Brothers arrested for allegedly exploiting the Ethereum blockchain to steal $25 million in 12 seconds

Last updated: May 16, 2024 3:44 pm EDT | 2 minute read

Two brothers have been arrested on charges of exploiting the Ethereum blockchain to steal $25 million.

In a landmark case that must be the first of its kind, two brothers, both graduates of the prestigious Massachusetts Institute of Technology (MIT), were arrested and charged on May 15 with exploiting a vulnerability in the Ethereum blockchain.

Their alleged actions led to a massive theft of $25 million in 12 seconds. Anton Peraire-Bueno, 24 years old, and James Peraire-Bueno, 28 years old, face fraud and money laundering charges.

A well-planned exploit of the Ethereum Blockchain

Federal prosecutors described the scheme as meticulously planned and executed with the precision of a high-stakes digital robbery.

“The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied on by millions of Ethereum users around the world,” said Damian Williams, the U.S. attorney for the Southern District of New York.

Anton was taken into custody in Boston and James was taken to New York. The brothers’ lawyers have not yet commented on the allegations.

According to the US Department of Justice, the brothers set up their act validators on the Ethereum networkwhich are intended to help sort transactions and facilitate profitable trades through bots.

However, they allegedly used their validators to trick traders into granting access to pending transactions. The manipulation allowed them to alter the flow of electronic currency, effectively stealing the assets. They then moved the stolen funds through complex transactions to obscure their origins.

For several months the brothers carefully planned their operation. They allegedly studied the business models of Ethereum bots and established shell companies and identified them cryptocurrency exchanges with lax “know your customer” (KYC) procedures to launder their ill-gotten gains.

Their thoroughness also extended to research into extradition procedures, highlighting the depth of their preparation.

Stolen funds will increase this year

The robbery is just the tip of the iceberg of illicitly obtained cryptocurrencies in recent years. UN sanctions monitors recently reported this North Korea laundered $147.5 million in cryptocurrency stolen through the Tornado Cash platform only in March.

This was revealed in a document presented to the sanctions committee of the United Nations Security Council North Korean suspects have been linked to 97 cyberattacks on cryptocurrency companies over the past seven years, totaling approximately $3.6 billion.

According to PeckShield, approximately $100 million in stolen cryptocurrency funds were successfully recovered in March, accounting for 52.8% of the total amount breached. Despite initial losses of $187.29 million in over 30 hacking incidents, the Munchable incident it was particularly notable. After negotiations, the hacker returned the stolen funds.

Meanwhile, a recent $71 million wallet identity theft scam led to an investor transferring 97% of their assets to a decoy wallet address. The hacker quickly converted the stolen Wrapped Bitcoin (WBTC) into approximately 23,000 ETH and after six days began distributing the funds across multiple wallets.

In the first quarter of 2024, total losses from hacking and fraudulent activities reached approximately $336.3 million, down from $437.5 million in the same period in 2023. There were 46 hacking incidents in the quarter hacking and 15 cases of fraudulent activity.

Ethereum was the most targeted blockchain, followed by the BNB chain, with both networks accounting for 73% of the total losses. Hacking incidents accounted for 95.6% of losses, while scams and twists represented 4.4%.

Fuente