Brothers Arrested for Stealing $25 Million in Ethereum Blockchain Attack

​The US Department of Justice has indicted two brothers on charges of manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrencies in about 12 seconds in a “first-of-its-kind” scheme.

Anton Peraire-Bueno and James Pepaire-Bueno were arrested Tuesday in Boston and New York on charges of wire fraud and conspiracy to commit wire fraud and money laundering. If convicted, they each face a maximum sentence of 20 years in prison on each charge.

Their case was investigated by the IRS Criminal Investigation (IRS-CI) Cyber ​​Investigation Unit in New York, with assistance from the New York City Police Department and U.S. Customs and Border Protection.

“The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied on by millions of Ethereum users around the world. And Once they put their plan into action, their heist took just 12 seconds to complete,” said U.S. Attorney Damian Williams.

The two defendants allegedly manipulated the transaction validation processes on the blockchain by accessing pending private transactions, altering them, obtaining the victims’ cryptocurrency and refusing requests for the return of the stolen funds; instead, they took measures to hide their illegal earnings.

The accusation claims that the brothers learned of their victims’ trading behaviors as they prepared the attack (starting in December 2022) and took steps to hide their identities and the stolen proceeds.

They also used multiple cryptocurrency addresses and foreign exchanges and created shell companies. After the attack, they moved the stolen crypto assets through a series of transactions that would obscure their origin and ownership.

During the planning and execution of the attack they would have carried out, among others, the following actions:

• Establish a set of Ethereum validators to hide their identity through the use of shell companies, cryptocurrency intermediary addresses, foreign exchanges, and a network of privacy layers;
• Implementation of a series of test transactions of “decoy transactions” designed to identify particular variables that are most likely to attract MEV robots that would become victims of the exploit (collectively the “victim traders”);
• Identification and exploitation of a vulnerability in the MEV-Boost relay code that caused the relay to prematurely release the entire contents of a proposed block;
• Reorder the proposed freeze to benefit the defendants;
• And publishing the rearranged block on the Ethereum blockchain, which resulted in the theft of approximately $25 million in cryptocurrency from Victim Traders.

Throughout the trial, the brothers also searched online for information about carrying out the attack, concealing their involvement in the Ethereum exploit, laundering criminal proceeds through cryptocurrency exchanges with lax verification procedures, hiring lawyers with experience in cryptocurrency, extradition procedures and the crimes outlined. in the accusation.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” he said. the IRS-CI stated. special agent Tommaso Fattorusso.

Fuente