News

MIT Students Stole $25 Million in Seconds by Exploiting ETH Blockchain Bug, DOJ Says

Published

6 months ago

on

According to a report, in a matter of about 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the Ethereum blockchain in a never-before-seen cryptocurrency scheme. accusation which the US Department of Justice opened on Wednesday.

In a Department of Justice Press releaseUS Attorney Damian Williams said the scheme is so sophisticated that it “calls into question the very integrity of the blockchain.”

“The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied on by millions of Ethereum users around the world” , Williams said. “And once they put their plan into action, the robbery took just 12 seconds to complete.”

Anton, 24, and James Peraire-Bueno, 28, were arrested Tuesday, charged with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. Each brother faces “a maximum sentence of 20 years in prison on each charge,” the Justice Department said.

The alleged scheme was launched in December 2022 by the brothers, who studied at MIT, after months of planning, the indictment says. The pair apparently relied on their “specialized skills” and cryptocurrency trading expertise to fraudulently gain access to “pending private transactions” on the blockchain, then “used that access to alter certain transactions and obtain the cryptocurrency of their victims,” the Justice Department said.

The indictment goes into detail explaining that the scheme would work by exploiting the Ethereum blockchain in the moments following the execution of a transaction, but before the transaction was added to the blockchain.

These pending transactions, the DOJ explained, must be structured into a proposed block and then validated by a validator before they can be added to the blockchain, which serves as a decentralized ledger that tracks crypto holdings. The brothers appeared to have tampered with this process by “creating a series of ethereum validators” through shell companies and foreign exchanges that hid their identities and masked their efforts to manipulate blocks and take over ethereum.

Announcement

To do this, they would use “bait transactions” designed to attract the attention of specialized bots, often used to help buyers and sellers find profitable prospects on the Ethereum network. When the bots took the bait, their validators apparently exploited a vulnerability in the process commonly used to structure blocks to alter the transaction by rearranging the block to their advantage before adding it to the blockchain.

When the victims discovered the theft, they tried to demand the return of the funds, but the Justice Department said the brothers rejected those requests and instead hid the money.

The brothers’ online search history shows they researched and “took numerous steps to hide their ill-gotten gains,” the Justice Department said. These steps included “the creation of shell companies and the use of multiple private cryptocurrency addresses and foreign cryptocurrency exchanges” that notably did not rely on detailed “know your customer” (KYC) procedures.

They also investigated “the same crimes charged in the indictment,” the Justice Department said. Among the search terms found in the brothers’ story during the planning phase of the alleged scheme were phrases such as “how to wash cryptocurrencies” and “exchanges without KYC.” Next, apparently attempting to prepare for any legal ramifications arising from the plan, the brothers allegedly searched for things like “best cryptocurrency lawyers” and “money laundering statute of limitations” and “does the US extradite to [foreign country].”

To uncover the scheme, the special agent in charge, Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office, said investigators “simply followed the money.”

“Regardless of the complexity of the case, we continue to lead the effort in financial criminal investigations with cutting-edge technology and old-fashioned detective work, on and off the blockchain,” Fattorusso said.

The indictment comes the same month the Securities and Exchange Commission (SEC) is expected to decide whether to approve an Ethereum exchange-traded fund (ETF). According to CNBCthe alleged fraud could fuel SEC skepticism as it reviews the ethereum ETF.

SEC Chairman Gary Gensler, a known cryptocurrency skeptic, wants to ensure that investors are protected before approving any potentially dangerous listing, CNBC noted.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version