Ethereum
What DOJ’s First MEV Lawsuit Means for Ethereum (ETH)
The US Department of Justice has charged two brothers with orchestrating an attack on Ethereum trading bots, load them with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. Essentially, the brothers found a way to target bots that were directing transactions in a process called maximum extractable value, or MEV, which refers to the amount of money that can be removed from the block production process by ordering transactions .
Note: The opinions expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates. This is an excerpt from The Node newsletter, a daily digest of the most important crypto news from CoinDesk and beyond. You can subscribe to receive the full newsletter here.
MEV, which is itself controversial, can be a very lucrative game dominated by automated bots that often comes at the expense of blockchain users, which is part of why so many in the crypto community have rushed to speak out against it. the DOJ complaint. However, this is not a Robinhood situation, where two brothers, Anton and James Peraire-Bueno, from Bedford, Massachusetts, stole from the rich to give to the poor.
As the DOJ filing indicates, the brothers netted approximately $25 million in at least eight separate transactions in what the DOJ alleges was a highly orchestrated and premeditated conspiracy. They created shell companies and looked for ways to launder funds safely to avoid detection. The highly technical complaint describes the process by which the exploit occurred, which the DOJ calls “the first of its kind.”
“They used a flaw in MEV Boost to push invalid signatures to preview bundles. This gives an unfair advantage via an exploit,” former Ethereum Foundation and Flashbots employee Hudson Jameson told CoinDesk in an interview. Jameson added that the Peraire-Bueno brothers also operated their own validator when mining MEV, which somewhat violates a Gentleman’s Agreement in MEV circles.
“No one else in the MEV ecosystem was doing both of these things that we knew of,” he added. “They did more than just follow the codified rules and small promises of MEV extraction.”
“It’s not some sort of Robin Hood story, because they didn’t return the money to the people from whom the MEVs extracted it,” said a pseudonymous researcher. Banteg said.
On a more technical level, the brothers were able to leverage open source software created by the company MEV Flashbots, called mev-boost, which gave them an uneven view of how the MEV bots ordered trades. (Mev-boost is an open source protocol that allows different players to compete to “build” the most valuable blocks by ordering transactions.)
“Having access to the block body allowed the malicious proponent to extract transactions from the stolen block and use them in their own block where they could mine those transactions. In particular, the malicious nominator built his own block that broke the sandwich bots’ sandwiches and effectively stole their money,” according to a report from Flashbots. autopsy in 2023.
In particular, and what is at the heart of the DOJ’s case, is that the brothers found a way to sign fake transactions in order to run the scheme. “This false signature was designed to, and indeed did, trick Relay into prematurely disclosing the contents of the proposed block to Defendants, including private transaction information,” the document states.
“I think the invalid header part will be the needle that this whole thing hinges on,” said one cryptography researcher, who asked to remain anonymous.
“I think the indictment indicates that and so maybe it’s a good thing that SDNY is very technologically savvy in this area and has made it clear where they screwed up and hinted at the inevitability of MEV in blockchains,” Jameson said.
Others have also noted the technical sophistication of the DOJ’s argument, which appears to be less an indictment of MEV or Ethereum itself than an attempt to profit by unfairly obtaining information.
“If you hope that Ethereum will always be a ‘dark forest’ where on-chain predators compete for arbitrage opportunities, then you probably don’t like this lawsuit,” said Consensys General Counsel Bill Hughes, to CoinDesk in an interview. “Luckily, I think there are only a few that are actually like that. If you would prefer that predatory behavior like this be reduced, which is the vast majority, then you will probably feel the opposite.
“The defendants’ preparation for the attack and their completely clumsy attempts to cover their tracks afterward, including numerous compromising Google searches, only help the government prove that they intended to steal . All of this evidence will look very bad to the jury. I suspect they will plead guilty at some point,” he added.
Still, others remain convinced that exploiting MEV bots designed to rearrange transactions is a good thing. “It’s a little hard to sympathize with MEV bots and block builders getting screwed by block proposers, in exactly the same way they screw end users,” the anonymous researcher said.
Jameson, for his part, said that MEV is something the Ethereum community should work to minimize on Ethereum, but that it is a difficult problem to solve. For now, the process is “inevitable.”
“Until it can be eliminated, let’s study it.” Let’s turn it on. Let’s minimize it. And since that exists, let’s make it as open as possible for everyone to participate with the same rules,” he said.
If there is a silver lining, the Flashbots team was able to correct the error that enabled the attack relatively quickly, said Ari Juels, a professor at Cornell Tech.
“There are no lasting implications,” he added. “There is of course an irony in what happened: a thief is stealing money from sandwich bots, who themselves are exploiting users in the eyes of many in the community.”