How two brothers allegedly swiped $25M in a 12-second Ethereum heist

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million).

The pair – computer scientists Anton, 24, of Boston, and James Pepaire-Bueno, 28, of New York – are accused of carrying out what deputy attorney general Lisa Monaco called a "technologically sophisticated, cutting-edge scheme they plotted for months."

"The defendants' scheme calls the very integrity of the blockchain into question," added United States attorney Damian Williams.

"The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe. And once they put their plan into action, their heist only took 12 seconds."

Some background

Cryptocurrency blockchains, including the one behind Ethereum and its native coin Ether, are pretty much a decentralized append-only log file of transfers, and use cryptography to maintain the integrity of the log. That makes a blockchain essentially a public ledger of every single transaction that takes place, and users can only make transactions with money they actually have. These transactions are grouped onto blocks that are chained together, hence the name.

And a whole load of cryptocurrencies – from stablecoins such as Tether that's pegged to one US dollar apiece, to roller-coaster meme-coins like Shiba Inu and Pepe – use the Ethereum blockchain; it's not just Ether.

The stewardship of the Ethereum blockchain is entrusted to validators, which are typically automated systems directed by human operators. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to approve by vote and securely add to the chain.

Generally speaking, validators must each stake 32 Ether (equivalent right now to $100,000). When randomly picked to propose a new block for the chain, a validator has roughly 12 seconds to complete that operation and offer a valid block to its peers to verify and accept for the chain. If validators misbehave, they face losing their stake; if they perform as expected, they are rewarded.

It does get a bit more complicated in practice. Where do these proposed blocks mainly come from? Well, while awaiting confirmation on the blockchain, pending transactions sit in a public staging area called the memory pool or mempool. Bots called searchers rifle through those pending transactions, and using fun algorithms assemble bundles of transactions for builder bots to package together into blocks for validators to consider for the chain. In fact, builder bots can also use interesting algorithms to combine and optimize bundles from multiple searchers to craft these proposed transaction blocks.

The builders stand to receive a reward in terms of fees and other sources when their proposed blocks make it onto the chain, and the validators approving the blocks get a cut of that income.

It's in the interests of the validators to pick the blocks that are the most profitable, it's in the builders' interests to construct blocks that look attractive to validators, and the blockchain's users pay fees to get their transactions picked up. The builders and their searchers get to order the transactions in the blocks as they see fit; the transactions execute in that order when the block gets the green light.

The builders offer their proposed blocks to validators via relays. The relays only provide just enough info to the validators for those bots to determine how much they stand to gain from accepting a particular block, and not the specifics of the transactions; when a validator accepts a block for processing, it gets the full details from the relay to analyze and attest. Nine out of ten validator bots use an open source program called MEV-Boost to communicate with multiple relays to select the most-rewarding block from a whole range of builders competing for a payout.

This design is supposed to be resilient to manipulation and other shenanigans while ensuring all these bot operators get paid for keeping this decentralized system going. However, according to an indictment [PDF] unsealed on Wednesday, the brothers exploited a weakness in the MEV-Boost project's code to make off with millions in crypto.

The MEV in MEV-Boost stands for Maximum or Maximal Extractable Value, and is fairly complex, but essentially it's what the validators, builders, and their searchers stand to make from crafting, proposing, and attesting a block of carefully picked and ordered transactions from the mempool buffer. And as we said, there are various ways these participants can make money off this validation process.

For example, there's nothing stopping mempool searchers from doing currency arbitrage. A searcher bot can clock from the mempool transactions that users are buying up a particular cryptocurrency, which will increase the market value of that token. The searcher can form a bundle of transactions that begins with the bot's operator acquiring that cryptocurrency, then includes other people's pending mempool transactions for that coin, and finishes with the bot selling the coin. If that carefully arranged bundle makes it into an offered block, and is picked by a validator and accepted onto the chain, the transactions execute in order, and the searcher stands to make a profit from selling the coin at a higher price than it was bought at as the market value increased during the process. The searcher can offer to pay block builders to use its bundle knowing it will still make a profit.

Searchers and builders set the order of transactions in a proposed block, but so can validators: A validator chosen by the system to provide the next block can go it alone and offer its own block for committee approval. That's why relays usually withhold the full details of proposed blocks until a validator promises, using a digital signature according to the US Dept of Justice, to attest a chosen block. Otherwise, a validator could look through all the proposed blocks, pick a profitable one, and then create its own block based on that offered one, and pass it to the committee to accept, screwing over the searchers and builders by taking the rewards.

Pulling off a '$25M heist in 12 seconds'

Prosecutors claim the pair found a flaw in the MEV-Boost project's relay code that could be exploited to release the full details of a proposed block prematurely. Thus, the duo allegedly set up validators that exploited a relay to hand over a complete proposed block too early, rejigged the transaction list to their advantage, and sent the block off for committee approval, netting them a hefty windfall.

The complaint claims a shell company called Pine Needle Inc was set up in December 2022 by the brothers to perform their banking and cryptocurrency exchange activities. In particular, they didn't want to do business with crypto-exchanges that had a "know your customer" policy, and performed online searches for "how to wash crypto" and "cefi exchanges with no kyc," court documents state. The men also carried out a bunch of transactions to observe how searchers operated by three particular traders reacted, it's claimed.

Between February and March the following year, the complaint alleges, the sibling duo sent 529.5 Ether coins (worth $880K at the time) to the Ethereum network and used 512 of them to stake 16 validators at 32 Ether apiece.

On April 2, they decided to carry out the exploit, prosecutors said. First, the duo waited for one of their validators to be randomly selected to provide the next block for the Ethereum chain. Once that had happened, they then put in eight orders for particularly illiquid cryptocurrencies, it's said.

The three traders' automated searchers took the bait, it's claimed, and offered bundles of transactions to block builders that aimed to achieve the following: Buy up $25 million of those illiquid cryptocurrencies using stablecoins and other liquid assets, run the brothers' transactions, and then sell that cryptocurrency at a higher price and pocket the difference.

That proposal reached the brother's validator via a relay, it's said, and the validator allegedly exploited that relay – by sending it a dodgy digital signature – that caused it to reveal the full contents of the proposed block. The validator then allegedly altered the transaction list to: Let the traders buy up that illiquid cryptocurrency; and sell off all of the brothers' holdings of those illiquid coins – the ones just bought as bait and the ones from the aforementioned observations.

The allegedly altered block was sent off for verification by committee vote and accepted onto the chain. It effectively, we're told, caused the traders to buy the illiquid cryptocurrency from the duo, who got $25 million in stablecoins and other liquid assets in exchange. The traders, meanwhile, got a mountain of now highly illiquid coins that were suddenly pretty worthless; the Feds said the liquidity pool for the cryptocurrency had been drained.

That $25 million went right out of the traders' hands in just 12 seconds, it's said. As far as the Ethereum world was concerned at the time, the deal was all above board. Details of the alleged exploit were not disclosed by the Feds, and we're looking into whether the hole, as described, has been patched yet.

I'm feeling unlucky, Google

The day after the alleged heist, James Peraire-Bueno is said to have asked one of the shell company's banks for a safety deposit box big enough to fit a laptop. The next day, the Feds claim, he also asked the operators of a website that hosted the source code for MEV-Boost for its policy on logging IP addresses of visitors.

Meanwhile, the complaint alleges, Anton Peraire-Bueno searched online for "top crypto lawyers" and asked things like "how long is us statue [sic] of limitations" for crimes like wire fraud and money laundering.

If true, it would mean the brothers crafted a far from foolproof scheme, despite allegedly being able to take advantage of a multi-million dollar exploit.

The complaint goes on to claim that a victim of the trade, his lawyer, and an Ethereum project representative attempted to convince the Peraire-Bueno brothers to give back their gains. It goes on to allege that, rather than come clean, they proceeded to launder the money through several different channels. About $3 million was allegedly frozen by foreign law enforcement.

Meanwhile $20 million was eventually funneled into another shell company, Birch Bark Trading LLC, the complaint alleges. From there, the pair would have needed to move it into their brokerage account. According to the Feds, they didn't know how to do this, nor what the consequences would be. The court docs claim their Google searches included things like "money laundering" and "does the united states extradite to [foreign country]." By December 8, $19.6 million had made its way into the brokerage account, we're told.

Prosecutors announced the pair's arrests this week. Both men – charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering – face potential jail time of up to 20 years for each of the three counts. They will also have to repay any ill-gotten gains if convicted. ®

More about

TIP US OFF

Send us news


Other stories you might like