediary account. Bitcoin blockchain data shows that the old address called “Paypal” by OXT transferred approximately 18.5 BTC to the address bc1qlm0xlahpysq2v9yh5rhcc430xjz3xknqqnyvaf on June 19. That account then sent around 5.37 BTC to the new address which then made the wrong transaction. Lopp shared the thread and wondered aloud whether PayPal would request his funds back.
Related: Coinbase Will Integrate Bitcoin Lightning Network: CEO Brian Armstrong
Paxos later issued a statement confirming that the error was theirs, not PayPal’s.
Paxos is not the first cryptocurrency user or company to pay potentially thousands of dollars in fees due to a bug. In 2019, an Ethereum user lost over $300,000 by mistakenly pasting values into the wrong fields. Fortunately for him, the mining pool agreed to return 50% of the funds he lost. In 2020, another Ethereum user mistakenly paid $9,500 for a $120 trade. The user claimed the error “destroyed [his] life.”
In its statement, Paxos stated that it has contacted the mining company that confirmed the transaction and is trying to recover the lost resources.