A Swift Crypto Heist: How Two Brothers Allegedly Stole $25 Million

2024-05-29, 06:03

[TL; DR]

James Peraire-Bueno and Anton Peraire-Bueno exploited a vulnerability on the Ethereum network and stole crypto assets worth around $25 million.

The Peraire-Bueno brothers used the knowledge they acquired from Massachusetts Institute of Technology (MIT) to steal cryptocurrencies.

Major stakeholders in the blockchain sector should cooperate when crypto frauds occur to increase the chance of recovering stolen assets.

Introduction

In many crypto heist cases specialists in related fields are involved in one way or the other. The 2023 Ethereum crypto heist where cryptocurrencies worth around $25 million were stolen is a typical example of how intelligent the perpetrators were. This article explores how two brothers, who studied at one of the most reputable educational institutions, orchestrated a successful blockchain security breach.

Unpacking the $25 Million Cryptocurrency Heist

The U.S. Department of Justice (DOJ) recently charged two brothers, James Peraire-Bueno, 28, and Anton Peraire-Bueno, 24, with several charges that include conspiracy to cryptocurrency laundering, wire fraud and conspiracy to commit wire fraud. According to the prosecutors, the two brothers who studied at Massachusetts Institute of Technology (MIT), stole crypto assets worth around $25 million from the Ethereum network.

The two brothers who studied computer science and Mathematics were arrested on 15 May after the U.S. Internal Revenue Service (IRS) agents implicated them in the Ethereum transaction exploit.

As cited in a recent government press release, Deputy Attorney General Lisa Monaco said, “As alleged in today’s indictment, the Peraire-Bueno brothers stole $25 million in Ethereum cryptocurrency through a technologically sophisticated, cutting-edge scheme they plotted for months and uted in seconds.”

He/she continued, “Unfortunately for the defendants, their alleged crimes were no match for Department of Justice prosecutors and IRS agents, who unravelled this first-of-its kind wire fraud and money laundering scheme. As cryptocurrency markets continue to evolve, the Department will continue to root out fraud, support victims, and restore confidence to these markets.”
Read also:The Biggest Crypto Heist in History

The Technological Sophistication behind the Ethereum Heist
The way the two Peraire-Bueno brothers uted their Ethereum theft plan showed that they had rehearsed and mastered their attack strategy since the exploit process took only 12 seconds to steal $25 million worth of crypto assets. Primarily, they used their knowledge of mathematics, science and cryptocurrency to ute their plan.

The two brothers targeted Ethereum’s maximal extractable value (MEV) software which most Ethereum traders use to optimize their transactions. Fortunately for them and unfortunately for the investors, they were able to exploit a blockchain technology vulnerability in the MEV-boost, a piece of software which the validators use to run the blockchain.

Since they had set up several malicious validators they were able to exploit the bots that did not have enough checks to prevent certain conditions from occurring. Thus, the malicious validator bots accessed secured and signed transactions which enabled them to syphon the digital assets.

Regarding this, a Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office said, “These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims.”

According to the indictment the two brothers tampered with the “established MEV-Boost proposals, which are relied upon by the vast majority of Ethereum users” which threatened “the stability and integrity of the Ethereum blockchain for all network participants.”

The court of law also accused the two brothers of sending a “false signature” to a “relay” which then released the digital assets. The indictment added, “The relay will not release the transactions within the proposed block to the validator until the validator has confirmed through a digital signature that it will publish the proposed block as structured by the builder to the blockchain.”

Recent news: Axie Infinity Co-founder’s Wallet Hacked

Thus, the prosecutors claimed that the accused “knew that the information contained in the false signature was designed to, and did, trick the Relay to prematurely release the full content of the proposed block to the defendants, including the private transaction information.” However, some analysts have claimed that the Ethereum network is usually susceptible to questionable MEV trading practices which, at times, lead analysts to doubt its blockchain integrity and cryptocurrency security.

The Ethereum Crypto Theft: A Premeditated Move

The ease with which the two Peraire-Bueno brothers successfully uted their crypto fraud strategy shows that they had planned the attack for a long time. In fact, according to the indictment they spent over seven months planning how they would syphon cryptocurrencies from the Ethereum network. For example, the IRS investigation showed that they took much time studying the behaviour of several traders.

They also planned how to conceal their identities. As an example, they registered several shell companies as well as owning different cryptocurrency wallet addresses with local as well as foreign crypto exchanges. If the two brothers are found guilty they may be sentenced up to 25 years in prison each.

The Future of Crypto Security: Lessons from the $25 Million Heist

The crypto sector has much to learn from the Ethereum crypto theft. First, crypto platforms should improve their cryptocurrency security. The starting point is for blockchain based protocols to conduct audits from time to time, especially after they have launched new upgrades or introduced new DeFi applications.

Also, there is a need for relevant cryptocurrency regulations which may help to prevent similar incidents from occurring. As an example, it is vital for different DeFi protocols and crypto exchanges to comply with anti-money laundering (AML) and know-your-customer (KYC) regulations.

Third, there is a need for collaboration among stakeholders to prevent crypto heists, cryptocurrency laundering as well as to recover stolen digital assets. Also, law enforcement authorities, crypto exchanges and DeFi platforms should coordinate their efforts whenever a crypto fraud or theft would have occurred.

Lastly, this incident brings attention to the need for education and awareness among cryptocurrency users. For example, different stakeholders in the sector including users, crypto project leaders and regulators should be conversant with the current cryptocurrency security developments. In this respect, they should track risks that are rampant in the digital sector.

Conclusion

In 2023 two brothers, James Peraire-Bueno and Anton Peraire-Bueno, who are graduates from the Massachusetts Institute of Technology (MIT), stole cryptocurrencies worth around $25 million from the Ethereum network. To achieve that they manipulated Ethereum’s maximal extractable value (MEV) software. If they are convicted they may be sentenced up to 25 years in prison.

Author: Mashell C., Gate.io Researcher

*This article represents only the views of the researcher and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.