They had everything planned.
In late 2022, the Perer Bueno brothers, in their 20s who graduated from prestigious universities and set their sights on blockchain, end up reaping $25 million in one of the most sophisticated exploits of the last decade or so. We have started working on this. Frequent cryptocurrency exploits. They initially outlined a four-step plan, according to U.S. prosecutors.
First up is “The Bait.” Next was “Unblinding the block,” followed by “The Search,” and finally “The Propagation.”
“Over the next several months, the defendants followed each step outlined in the exploit plan,” the report said. indictment.
The exploit occurred thanks to a vulnerability discovered in MEV-boost, a software used by the brothers. Approximately 90% Validators running the blockchain allow transactions within blocks to be confirmed before they are officially sent to the validators.
MEV, or Maximum value that can be extractedsometimes known as the “invisible tax”, which validators and builders collect from users by reordering and inserting transactions within blocks before the transactions are added to the blockchain. can.
This practice is sometimes compared to traditional stock market front-running, but since it is difficult to eradicate completely, the Ethereum community has more or less accepted this practice, and has tried to minimize the negative effects. There is only.
One of those mitigation strategies is through the use of the software program MEV-Boost. Approximately 90% use Ethereum validator. The idea is to allow all participants to earn her MEV more fairly.
The prosecution clearly acknowledges this “this is how we do it'' attitude in the indictment.
According to the indictment, “tampering with these established MEV-Boost proposals, which the majority of Ethereum users rely on, threatens the stability and integrity of the Ethereum blockchain for all network participants.” It will be a threat.”
In Ethereum, users submit transactions that are added to a “mempool” (an area where transactions are in a retention pattern).
MEV-boost allows a “block builder” to assemble these mempool transactions from memorypools and place them into blocks.
MEV bots, or “searchers,” then examine the memory pool to assess which transactions have the potential to be profitable, and in some cases bribe block builders to Rearrange or insert to squeeze out additional profits. -Once you boost and add ink to your chain, you can't go back.
All these steps are typically performed automatically by the software within seconds.
In this case, what Perer and the Bueno brothers did was target three MEV bots that didn't have certain checks in place, and set up 16 validators designed to lure the bots. .
When a searcher bundles transactions, there is a target transaction, a transaction signed before it, and a transaction signed after it.
“The rules of the game are, ‘I pass this bundle, and this bundle must execute atomically.’ That is, it will only execute if it contains all three transactions in exactly this order; Otherwise it won't run,'' Matt Cutler, CEO of blockchain infrastructure company BlockNative, told CoinDesk in an interview.
Because the brothers set up malicious validators, the goal has always been to isolate transactions and seize opportunities to exploit bots that don't have those checks in place.
“Honeypot trading was extremely lucrative, and the bots had no checks in place to prevent certain situations from occurring, essentially trusting the integrity of the validators and the MEV Boost ecosystem, making it difficult for malicious actors to do so. One validator was able to gain access to the signed transactions and manipulate the signed transactions to exfiltrate $25 million in funds from the bot,” Cutler said. Stated.
Among its allegations, the government claims that its activities, which target critical junctures in the internal structure of a blockchain at a technical level even for experienced blockchain developers, deviate from community norms and fall into the realm of fraud. I went out of my way to prove that I was in it. .
Specifically, the brothers were accused of sending “fake signatures” in place of valid digital signatures to key players in the chain known as “relays.” The signature is required to reveal the contents of the proposed trading block, including all potential profits contained within the bundle.
“In this process, relays function in a manner similar to escrow accounts, temporarily maintaining private transaction data for a proposed block until the validator commits to publishing the block to the blockchain as ordered. ,” prosecutors wrote. “The relay will not release the transactions in the proposed block to the validator until the validator confirms through a digital signature that it will publish the proposed block structured by the builder to the blockchain.”
Prosecutors said that based on their investigation and planning, the brothers were “constructed to use the information contained in the false signatures to trick Relay into prematurely disclosing the entire content of the proposed block, including personal information, to the defendants.” “I knew that I was actually doing that.'' transaction information,” according to the indictment.
As Cutler said, “Stealing is stealing, regardless of the conditions that make it possible to steal.”
“Just because the car door is open doesn't mean it's safe to break into the car, right?” he said.
Ethereum is often susceptible to controversial MEV trading practices, such as front-running attacks and so-called sandwich attacks. However, many key players in the MEV ecosystem view last year's exploit as pure theft.
Taylor Monahan, lead product manager at MetaMask, said: I wrote to X “Yeah, if you steal and launder $25 million, you should expect to spend a long time in prison, right?”
“You could say this is a bit of a heist for a robber, but in any case it's clearly an abuse and violation of the ruleset in a way that appears to violate established law in the jurisdiction.” It was definitely a manipulation,'' Cutler said.
Almost as if to drive home this point, the government revealed that in the weeks following the exploit, Anton Perer-Bueno was “a leading cryptocurrency lawyer,'' among others, and “How long will we remain in this position?'' I searched online.'' [sic] 'Limit', 'Wire Fraud Act/Wire Fraud Act [sic] “The Limits of Limits”, “Illegal Ethereum Address Database”, “Money Laundering Statue” [sic] There is a limit. ”
Prosecutors also noted that the day after the exploit, James Peraire-Bueno sent an email to a bank representative asking for a “safe deposit box big enough to fit a laptop.”
