Ethereum

MIT brothers accused of mining Ethereum to steal $25 million

Published

6 months ago

on

Many cryptocurrency traders are playing fast and loose with the systems in place to bolster decentralized finance (DeFi), using a variety of hacks to gain an advantage in their trades – from sandwich attacks to sweepstakes scams – and losses typically amount to tens of millions. dollars per month.

Yet two traders – brothers who both graduated from the Massachusetts Institute of Technology – took their plan too far, exploiting a vulnerability in a common component used by traders on the Etherium blockchain to make nearly $25 million in a attack that lasted 12 seconds, the U.S. Department of Justice charged on May 16. The two brothers — Anton Peraire-Bueno of Boston and James Peraire-Bueno of New York — discovered the software flaw in 2022, prepared and planned the attacks for months, then executed the theft in April. 2023, say law enforcement.

The attack worried traders and technologists, calling into question “the very integrity of blockchain,” Damian Williams, U.S. Attorney for the Southern District of New York, said in a statement. a statement from the Department of Justice announcing the indictment.

“The brothers, who studied computer science and mathematics at one of the most prestigious universities in the world, allegedly used their specialized skills and education to alter and manipulate the protocols that millions of data users rely on. “Ethereum across the world,” he said. “And once they put their plan into action, their heist lasted only 12 seconds. This alleged scheme was new and has never been charged before.”

Cryptocurrency has gained legitimacy over the past fifteen years, but continues – in many ways – to be a Wild West. In 2023, over $24 billion in transactions ended up in illicit cryptocurrency wallets or addresses – although more than half of the total belonged to sanctioned organizations and countries, and the total fraud rate is only 0.34%, according to Chainalysis, a blockchain intelligence firm.

While ransomware gangs prefer Bitcoin, Ethereum has seen its share of attacks, since the $60 million DAO hack in 2016 this led to a hard fork – a rewrite of the Ethereum ledger – towards the over $600 million in Ethereum stolen from Ronin network players.

In many ways, the ecosystem behind cryptocurrencies is suffering from the growing challenges that the Internet has faced over the past three decades, says Oded Vanunu, chief Web 3.0 technologist and head of product vulnerability research at within the cybersecurity company Check Point Software Technologies.

“It’s crazy, because we’re seeing tactics already implemented on Web 2 platforms that take a different form in Web 3 protocols,” he says.

Memory pools and maximum extractable value

Cryptocurrency transfers, the proposal of a smart contract, and the execution of smart contracts are all transactions recorded on the blockchain — in the case of Ethereum, a public distributed state machine. However, before being recorded, each transaction is placed in a memory pool, or memory poolwhile waiting for validation and execution, which usually takes a few steps.

A participant in the ecosystem known as a “block builder” will create a set – or block – of transactions and be paid by the initiator of each transaction for its completion, while a “block proposer” will choose blocks according to the costs announced by the manufacturer. , validates them and sends these transactions to its peers on the blockchain network. Typically, a builder attempts to structure blocks based on a maximum extractable value (MEV) strategy, seeking to maximize profits.

Dividing participants into proposers and builders – what is called a proposer-builder split (PBS) – divides the responsibility for validating transactions to limit monopolization of the process by large traders who might order transactions in specific ways to generate profits. MEV bots help traders identify and create trade sets that maximize their profits on a trade.

Yet there is still much traders can do to tip the scales. In a sandwich attack, for example, the trader benefits from natural price increases or decreases caused by large cryptocurrency transactions. When a large buy order appears, a manufacturer can place a buy order for the cryptocurrency before the order, and a corresponding sell order afterward, thereby taking advantage of the price change caused by the initial buy order. .

For many DeFi participants, MEV traders are little better than the equivalent of modern-day ticket scalpers, but they play a vital role, says Adam Hart, product manager at Chainalysis.

“To many, MEV strategies look like hyper-sophisticated, deep-pocketed traders using their resources to profit by forcing less sophisticated traders to accept worse prices,” he says. “However, others argue that MEV is inevitable in an open and transparent blockchain network, and that MEV traders play a positive role in ensuring that arbitrage opportunities are exploited quickly so that asset prices remain aligned between protocols.”

An attack on MEV traders

The Peraire-Bueno brothers discovered a vulnerability in an open source component of a common tool, known as MEV-Boost Relay, according to a post-mortem analysis of the incident. MEV-Boost is a protocol aimed at limiting the centralization of the two components of the Ethereum blockchain – the proposers and the builders – and the monopolization of profits, which could have historically led to a few players dominating the blockchain process.

A key criterion of the MEV-Boost protocol is that the proposer undertakes to validate a block according to the price, before knowing its content. The brothers reportedly discovered that signing the header gave them the information contained in the block, even if the signature was not valid, the autopsy stated.

“The attack…was possible because the exploited relay revealed block bodies to the submitter, provided the submitter correctly signed a block header,” the analysis states. “However, the relay did not check whether the signed block header was valid.”

Although the vulnerability could have continued to cause problems for traders, it was not an attack directly against the Ethereum network or its validators, but rather against a specific – albeit common – third-party component, explains Mario Rivas, manager global blockchain security practices. at NCC Group.

“The attack exploited a vulnerability in the relay code, which caused the relay to send private transactions to the block builder when it signed a block with invalid headers,” he explains. “This vulnerability was quickly fixed, mitigating the risk of similar attacks unless additional vulnerabilities are identified.”

Law enforcement achieves victory

The investigation and indictment, however, constitute a victory for the DOJ. American law enforcement is increasingly cracking down on scams, hacking and other questionable practices linked to cryptocurrencies. In August, for example, the U.S. Securities and Exchange Commission accused correctional officer of creating worthless cryptocurrency and sell it to other members of law enforcement.

Yet other attacks have fallen short of the threshold for prosecution. In one 2021 attack, for example, a trader admitted to selling an illiquid token to a rival – in what is known as a salmonella attack – and making money through the automated system of his rival by buying the worthless coin, according to a Forbes report.

The brothers’ alleged attack stands out from these controversial tactics, says Check Point’s Vanunu.

“In essence, while both types of attacks are harmful, the MIT brothers’ actions were explicitly illegal due to their direct and unauthorized exploitation of the vulnerabilities to steal funds, whereas [a] Salmonella attack lever[s] market manipulation and deception, staying within the darkest confines of legality in the crypto world,” he says.

The investigation into this scheme and subsequent indictment underscore that government officials and their private partners are keeping pace with the latest innovative attacks. Despite the sophistication of the exploit and the laundering of the proceeds, investigators traced the funds, identified two suspects and made their arrests, Chainalysis’ Hart said.

“The exploit by the Peraire-Bueno brothers is an incredibly innovative and technically sophisticated attack, and is the first time a bad actor has managed to abuse the MEV system widely used by Ethereum block builders in this way and at this degree,” he said. . “This is what makes this indictment so impressive and a promising sign for the future in the fight against cryptocurrency-based crime.”



Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version