Brothers arrested for stealing $25 million in attack on Ethereum blockchain

The US Department of Justice has indicted two former MIT students for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency in about 12 seconds in a “first-of-its-kind” scheme.

Anton Peraire-Bueno and James Pepaire-Bueno were arrested Tuesday in Boston and New York on charges of wire fraud and conspiracy to commit wire fraud and money laundering. If convicted, each faces a maximum sentence of 20 years in prison on each count.

Their case was investigated by the IRS Criminal Investigation Cyber ​​Unit (IRS-CI) in New York, with assistance from the New York City Police Department and Customs and Customs of the protection of the borders of the United States.

“The brothers, who studied computer science and mathematics at one of the most prestigious universities in the world, allegedly used their specialized skills and education to alter and manipulate the protocols that millions of data users rely on. “Ethereum across the world And once they put their plan into action, their heist only took 12 seconds,” said U.S. Attorney Damian Williams.

The two former Massachusetts Institute of Technology (MIT) students allegedly manipulated transaction validation processes on the blockchain by accessing and modifying pending private transactions, obtaining victims’ cryptocurrency, and rejecting restitution requests stolen funds. Instead, they took steps to conceal their illegal gains.

The indictment claims the brothers learned of their victims’ business behaviors in preparation for the attack (beginning in December 2022) and took steps to hide their identities and the stolen products.

They also used multiple cryptocurrency addresses and foreign exchanges and created shell companies. Following the attack, they moved the stolen crypto assets through a series of transactions that would hide their source and ownership.

When planning and executing the attack, they allegedly took the following measures, among other things:

• Establish a series of Ethereum validators in a manner that conceals their identities through the use of shell companies, cryptocurrency intermediary addresses, foreign exchanges, and a privacy layer network;
• Deploy a series of test trades of “bait trades” designed to identify particular variables most likely to attract MEV bots that would become victims of the exploit (collectively “Victim Traders”);
• Identify and exploit a vulnerability in the MEV-Boost relay code that caused the relay to prematurely publish the entire contents of a proposed block;
• Reorder the proposed block to the advantage of the defendants;
• And the release of the reorganized block on the Ethereum blockchain, which resulted in the theft of approximately $25 million in cryptocurrency from the victims.

Throughout the process, the brothers also searched online for information about carrying out the attack, concealing their involvement in the Ethereum exploit, laundering the proceeds of crime through cryptocurrency exchanges with lax verification procedures , hiring lawyers with expertise in cryptocurrency, extradition proceedings and the crimes described. in the indictment.

“These brothers allegedly committed an initial manipulation of the Ethereum blockchain by fraudulently accessing ongoing transactions, altering the movement of electronic money, and ultimately stealing $25 million in cryptocurrency from their victims,” the IRS-CI said . special agent Thomas Fattorusso.

Fuente