Two brothers attending MIT took months to plan how to steal, launder, and hide millions of dollars in cryptocurrency, but it took just 12 minutes to actually carry out the heist. It only took seconds.
Brothers Anton Perer-Bueno and James Perer-Bueno were indicted by federal prosecutors this week for a sophisticated and novel scheme that exploited weaknesses in Ethereum's blockchain process to steal $25 million in Ethereum cryptocurrency. Ta. Subsequently, after the April 2023 theft incident, they concealed the stolen digital assets through acts such as transferring some of them to other private crypto addresses and converting them into other stablecoins. It took several more months to do so.
According to the indictment, these two manipulated processes and protocols are used to verify and add transactions to the Ethereum blockchain.
“In doing so, they gained unauthorized access to pending personal transactions and used that access to modify certain transactions and obtain victims' virtual currency,” prosecutors wrote in the indictment. He added, “I used the specialized skills I developed during my education.''Cryptocurrency trading expertise and [to exploit] This is the integrity of the Ethereum blockchain. ”
Anton, 24, of Boston, and James Perelle-Bueno, 28, of New York, were charged with wire fraud and money laundering for the scheme, which was planned in the months leading up to the theft. ing. In the meantime, they have shared online documents describing their exploits, set up shell companies, used intermediate crypto addresses, foreign exchanges, and privacy network layers, and traded cryptocurrencies and cryptocurrencies with limited “know-your-customer” He allegedly searched online for ways to launder currency exchanges. ” as a way to hide their true identity.
cipher lost by numbers
The amount of cryptocurrencies lost to cybercrime continues to grow. Blockchain analysis firm Chainalysis said in a January report that by 2023, $24.2 billion in cryptocurrencies will be received at fraudulent addresses through everything from scams and stolen funds to ransomware and fraud, resulting in on-chain transactions. He said that it accounted for 0.34% of the total.
Although this is a significant decrease from the $39.6 billion in losses in 2022, researchers believe that this total includes a large number of previously unknown and highly active hosts hosted on sanctioned services. address and $8.7 billion claimed by creditors in the NTX lawsuit. And the numbers for 2023 are likely to increase even more as more thefts are discovered.
Life on the Ethereum blockchain
Prosecutors use the brothers' actions in the indictment as a kind of guide through the world of cryptocurrencies and blockchains, at least Ethereum and its blockchains. Ethereum and its blockchain are used by millions of people around the world, with an average of more than 1 million transactions per day in 2023. I have written.
Validators determine that a new block of recorded transaction information is valid before it is added to the blockchain. This is a process that ensures the integrity and security of the blockchain, and validators are paid a portion of the maximum extractable value (MEV) of a transaction. Configure blocks. Even if a transaction is made, it is not immediately registered on the blockchain. It resides in a memory pool (or mempool) with other transactions and is publicly visible.
MEV is the maximum value available when publishing a new block to the blockchain, and the lack of a block construction protocol makes the network unstable as validators compete for MEV opportunities . According to the indictment, MEV-Boost is open source software created to bring more order to the process through protocols that govern how transactions are organized into blocks. About 90% of Ethereum validators use his MEV-Boost.
Then there are searchers, builders, and relays, and validators give them the job of building blocks according to the protocol. The searcher uses her automated MEV bot to scan the memory pool for profitable opportunities and sends a bundle of proposed transactions to the builder. The builder compiles bundles from different searchers into one block and proposes it to the relay, which sends the block header containing information such as payments to the validator. A validator comes to validate the proposed block.
All of this is done automatically using software and takes only a few seconds, according to the indictment.
Prosecutors say the relay is like a bank escrow account, which holds private information about blocks proposed by builders until a validator commits to putting them on the blockchain.
Focus on MEV-Boost
Peper Buenos noticed a weakness in the MEV-Boost software. They targeted three MEV bots with no specific checks, created 16 validators, and ran “bait” test transactions to lure the bots.
“In doing so, the defendants learned the trading behavior of the victim traders' MEV bots,” the indictment states.
On April 2nd, they learned that one of their validators had been selected to verify the new block. They lured the victim's MEV bot by suggesting her at least eight specific transactions that the bot knew would be included in the proposed bot. This allowed them to falsify transactions and obtain approximately $25 million worth of traders' cryptocurrencies. The whole process took him 12 seconds.
“These brothers committed a first-of-its-kind attack on the Ethereum blockchain by illegally accessing pending transactions, altering the movement of electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims. ”, Thomas Fatrusso specifically said. The agent in charge of the IRS Criminal Investigation New York Division said in a statement.
Months after the heist, the brothers ignored requests by one of the victims, the victim's attorney, and Ethereum representatives to return the stolen digital assets and worked to launder the cryptocurrencies. They searched online for cryptocurrency exchanges that could be used to launder ill-gotten gains, as well as terms such as “money laundering” and “exploitation” and information about U.S. extradition practices.
Recent articles by author
