Bitcoin

Brothers Accused of $25 Million Ethereum (ETH) Exploit as US Reveals Fraud Accusations

Published

8 months ago

on

Two brothers have been arrested by the US Department of Justice for attacking the Ethereum blockchain and stealing $25 million worth of cryptocurrencies during a 12-second exploit, according to a report. indictment was revealed on Wednesday.

The indictment charges Anton Peraire-Bueno, 24, of Boston, and James Pepaire-Bueno, 28, of New York, with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.

The charges are significant because they represent unprecedented criminal action by the U.S. government related to the controversial practice of ME V, or maximum extractable value, whereby operators of Ethereum (and similar blockchains) view users’ upcoming transactions to earn extra profit for themselves. The government suggests in the indictment that the very existence of MEV illustrates how Ethereum itself is a vulnerable system.

“[T]The defendants’ scheme calls into question the very integrity of the blockchain,” said Damian Williams, U.S. Attorney for the Southern District of New York, in a press release.

According to Wednesday’s indictment, the Pepaire-Bueno brothers exploited MEV-boost, a MEV software used by most validators running the Ethereum blockchain.

The indictment explains how Ethereum works, highlighting its staking consensus mechanism and the role of validators as participants securing the network.

When users submit transactions to Ethereum, those transactions are not immediately written to the blockchain ledger. Instead, they are added to a “mempool” – a holding area for other transactions yet to be processed.

MEV-boost allows “block builders” to assemble these mempool transactions into official blocks. MEV bots called “searchers” scour the mempool for profitable trading opportunities and sometimes “bribe” builders to enter or reorder transactions in a way that would net them extra profit. (These “MEV strategies” can sometimes hurt end-user profits.)

Validators, the operators who ultimately add blocks to the Ethereum blockchain, take the pre-built blocks from MEV-boost and write them to the chain, where they are permanently cemented.

The Pepaire-Bueno brothers exploited a bug in the MEV-boost code that allowed them to preview the contents of blocks before they were officially handed over to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used decoy transactions to find out how these bots traded, lured the bots to one of their validators who was validating a new block, and basically tricked these bots into proposing certain transactions. The brothers allegedly confronted the bots in certain trades and also used their validator to “tamper” with the new block, sending a fake digital signature that gave them access to the full contents of the block and replacing “decoy transactions” with “tampered transactions.” In these tainted transactions, the brothers allegedly sold illiquid cryptocurrencies for which they had tricked victims’ trading bots into placing purchase orders.

“In fact, Victim Traders sold approximately $25 million worth of various stablecoins or other more liquid cryptocurrencies to purchase particularly illiquid cryptocurrencies,” the document said. “In effect, the tampered transactions drained the specific liquidity pools of all cryptocurrencies that the victim traders deposited based on their initial trades.”

This meant that traders could not sell their new illiquid cryptocurrencies, which were “effectively rendered worthless,” while the defendants made off with $25 million in stablecoins and other “more liquid cryptocurrencies,” the DOJ alleged.

The defendants then allegedly laundered the funds through multiple addresses and transaction sets, including converting the stolen funds into DAI and then USDC.

“These brothers allegedly committed unprecedented manipulation of the Ethereum blockchain, fraudulently gaining access to pending transactions, altering the movement of electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge. Thomas Fattorusso of the New York Field Office of IRS Criminal Investigation (IRS-CI) said in the release.

The indictment analyzes some of the investigators’ findings, including “a document laying out their plans,” the launch of shell companies, test transactions to identify best practices for attracting MEV bots, and Internet search histories.

TO UPDATE (May 15, 17:19 UTC): Adds details throughout.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version