US indicts Ethereum validators for exploiting MEV trader

Anton Peraire-Bueno and James Peraire-Bueno, two brothers who operate Ethereum validators, have been indicted in the Southern District of New York on charges of wire fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.

The charges related to a scheme that has been described as exploiting the ‘very integrity of the Ethereum Blockchain to fraudulently obtain approximately $25 million.’

The brothers allegedly worked together on a complex exploit that allowed them to take advantage of traders searching for ‘maximum extractable value’ (MEV) on Ethereum. 

By operating multiple Ethereum validators, the brothers were allegedly able to submit blocks that included exploited transactions.

Allegedly, once the brothers were aware that their validators would soon have opportunities to submit blocks, they would create ‘bait’ transactions that seemed to have significant upside for the MEV traders and wait for those traders to attempt to ‘sandwich’ their trades.

These sandwich bots will often look for transactions with the potential for arbitrage and place transactions that buy shortly before and sell shortly after.

When the traders were baited into submitting these ‘bundles’ of transactions, the brothers allegedly submitted a fake signature to MEV-Boost Relay, which at the time resulted in the relays prematurely releasing the whole proposed block.

They then allegedly took advantage of the fact that they were operating validators to disassemble the block and allow the traders to still front-run. However, instead of buying the asset the MEV trader believes they are interested in, they actually sold that asset at the higher price.

A rogue validator on Flashbot seems to be exploiting MEV bots. Over 25m USD already stolen.

The validator takes a sandwich bundle from the MEV bot and replaces the victim transaction with it's own that exploits the MEV bot instead.

Here's how it works – pic.twitter.com/il3o9r41J1

— Mudit Gupta (@Mudit__Gupta) April 3, 2023

Read more: How Flashbots is taking over Ethereum block proposals

This technique did potentially put their validators at risk of slashing, but the $25 million they were able to take outweighed the economic costs.

The indictment additionally details some of the steps the brothers allegedly took to plan for the exploit and to launder the funds once received. This allegedly included creating an ‘exploit plan’ that broke down the exploit into four steps:

1. The bait
2. Unblinding the block
3. The search
4. The propagation

After the exploit, the brothers turned to internet searches to manage the risk of their decisions, allegedly searching for:

• ‘Top crypto lawyers’
• ‘How long is US statute of limitations’
• ‘Wire fraud statute/wire fraud statute of limitations’
• ‘Money laundering statute of limitations’
• ‘Computer fraud abuse act’
• ‘Does the United States extradite to’

In order to help clean the funds they received from this exploit, the brothers allegedly transferred some to a ‘second-layer exploit address,’ which was subsequently frozen. Much of the remainder, totaling approximately $22 million, was converted to Dai, a stablecoin.

After going through a lending protocol, this Dai was allegedly exchanged for Circle’s stablecoin USDC. These funds were then allegedly transferred to an exchange account controlled by Pine Needle Inc., the company set up by the brothers, before being transferred again to a bank account associated with their business.

This indictment represents the first time that anybody has been indicted in the United States on fraud charges related to changing the expected ordering of transactions on Ethereum.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.