The account that overpaid $500,000 in fees on Sept. 10 for a Bitcoin (BTC) transfer belonged to Paxos, according to a Sept. 13 statement from the company. Paxos claimed that end users have not been affected and all user funds are safe. Paxos is most well-known as the issuer of stablecoins, including PayPal USD (PYUSD) and Pax Dollar (USDP), but also runs a crypto brokerage firm that carries Bitcoin.
The statement comes after Twitter users were speculating that PayPal may have been responsible for the transaction, due to a related wallet account that had been identified by analytics platform OXT as belonging to PayPal. A Paxos representative told Cointelegraph that PayPal was not responsible, as the error was theirs, stating:
“Paxos overpaid the BTC network fee on Sept. 10, 2023. This only impacted Paxos corporate operations. Paxos clients and end users have not been affected and all customer funds are safe. This was due to a bug on a single transfer and it has been fixed. Paxos is in contact with the miner to recoup the funds.”
The mistaken transaction was first discovered on Sept. 10, shortly after it had occurred. According to blockchain data, the sender paid fees of approximately 20 BTC (over $515,000 worth at the time) to send just 0.07 BTC (worth less than $2,000 at the time). At the time, Casa wallet co-founder Jameson Lopp declared that the sending account “looks like an exchange or payment processor with buggy software” as it had made over 60,000 transactions from the same address.
The block that contained the transaction was confirmed by Bitcoin mining pool F2Pool. On Sept. 10, the pool’s management offered to return the funds to whoever sent the transaction, if a claim was made within three days. Otherwise, the exorbitant fee would be paid out to the pool’s hash power contributors.
Before Paxos made its statement, Bitcoin enthusiast Mononaut declared on Twitter that PayPal was responsible for the transaction.
The fat fingers belong to PayPal https://t.co/pKN0w5SfKB
— mononaut (@mononautical) September 13, 2023
According to Mononaut, the sending account bc1qr35hws365juz5rtlsjtvmulu97957kqvr3zpw3 had exhibited behavior that “closely matches the behavior of a now inactive wallet [bc1qhs3gptkxem5y7yaq2yg0un2m8hae6wt87gkx4n].” This inactive address was labeled “Paypal” by blockchain analytics platform OXT.
To add further evidence for their hypothesis, Mononaut pointed out that this old wallet address transferred its funds to the new address through an intermediate account. Bitcoin blockchain data shows that the old address labeled “Paypal” by OXT transferred approximately 18.5 BTC to address bc1qlm0xlahpysq2v9yh5rhcc430xjz3xknqqnyvaf on June 19. That account then sent around 5.37 BTC to the new address that later made the mistaken transaction. Lopp shared the thread, wondering aloud if PayPal would request their funds back.
Paxos later issued its statement confirming that the mistake had been theirs, not PayPal’s.
Paxos isn’t the first crypto user or company to potentially pay thousands of dollars in fees because of a mistake. In 2019, one Ethereum user lost over $300,000 when he mistakenly pasted values into the wrong fields. Luckily for him, the mining pool agreed to return 50% of the funds he lost. In 2020, another Ethereum user mistakenly paid $9,500 for a $120 trade. The user claimed that the mistake had “destroyed [his] life.”
In its statement, Paxos claimed that it had contacted the mining company that confirmed the transaction and is attempting to recover the lost funds.