A very intriguing and frightening story came across my feed today. The United States Department of Justice has arrested two brothers, James Pepaire-Bueno and Anton Peraire-Bueno, for stealing $25 million worth of Ethereum cryptocurrency from the blockchain. This is a major case because it is the first time that the US government has pursued legal action concerning MEV or Maximal Extractable Value (MEV).
Link
Maximal extractable value or MEV is a controversial practice where people who operate these networks can see imminent transactions and manipulate them to make extra money. It is like having insider information before stock market trades. According to the authorities, this practice exposes serious impediments within blockchains. Damian Williams, the U.S Attorney for Southern District of New York noted that the actions by two brothers “call into question the basic integrity of any blockchain.” That is a big statement and it got me wondering about digital currency security in general.
The indictment shows how the brothers carried out their scam. This would require one to have at least some knowledge on how Ethereum works. When a transaction is made, it does not automatically go to the blockchain. It remains in a waiting room called mempool. This is where MEV-boost software comes in handy. The pending transactions are sorted into blocks by it which validators can then add to the blockchain. Profitable opportunities searchers or MEV bots as they are also known scan the mempool and sometimes pay off block builders with money so that their particular transactions can be prioritized thereby reducing profit for ordinary users.
The Pepaire-Bueno brothers discovered an error in MEV-boost that enabled them to see what were inside these blocks before they became finalized. They established sixteen of their own Ethereum validators and targeted three specific MEV bots. They learned the bots’ trading strategies by using bait transactions. Then, through their validators, they interfered with new blocks by sending false digital signatures to get full access to block contents. Those lured into buying illiquid currencies different from those of bait transactions were replaced with theirs by them overwhelmed them later through their own so that they bought rubbish cryptocurrencies instead of the good ones the others had envisaged purchasing.
Link
The traders were devastated by the outcome. What they had was cryptocurrencies that could not be sold, whereas the brothers went away with $25 million worth of actual cryptocurrencies. They then washed the money through different transactions by converting it to various forms of crypto in order to lay down false tracks.
This is a reality check for me. It indicates that even advanced blockchain technologies could have serious vulnerabilities. The ease at which these siblings manipulated transactions makes me question if our digital assets are safe. In the words of Special Agent Thomas Fattorusso from the IRS Criminal Investigation office: “These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims.”
I was surprised at how much detail their plans had. Their strategies, shell firms, test purchases and even search records about how they researched this kind of thing were discovered by investigators. This felt like a plot straight out of some high-tech heist movie.
Link
It is clear from this case that the blockchain world requires more robust security measures. Nonetheless, this technology is intriguing and promising, yet we still have a lot to do in order to make it truly secure. We need to be on our toes and advocate for changes that prevent other users from falling victims of similar invasions at some point ahead.
Posted Using InLeo Alpha
Congratulations @wisewallet! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 150 posts.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts:
wow, that's that awesome 👍
You can do it @wisewallet! Keep pushing yourself and reaching for the stars on Hive.
I guess this is where transaction speed would have played a vital role. The time for those illegal checks and balances would have failed. Ethereum operating on a slow validation strategy already proof a weakness which they must step to secure investor's funds.