News

Two MIT students accused of exploiting the Ethereum blockchain bug stole $25 million in cryptocurrency

Published

8 months ago

on

Just when you thought you’d seen it all when it comes to cryptocurrency theft, two MIT brothers have discovered a whole new way to steal millions.

According to the United States Department of Justice (DOJ) announcement on Wednesday, Anton Peraire-Bueno and James Peraire-Bueno were both charged with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. The brothers allegedly found a way to exploit the Ethereum blockchain and stole $25 million in cryptocurrency as a result.

“As we argue, the defendants’ scheme calls into question the very integrity of the blockchain,” U.S. Attorney Damian Williams of the Southern District of New York said in a statement. “The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, allegedly used their specialized skills and training to tamper with and manipulate the protocols relied on by millions of Ethereum users around the world .”

“Once the plan was in place, the robbery took just 12 seconds to complete,” Williams continued. “This alleged scheme was new and had never been alleged before.”

How two MIT students exploited the Ethereum blockchain

While part of the brothers’ plan may have only taken 12 seconds, the Department of Justice indictment makes it clear that they have been meticulously planning and preparing for months to successfully leverage the Ethereum blockchain.

On the Ethereum blockchain, transactions are verified not in chronological order, but by “maximum mineable value” or MEV, essentially how much value validators can gain from the transaction. Validators verify transactions and, in turn, add new blocks to the blockchain.

Speed ​​of light mashable

According to the Department of Justice, the two MIT students exploited a flaw in MEV-Boost, an open source software used by 90% of Ethereum validators. After discovering the exploit, Anton and James Peraire-Bueno created a series of validators using shell companies to hide their identities. The Justice Department says the two took “several months” to prepare for their plan.

The Peraire-Bueno brothers set their plot in motion by creating “decoy transactions” to trick “victim traders” into revealing their trading behaviors.

In April 2023, the two pulled off their $25 million cryptocurrency heist by “luring” the victim traders’ MEV robots with eight transactions containing “illiquid cryptocurrency” to be executed and then transferred into stablecoins and other liquid cryptocurrencies . These bundled “decoy transactions” by the brothers were scheduled to be verified by one of their validators.

From there, the brothers further exploited the system by forging signatures to trick the blockchain relay into releasing transaction information, which they then manipulated. As a result, Anton and James Peraire-Bueno walked away with $25 million and proceeded to take further steps to hide their alleged crime.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” he said. said the special agent in In a statement, Thomas Fattorusso of the New York field office of the IRS Criminal Investigation (IRS-CI) is accused. “In this case, the New York IRS-CI Cyber ​​Unit simply followed the money.”

According to the Department of Justice, the two left a trail of incriminating evidence, including a document that lays out the exploit in full detail, breaking down their plan into “four phases:” The bait, The opening of the block, The research and propagation.

Additionally, in the weeks and months following the exploit, the brothers’ search history revealed queries for terms such as “best cryptocurrency lawyers,” “wire fraud statute of limitations,” “money laundering,” “Ethereum address database fraudulent” and searches for countries with which the United States has extradition agreements.

The two face up to twenty years in prison for each charge.

Themes
Cyber ​​security
Cryptocurrency



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version