PayPal’s cryptocurrency partner Paxos overpaid $510,750 for a transaction on the Bitcoin network.
The so-called “fat finger” mistake, implying human error, is now thought to be a bug.
The smoke clears
A crypto payment blunder originally attributed to PayPal was in fact made by its infrastructure partner, Paxos. PayPal uses Paxos to handle its growing integration with cryptocurrency networks and payments. Paxos also handles the PayPal stablecoin, PayPal USD (PYUSD).
The $510,750 overpayment came on Sept. 10. Mempool’s Mononaut spotted the error shortly after and reported the incident to their X (formerly Twitter) followers. Initial speculation blamed the error on a “fat finger”, but evidence to the contrary swiftly mounted.
“All evidence now points to a software bug like this as the cause of the error,” Mononaut wrote on X this Wednesday.
“I really feel for the developer who wrote that code; it’s such an easy mistake to make, and it should have been caught in review.”
Mononaut concluded that the system was likely running unmonitored since it continued running for 24 hours in the aftermath of the mistake. Given the huge sums of money involved, the general lack of oversight is worrying.
Some other thoughts:
– Single-address wallets are terrible for privacy. It was trivial to unravel PayPal's entire wallet structure and payment history from one known tx.
– Bitcoin software is complex and unforgiving.
– Big companies are way worse at it than you might expect.— mononaut (@mononautical) September 13, 2023
Paxos admits guilt
PayPal partner Paxos has now admitted that the error was theirs. The incident obviously raises questions about the competence of PayPal’s crypto partner.
A spokesperson for Paxos assures the public that the lost cash has no impact on user funds.
“This only impacted Paxos corporate operations,” the spokesperson told Decrypt on Wednesday.
“Paxos clients and end users have not been affected, and all customer funds are safe.”
A spokesperson for PayPal echoed much the same sentiments, making certain to assure customers that the incident was a problem for Paxos rather than PayPal.
“Paxos overpaid the BTC network fee on Sept. 10, 2023,” said PayPal. “This only impacted Paxos corporate operations. Paxos clients and end users have not been affected, and all customer funds are safe. This was due to a bug on a single transfer, and it has been fixed.”
I was annoyed and regretted agreeing to refund that 20 BTC. Especially when I saw the person claiming it kept saying EST instead of EDT/UTC. Last time a Zcash guy did that, I blocked his entire company.
Ref:https://t.co/MQh0ijLR11https://t.co/lxtcFH9mq3
So what should I do?
— Chun (@satofishi) September 13, 2023
Please Sir, can we have our money back?
Now that the source of the problem has been identified, Paxos is seeking to recoup the exorbitant fee from the lucky miner that received it.
X user Chun claims to be the miner in receipt of the 20 BTC. The miner is running a poll to determine what should happen to the fee.
At the time of press, the most popular choice was to distribute the fee to miners, with 35.7% of the vote. Refunding Paxos only holds 28.8% of the vote.
and then