US charges two brothers with novel $25 million cryptocurrency heist
Nate Raymond
Wed, May 15, 2024
FILE PHOTO: Illustration shows representation of cryptocurrency Ethereum
By Nate Raymond
BOSTON (Reuters) - Two brothers who studied at the Massachusetts Institute of Technology were arrested on Wednesday on U.S. charges that they carried out a cutting-edge scheme to exploit the Ethereum blockchain's integrity and steal $25 million worth of cryptocurrency.
Federal prosecutors in Manhattan called the scheme perpetrated by Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, "novel" and said the case marked the first time that such a fraud had ever been the subject of U.S. criminal charges.
Authorities said they executed their elaborate heist in April 2023, stealing $25 million from traders in just 12 seconds by fraudulently gaining access to pending transactions and altering the movement of cryptocurrency.
"As we allege, the defendants' scheme calls the very integrity of the blockchain into question," U.S. Attorney Damian Williams said.
An indictment charged them with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. Anton Peraire-Bueno was arrested in Boston, while James Peraire-Bueno was arrested in New York.
Their lawyers did not immediately respond to requests for comment.
Both brothers had attended Cambridge, Massachusetts-based MIT, where according to prosecutors they studied computer science and math and developed the skills and education they relied upon to carry out their fraud.
The indictment alleged that for months, the Peraire-Bueno brothers plotted to manipulate and tamper with the protocols used to validate transactions for inclusion on the Ethereum blockchain, a public ledger that records each cryptocurrency transaction.
Prosecutors said they did so by exploiting a vulnerability in the code of software called MEV-boost that is used by most Ethereum network "validators," who are responsible for checking that new transactions are valid before they are added to the blockchain.
Prosecutors said that after carrying out the heist, the brothers rejected requests to return the funds and instead took steps to launder and hide the stolen cryptocurrency.
(Reporting by Nate Raymond in Boston; Editing by Bill Berkrot)
Brothers Accused of $25M Ethereum Exploit as U.S. Reveals Fraud Charges
Sam Kessler, Nikhilesh De
Wed, May 15, 2024
Two brothers have been arrested by the U.S. Department of Justice for attacking the Ethereum blockchain and stealing $25 million of cryptocurrency during a 12-second exploit, according to an indictment unsealed on Wednesday.
The indictment charges Anton Peraire-Bueno, 24, of Boston, and James Pepaire-Bueno, 28, of New York, with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.
The charges are significant because they represent a first-of-its-kind criminal action from the U.S. government related to the controversial practice of MEV, or maximal extractable value, whereby the operators of Ethereum (and similar blockchains) preview upcoming transactions from users to earn an extra profit for themselves. The government suggests in the indictment that the very existence of MEV illustrates how Ethereum itself is a vulnerable system.
"[T]he defendants’ scheme calls the very integrity of the blockchain into question," Damian Williams, U.S. Attorney for the Southern District of New York, said in a press release.
What is MEV-Boost?
According to Wednesday's indictment, the Pepaire-Bueno brothers exploited MEV-boost, an MEV software used by most of the validators that run the Ethereum blockchain.
The indictment walks through how Ethereum works, highlighting its staking consensus mechanism and the role of validators as participants who secure the network.
Read more: What Is MEV, aka Maximal Extractable Value?
When users submit transactions to Ethereum, those transactions are not immediately written to the blockchain's ledger. Instead, they're added to a "mempool" – a waiting area for other yet-to-be-processed transactions.
MEV-boost lets "block builders" assemble those mempool transactions into official blocks. MEV bots called "searchers" scour the mempool for profitable trading opportunities and will sometimes "bribe" builders to insert or re-order transactions in a manner that would net them an extra profit. (These "MEV strategies" can sometimes eat into the profits of end users.)
Validators, the operators that ultimately add blocks to the Ethereum blockchain, take the pre-built blocks from MEV-boost and then write them to the chain, where they're cemented permanently.
The exploit
The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.
The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. The brothers allegedly frontran the bots on certain trades and also used their validator to "tamper with" the new block by sending a false digital signature that gave them access to the block's full contents and replaced "lure transactions" with "tampered transactions." In those tampered transactions, the brothers allegedly sold illiquid cryptocurrencies they had tricked the victims' trading bots into placing buy orders for.
"In effect, the Victim Traders sold approximately $25 million of various stablecoins or other more liquid cryptocurrencies to purchase particularly illiquid cryptocurrencies," the document said. "In effect, the Tampered Transactions drained the particular liquidity pools of all the cryptocurrency that the Victim Traders had deposited based on their frontrun trades."
This meant the traders couldn't sell their new illiquid cryptos, which were "rendered effectively worthless," while the defendants made off with the $25 million in stablecoins and other "more liquid cryptocurrencies," the DOJ alleged.
The defendants then allegedly laundered the funds through various addresses and sets of transactions, including converting the stolen funds into DAI and then USDC.
“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office said in the statement.
The indictment walks through some of what investigators found, including "a document setting forth their plans," the launch of shell companies, test transactions to identify best practices for attracting MEV bots and internet search histories.
DOJ: $25 million in crypto allegedly stolen by 2 brothers in 12 seconds
Chris Benson
Wed, May 15, 2024
"This alleged scheme was novel and has never before been charged," Damian Williams, U.S. Attorney for New York's Southern District, said Wednesday.
File Photo by John Angelillo/UPI
May 15 (UPI) -- The Justice Department on Wednesday revealed it indicted two brothers in their twenties for a series of alleged crimes for manipulating the cryptocurrency market to steal $25 million in crypto in a 12-second period, according to reports.
Anton Peraire-Bueno, 24, of Boston, Mass., and his brother James Peraire-Bueno, 28, of New York were arrested Monday in their respective cities and are being charged for conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering,
"This alleged scheme was novel and has never before been charged," Damian Williams, U.S. Attorney for New York's Southern District, said in a news release.
The Peraire-Bueno brothers Wednesday afternoon will be presented before U.S. Magistrate Judge Paul Levenson for the Massachusetts District, and U.S. Magistrate Judge Valerie Figueredo for New York's Southern District of New York.
If convicted, the brothers individually face a maximum penalty of 20 years in prison for each criminal count.
"As alleged in today's indictment, the Peraire-Bueno brothers stole $25 million in Ethereum cryptocurrency through a technologically sophisticated, cutting-edge scheme they plotted for months and executed in seconds," Deputy Attorney General Lisa Monaco said in a news release.
The Justice Department alleges the Peraire-Bueno brothers had "meticulously" planned their "exploit" over the course of several months. The indictment says their alleged crimes began as early as December 2022 and continued as far as this month with a series of executed financial transactions.
Monaco indicated that Internal Revenue Service agents were instrumental in unraveling the "first-of-its kind wire fraud and money laundering scheme" allegedly committed by the brothers.
Williams says their alleged crimes "calls the very integrity of the blockchain into question."
According to the Justice Department, the brothers had studied computer science and math "at one of the most prestigious universities in the world." The internet links one of them to Massachusetts Institute of Technology.
The federal government alleges that the two "used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe. And once they put their plan into action, their heist only took 12 seconds to complete."
Among other things, DOJ says they took the time to learn the trading behaviors of the victim traders whose cryptocurrency they allegedly stole, and "took numerous steps" to conceal their identities and "lay the groundwork to conceal the stolen proceeds," which the government contends included setting up shell companies and using multiple private cryptocurrency addresses and foreign cryptocurrency exchanges.
The indictment asked for a series of JP Morgan Chase and Choice Bank accounts under their names to be seized along with other personal property. The federal government claims the two had executed a series of financial translations designed to conceal not only their identities, but the real ownership of the funds stolen.
But investigators had found that both brothers had a digital search history consistent with the alleged crimes committed by them, including lawyers and American extradition policies.
May 15 (UPI) -- The Justice Department on Wednesday revealed it indicted two brothers in their twenties for a series of alleged crimes for manipulating the cryptocurrency market to steal $25 million in crypto in a 12-second period, according to reports.
Anton Peraire-Bueno, 24, of Boston, Mass., and his brother James Peraire-Bueno, 28, of New York were arrested Monday in their respective cities and are being charged for conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering,
"This alleged scheme was novel and has never before been charged," Damian Williams, U.S. Attorney for New York's Southern District, said in a news release.
The Peraire-Bueno brothers Wednesday afternoon will be presented before U.S. Magistrate Judge Paul Levenson for the Massachusetts District, and U.S. Magistrate Judge Valerie Figueredo for New York's Southern District of New York.
If convicted, the brothers individually face a maximum penalty of 20 years in prison for each criminal count.
"As alleged in today's indictment, the Peraire-Bueno brothers stole $25 million in Ethereum cryptocurrency through a technologically sophisticated, cutting-edge scheme they plotted for months and executed in seconds," Deputy Attorney General Lisa Monaco said in a news release.
The Justice Department alleges the Peraire-Bueno brothers had "meticulously" planned their "exploit" over the course of several months. The indictment says their alleged crimes began as early as December 2022 and continued as far as this month with a series of executed financial transactions.
Monaco indicated that Internal Revenue Service agents were instrumental in unraveling the "first-of-its kind wire fraud and money laundering scheme" allegedly committed by the brothers.
Williams says their alleged crimes "calls the very integrity of the blockchain into question."
According to the Justice Department, the brothers had studied computer science and math "at one of the most prestigious universities in the world." The internet links one of them to Massachusetts Institute of Technology.
The federal government alleges that the two "used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe. And once they put their plan into action, their heist only took 12 seconds to complete."
Among other things, DOJ says they took the time to learn the trading behaviors of the victim traders whose cryptocurrency they allegedly stole, and "took numerous steps" to conceal their identities and "lay the groundwork to conceal the stolen proceeds," which the government contends included setting up shell companies and using multiple private cryptocurrency addresses and foreign cryptocurrency exchanges.
The indictment asked for a series of JP Morgan Chase and Choice Bank accounts under their names to be seized along with other personal property. The federal government claims the two had executed a series of financial translations designed to conceal not only their identities, but the real ownership of the funds stolen.
But investigators had found that both brothers had a digital search history consistent with the alleged crimes committed by them, including lawyers and American extradition policies.
No comments:
Post a Comment