Emerging Arrests For Two MIT Students That Fooled ETH Blockchain

Mike Leslie
May 16, 2024

Two MIT students allegedly stole $25M by exploiting an Ether (ETH) blockchain phenomenon, claims the U.S. Department of Justice (DOJ).

Inputs that matter: In a DOJ press release, U.S. Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question."

  • "The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe," Williams said.
  • Anton, 24, and James Peraire-Bueno, 28, were arrested Tuesday and charged with conspiracy to commit wire fraud and conspiracy to commit money laundering. The DOJ said each brother faces "a maximum penalty of 20 years in prison for each count."

The opportunity: The indictment explains in detail how the scheme allegedly worked by exploiting the Ethereum blockchain moments after a transaction was conducted but before the transaction was added to the blockchain.

  • The DOJ explained that these pending transactions must be structured into a proposed block and then validated by a validator before they can be added to the blockchain, which acts as a decentralized ledger keeping track of crypto holdings.
  • The brothers seemed to tamper with this process by "establishing a series of Ethereum validators" through shell companies and foreign exchanges that concealed their identities and masked their efforts to manipulate the blocks and seize Ethereum.
  • To do this, they allegedly deployed "bait transactions" designed to catch the attention of specialized bots often used to help buyers and sellers find lucrative prospects in the Ethereum network.
  • When bots snatched up the bait, their validators seemingly exploited a vulnerability in the process commonly used to structure blocks to alter the transaction by reordering the block to their advantage before adding it to the blockchain.
  • When victims detected the theft, they tried to request the funds be returned, but the DOJ alleged that the brothers rejected those requests and hid the money instead.

Zoom in: The indictment said the brothers, who studied at MIT, launched the alleged scheme in December 2022 after months of planning.

  • The alleged 12-second attack is related to the controversial practice of MEV, or maximal extractable value.
  • According to Wednesday's indictment, the Pepaire-Bueno brothers exploited MEV-boost, an MEV software used by most validators that run the Ethereum blockchain.
  • MEV-boost lets "block builders" assemble those mempool transactions into official blocks. MEV bots called "searchers" scour the mempool for profitable trading opportunities. They will sometimes bribe builders to insert or reorder transactions in a manner that would net them an extra profit.
  • According to Coinbase, "These MEV strategies can sometimes eat into the profits of end users."
  • Validators, the operators that ultimately add blocks to the Ethereum blockchain, take the pre-built blocks from MEV-boost and then write them to the chain, where they're cemented permanently.

Between the lines: The charges are significant because they represent a first-of-its-kind criminal action from the U.S. government related to the controversial practice of MEV, or maximal extractable value, whereby the operators of Ethereum (and similar blockchains) preview upcoming transactions from users to earn an extra profit for themselves.

  • MEV is the maximum value block producers (miners or validators) can obtain by including, reordering, or excluding transactions when producing a new block.
  • Originally called miner extractable value, maximal extractable value (MEV) is a strategy block producers (validators or miners) use to optimize their profitability by deliberately including, omitting, or changing the order of transactions during the block creation process.
  • It is sometimes called the "invisible tax" as it extracts extra value from a block on top of block rewards and transaction fees
  • Other independent network participants, or searchers, also profit from MEV opportunities through arbitrage, front-running, or liquidation. Generally, both smart contract-enabled proof-of-stake (PoS) networks and proof-of-work (PoS) systems facilitate MEV.

Follow the money: To uncover the scheme, the special agent in charge, Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office, said investigators "simply followed the money."

  • "Regardless of the case's complexity, we continue to lead the effort in financial criminal investigations with cutting-edge technology and good-ol'-fashioned investigative work, on and off the blockchain," Fattorusso said.
  • According to the indictment, the Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators.
  • "In effect, the Victim Traders sold approximately $25 million of various stablecoins or other more liquid cryptocurrencies to purchase particularly illiquid cryptocurrencies," the document said.
  • "In effect, the Tampered Transactions drained the particular liquidity pools of all the cryptocurrency that the Victim Traders had deposited based on their front run trades."
  • This meant the traders couldn't sell their new illiquid cryptos, which were "rendered effectively worthless," while the defendants made off with the $25 million in stablecoins and other "more liquid cryptocurrencies," the DOJ alleged.
  • The defendants then allegedly laundered the funds through various addresses and transactions, including converting the stolen funds into DAI and USDC.

Go deeper: Subscribe to the free newsletter to learn more.

Read More

  1. https://coinmarketcap.com/currencies/ethereum/
  2. https://arstechnica.com/tech-policy/2024/05/sophisticated-25m-ethereum-heist-took-about-12-seconds-doj-says/
  3. https://www.coindesk.com/policy/2024/05/15/brothers-accused-of-25m-ethereum-exploit-as-us-reveals-fraud-charges/
  4. https://www.ledger.com/academy/glossary/maximal-extractable-value-mev