Gone in 12 Seconds: Siblings Siphon $25M from Ethereum Blockchain
16 May 2024 at 11:22
Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, βGone in 12 secondsβ seems to be the new norm for digital heists. The U.S. Department of Justice arrested two siblings for attacking the Ethereum blockchain and siphoning $25 million of cryptocurrency during a 12 second exploit.
Hailing from Boston and New York respectively, Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, stand accused of a litany of charges including conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.
According to an unsealed indictment on Wednesday the brothers mixed their βspecialized skillsβ from their education at MIT with their expertise in cryptocurrency trading to exploit βthe very integrity of the (Ethereum) blockchain,β said U.S. Attorney Damian Williams.
The brothers meticulously planned the exploit scheme for months βand once they put their plan into action, their heist only took 12 seconds to complete,β he added.
βThis alleged scheme was novel and has never before been charged.βThrough the Exploit, which is believed to be the very first of its kind, Peraire-Bueno brothers manipulated and tampered with the process and protocols by which transactions are validated and added to the Ethereum blockchain.
The MEV Conundrum from Ethereum Blockchain Exploit
According to the indictment, the Pepaire-Bueno brothers initiated their scheme in December 2022, targeting specific traders on the Ethereum platform through what investigators term a "baiting" operation. At the heart of the indictment lies the concept of MEV-Boost, a software tool utilized by Ethereum validators to optimize transaction processing and maximize profitability. MEV, or maximal extractable value, has long been a subject of controversy within the cryptocurrency community, with proponents arguing its economic necessity and critics highlighting its potential for abuse. They exploited a critical flaw in MEV-Boost's code, granting them unprecedented access to pending transactions before their official validation by Ethereum validators. Leveraging this loophole, the siblings embarked on a sophisticated campaign targeting specific traders utilizing MEV bots. The indictment elucidates the modus operandi employed by the accused duo. The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. By establishing their own Ethereum validators and deploying bait transactions, they enticed MEV bots from these traders for their illicit scheme. Subsequently, through a series of meticulously orchestrated maneuvers, including frontrunning and transaction tampering, they siphoned off $25 million of cryptocurrency from unsuspecting victims β all in just 12 seconds. Following the successful execution of their nefarious scheme, the brothers allegedly laundered the ill-gotten gains through a network of shell companies. Converting the stolen funds into more liquid cryptocurrencies such as DAI and USDC, they attempted to rebuff attempts of victims and Ethereum representatives to recover the stolen cryptocurrency. Following their arrest on Tuesday, the brothers are set to appear in federal courts in New York and Boston to face charges. If convicted the brothers face a maximum sentence of up to 20 years in prison for each count. Deputy Attorney General Lisa Monaco lauded the Justice Departmentβs prosecutors and IRS agents, βwho unraveled this first-of-its kind wire fraud and money laundering scheme.ββAs cryptocurrency markets continue to evolve, the Department will continue to root out fraud, support victims, and restore confidence to these markets.β