The 25 Million Dollars Ethereum Heist
Two MIT-educated brothers are making headlines for allegedly stealing $25 million from the Ethereum blockchain in a mere 12 seconds according to an indictment, unsealed by the United States Department of Justice on Wednesday. “As we allege, the defendants’ scheme calls the very integrity of the blockchain into question,” U.S. Attorney Damian Williams said.
According to the DOJ, Anton, 24, and James Peraire-Bueno, 28, targeted transactions during a critical window - the brief period between when a transaction is submitted and when it's permanently added to the blockchain. By manipulating the process, they're accused of gaining access to these pending transactions and altering them to steal cryptocurrency from unsuspecting victims.
The DOJ alleges the brothers used a system called MEV-Boost to gain an advantage. MEV stands for Maximal Extractable Value, and Boost refers to a tool used by miners (now validators in Ethereum's Proof-of-Stake system) to prioritize transactions with higher fees. MEV-Boost essentially creates a marketplace where miners can choose the most profitable blocks to propose for adding to the blockchain. The indictment suggests the brothers might have found a way to manipulate this system. MEV-Boost separates the block proposer (validator) from the block builder. The builder searches for high-value transactions, while the validator proposes the block. This separation creates an information gap. The theory goes that the brothers exploited this gap.
These pending transactions, the DOJ explained, must be structured into a proposed block and then validated by a validator before it can be added to the blockchain, which acts as a decentralized ledger keeping track of crypto holdings. It appears that the brothers tampered with this process by "establishing a series of Ethereum validators" through shell companies and foreign exchanges that concealed their identities and masked their efforts to manipulate the blocks and seize Ethereum.
They allegedly employed the use of "bait" transactions, designed to attract the bots. After the bots took the bait. They exploited a vulnerability in the process commonly used to structure blocks to alter the transactions by reordering the blocks to their advantage, before adding them to the blockchain. When victims detected the theft, they tried to request the funds be returned, but the DOJ alleged that the brothers rejected those requests and hid the money instead.
The brothers took “numerous steps” to hide their identity, including setting up shell companies and using multiple private cryptocurrency addresses and foreign cryptocurrency exchanges to hide the money, prosecutors alleged.
The pair were arrested Tuesday. Each brother is charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. If convicted, they face a maximum sentence of up to 20 years in prison for each count.
“Unfortunately for the defendants, their alleged crimes were no match for Department of Justice prosecutors and IRS agents, who unraveled this first-of-its kind wire fraud and money laundering scheme,” Monaco, the deputy attorney general, said in her statement, adding that the Department of Justice would continue to root out fraud and support victims, “as cryptocurrency markets continue to evolve.”
Comments