This morning I tried to enter the BAT ICO using MyEtherWallet. I had 20 ETH in my account. Later this evening, I wanted to transfer my ETH away and to my dismay, they weren't there. This was strange. This led me down a pretty interesting chase.

This is the account history of MyEtherWallet account: https://etherscan.io/address/0x7aaafe93355498af4E6Bf33267168c4e5E27408C A transfer in, two attempts at BAT ICO and a tx-out for 19.88 ETH: https://etherscan.io/tx/0x21fcf9025650b3e8bc68da56c1e1755869ee754da8bce29255500a89710280a4 The last transaction out was the fraudulent one which I hadn't done.

Who was this transaction to? An account with hash of public key: 0xe847F9abc3C8986De276648224E916821BD7D68f. This account basically sends the transaction forward to another account 0x8271b2e8cbe29396e9563229030c89679b9470db. A quick scan of the transaction reveals that this account is receiving a lot of transactions constantly and currently has over $1.6M in ETH. Who is this account transacting with? Well, some of the connected accounts (outgoing tx) have similar amounts of ethers – emptying accounts all the time. This is HUGE and been going on for a while!

Who owns this fraudulent account? A quick Google search and I land on a Poloniex conversation between zyplok and smallbit concerning a microtransaction from the same account gone awry. Zyplok owns the account. Who's zyplok and what does the internet know about zyplok?

Well, a lot! For starters, Zyplok.com is a "bitcoin mining" system run by IG:shanefr0mmaine. A few more searches later, the github (https://github.com/ar7ik) and an address in Portland, Maine.

So what's next? While zyplok depletes a ton of accounts, I'll report the activity to Poloniex, Kraken and the other exchanges. And zyplok, if you're reading this, can I get my ETH back please? (new address: 0x8D707851d45Efcc6553fF4ABfE93B20003920aab)