In 12 seconds, $25 million was stolen: The complete disclosure of the MEV attack process by two top students from MIT

Author: xiaozou, Golden Finance

On May 15, 2024, the official website of the U.S. Department of Justice announced a case related to a network attack involving Ethereum MEV.

According to the lawsuit documents, two brothers, graduates of the Massachusetts Institute of Technology (MIT), were arrested and charged with allegedly stealing approximately $25 million (about 180 million RMB) worth of cryptocurrency on Ethereum using MEV attacks in about 12 seconds (the time it takes to validate a block). This is reportedly the first MEV-related case to be brought to court.

I. Case Overview

1. The defendants, Anton Peraire-Bueno (24 years old) and James Peraire-Bueno (28 years old), are brothers who studied mathematics and computer science at one of the most prestigious universities in the United States, MIT. Anton Peraire-Bueno and James Peraire-Bueno exploited their specialized skills acquired during their studies and their expertise in cryptocurrency trading to fraudulently obtain approximately $25 million worth of cryptocurrency (through a vulnerability attack) from victim cryptocurrency traders by manipulating and altering the process and protocols by which transactions are verified and added to the Ethereum blockchain. In this way, they fraudulently gained access to pending private transactions and used that access to alter certain transactions and acquire the victims' cryptocurrency. Once the defendants stole the victims' cryptocurrency, they refused to return the stolen cryptocurrency and took numerous measures to conceal their ill-gotten gains.

2. The defendants, Anton Peraire-Bueno and James Peraire-Bueno, meticulously planned this vulnerability attack for several months. In addition, they studied the trading behaviors of the victim traders from whom they ultimately stole cryptocurrency. While planning the vulnerability attack, they also took many measures to conceal their identities and laid the groundwork for hiding the stolen proceeds, including establishing shell companies, using multiple private cryptocurrency addresses, and offshore cryptocurrency exchanges. After the vulnerability attack, the defendants transferred the stolen cryptocurrency through a series of transactions designed to obscure the source and ownership of the stolen funds.

3. Throughout the planning, execution, and aftermath of the vulnerability attack, the defendants, Anton Peraire-Bueno and James Peraire-Bueno, also searched online for how to implement vulnerability attacks, how to hide their involvement in the exploitation, which KYC procedures required lenient cryptocurrency exchanges for them to use for money laundering, specialized lawyers skilled in cryptocurrency cases, extradition procedures, and information related to the crimes charged in this indictment.

II. Introduction to Cryptocurrency, Ethereum Network, and MEV

Cryptocurrency

4. Cryptocurrency is a type of digital currency that uses cryptography and a decentralized system to verify transactions and maintain transaction records. Like traditional fiat currencies, there are various types of cryptocurrencies. Cryptocurrency owners typically store their cryptocurrencies in digital "wallets," which are identified by unique electronic addresses.

5. Each cryptocurrency transaction is recorded in a public ledger commonly referred to as a "blockchain," which serves as a public accounting record. Among other things, the blockchain records the date and time of each cryptocurrency transaction, the unique cryptocurrency addresses associated with the transaction, and the amount of cryptocurrency transferred. Like cryptocurrencies, there are also various types of blockchains.

6. A "block" is a data structure in the blockchain database where transaction information is permanently recorded. They are the basic building blocks of the blockchain.

Ethereum Network

7. The actions described here are related to the Ethereum network. Ethereum is a decentralized blockchain used by millions of people worldwide. Since at least 2023, the average daily transaction volume on the Ethereum blockchain has exceeded 1 million transactions. The Ethereum network operates without a central participant, instead running through a decentralized network of global participants based on a set of rules and protocols. These rules and protocols are typically enforced through "smart contracts" (automated computer protocols with if/then conditions), allowing transactions to occur on the Ethereum blockchain without the need for a trusted intermediary. Ether or "ETH" is the native cryptocurrency of the Ethereum network.

8. "Validators" are key participants in the Ethereum network. Validators are responsible for checking whether new blocks are valid before they are added to the Ethereum blockchain. Therefore, the validation process is crucial for ensuring the integrity and security of the Ethereum blockchain. To become a validator, one must "stake" or deposit 32 ETH in a smart contract. Ethereum randomly selects a validator to validate a block; once selected, the validator has about 12 seconds to complete the validation process. To incentivize the validation of new blocks on the Ethereum blockchain, validators receive an agreed-upon amount of cryptocurrency (a specific portion of the maximum extractable value of the transactions constituting the new block) as well as other fees (including validator expenses). Additionally, validators receive cryptocurrency in the form of newly minted ETH. If a validator attempts to defraud the Ethereum blockchain or fails to perform their validation duties properly, the staked ETH in the smart contract faces the risk of "slashing" or loss.

9. When users conduct transactions on the Ethereum blockchain, such as buying or selling, the transaction is not immediately added to the blockchain. Instead, the pending transaction waits in a "mempool" along with other pending transactions, which is publicly visible. Only after structuring the pending transaction into a proposed block and having it validated by a validator is the pending transaction added to the blockchain. Once a block is published to the blockchain, it is closed and cannot be altered or deleted.

MEV, Searchers, Builders, and Relays

10. Pending transactions in the mempool are not processed in chronological order but rather based on their potential "Maximum Extractable Value" (MEV). MEV is the maximum value that can be obtained by including, reordering, or excluding transactions when publishing a new block to the blockchain. Without a coordinated block-building protocol, competition for MEV opportunities among validators often leads to network congestion and instability.

11. "MEV-Boost" is an open-source software designed to optimize the block-building process for Ethereum validators by establishing a protocol for organizing transactions into blocks. Approximately 90% of Ethereum validators use MEV-Boost.

12. Using MEV-Boost, Ethereum validators outsource the block-building process to a network composed of "searchers," "builders," and "relays." These participants operate based on privacy and commitment protocols aimed at ensuring that each network participant—searchers, builders, validators—interacts in an orderly manner to maximize value and network efficiency.

13. Searchers are essentially traders using automated bots ("MEV Bots") to scan the public mempool for profitable arbitrage opportunities. Once a profitable opportunity is identified (for example, one that would increase the price of a given cryptocurrency), the searcher sends a proposed transaction "bundle" to the builder. This transaction bundle typically consists of the following transactions in precise order: (a) the searcher's "front-running" transaction, where the searcher buys a certain amount of cryptocurrency they predict will increase in value; (b) pending transactions in the mempool identified by the MEV Bot that will facilitate the price increase of that cryptocurrency; and (c) the searcher's selling transaction, where the searcher sells the cryptocurrency at a price higher than their initial purchase price to realize a profit. Builders receive transaction bundles from various searchers and compile them into a proposed block to maximize the MEV for validators. The builder then sends the proposed block to the "relay," which receives the proposed block from the builder and initially submits only the "block header" to the validators, containing information about the reward payments the validators will receive for validating the proposed block built by the builder. Only after the validators commit to the validation through a digital signature does the relay send the full content of the proposed block (i.e., the complete ordered list of transactions) to the validators.

14. In this process, the relay operates similarly to an escrow account, temporarily maintaining the originally private transaction data of the proposed block until the validators commit to fully publishing that block in order to the blockchain. Once the validators confirm through a digital signature that they will publish the proposed block to the blockchain according to the structure created by the builder, the relay publishes the transactions within the proposed block to the validators. Before the transactions in the proposed block are published to the validators, they remain in a non-public private state.

15. Tampering with the MEV-Boost protocol, which is relied upon by the vast majority of Ethereum users, threatens the stability and integrity of the Ethereum blockchain for all network participants.

III. Decoding the Attack Process

16. Over several months, the defendants Anton Peraire-Bueno and James Peraire-Bueno meticulously planned and executed the vulnerability attack using at least one computer and laid the groundwork for money laundering. In fact, as explained below, as early as December 2022, Anton Peraire-Bueno and James Peraire-Bueno created and shared an online document outlining the plan for the vulnerability attack.

17. Anton Peraire-Bueno and James Peraire-Bueno took the following steps to plan and execute the vulnerability attack: (a) establishing a series of Ethereum validator nodes while concealing their identities through the use of shell companies, intermediary cryptocurrency addresses, foreign exchanges, and privacy layer networks; (b) deploying a series of test transactions or "bait transactions" designed to identify specific variables likely to attract MEV Bots, which would become the victims of the vulnerability attack (collectively referred to as "victim traders"); (c) identifying and exploiting a vulnerability in the Boost ultimate code that caused the relay to prematurely publish the entire content of the proposed block; (d) reordering the proposed block to benefit the defendants; (e) publishing the reordered block to the Ethereum blockchain, stealing approximately $25 million worth of cryptocurrency from the victim traders.

Establishing Ethereum Validator Nodes

18. In late December 2022, to advance their vulnerability attack plan, the defendants Anton Peraire-Bueno and James Peraire-Bueno established a company called Pine Needle Inc ("Pine Needle"). In the company registration documents, Anton Peraire-Bueno is listed as the president of Pine Needle, while James Peraire-Bueno is the financial officer. Around January 4, 2023, Anton Peraire-Bueno and James Peraire-Bueno opened a bank account at a bank ("bank-1") (the "Pine Needle Bank-1 account"). Part of the funds in the Pine Needle Bank-1 account came from deposits made by the defendants in January 2023 in a personal bank account at another bank ("bank-2"). In February 2023, Anton Peraire-Bueno opened an account at a centralized cryptocurrency exchange (the Pine Needle exchange account), funded by deposits from the Pine Needle Bank-1 account.

19. Around the time the defendants Anton Peraire-Bueno and James Peraire-Bueno opened bank and cryptocurrency accounts for Pine Needle, Anton Peraire-Bueno searched online for information related to cryptocurrency exchanges with lenient KYC requirements and money laundering methods, including specific searches for "how to launder cryptocurrency" and "cefi exchanges without KYC." Then, between approximately February 28, 2023, and March 20, 2023, the Pine Needle exchange account sent approximately 529.5 ETH to about 14 intermediary addresses directly or indirectly through offshore cryptocurrency exchanges. During the same period, these intermediary addresses sent the same amount of cryptocurrency to privacy layer networks on the Ethereum blockchain, allowing users to hide information about their identities and the sources of their funds on the blockchain. This approximately 529.5 ETH (worth about $880,000 at the time) was subsequently used to create 16 Ethereum validator nodes ("validators") for executing the vulnerability attack, as described below.

Baiting Victim Traders and Identifying Vulnerabilities in the Relay

20. Around December 12, 2022, defendant Anton Peraire-Bueno accessed a specific website hosting the open-source code for the MEV-Boost relay (noted in the indictment as "website -1," with the URL undisclosed), which was compromised during the vulnerability attack, undermining the integrity of the relay code. Later that month, Anton Peraire-Bueno conducted online searches related to penalties for misconduct by Ethereum validators, which were foreseeable consequences of executing the vulnerability attack.

21. Around December 27, 2022, the defendants Anton Peraire-Bueno and James Peraire-Bueno created and shared a document ("vulnerability attack plan") outlining a four-phase plan for successfully executing the vulnerability attack. The defendants specifically identified four phases: (1) bait, (2) unblinding the block, (3) searching, (4) spreading. In the following months, the defendants executed the vulnerability attack plan according to each phase listed in their document.

22. Regarding the "bait," the defendants Anton Peraire-Bueno and James Peraire-Bueno targeted three victim traders ("victim trader 1," "victim trader 2," and "victim trader 3") who operated MEV Bots specializing in cryptocurrency arbitrage trading. In the "bait" phase, the defendants tested a series of bait transactions that the MEV Bots operated by the victim traders perceived as providing profitable arbitrage opportunities, leading the victim traders to propose transaction bundles to the builders that included the bait transactions. In this process, the defendants became familiar with the trading behaviors of the victim traders' MEV Bots.

Executing the Vulnerability Attack

23. Around April 2, 2023, the defendants Anton Peraire-Bueno and James Peraire-Bueno executed the vulnerability attack, through which they stole approximately $25 million worth of cryptocurrency from the victim traders.

24. First, after receiving notification that one of the 16 validators had been selected to validate a new block, the defendants Anton Peraire-Bueno and James Peraire-Bueno baited the victim traders' MEV Bots by proposing at least 8 specific transactions ("bait transactions"). Based on the aforementioned bait transactions, the defendants learned that these transactions would lead the victim traders' MEV Bots to propose transaction bundles that included the bait transactions. In fact, the bait transactions did lead the victim traders to propose approximately 8 transaction bundles that included the bait transactions, which were submitted to the builders. In these 8 transaction bundles, the victim traders actually purchased a large amount of low-liquidity cryptocurrency (front-running transactions), expecting that the prices of these cryptocurrencies would rise due to the bait transactions, which were various stablecoins pegged to the dollar worth approximately $25 million or other more liquid cryptocurrencies. The victim traders also included a selling transaction in each transaction bundle, where they would immediately sell the newly acquired cryptocurrency at a price higher than their purchase price after the bait transactions. Importantly, the transaction bundles from the victim traders contained encoded conditions that stipulated that the front-running transactions would not execute unless: (a) the bait transactions occurred immediately after the front-running transactions, or (b) the selling transactions occurred immediately after the bait transactions. The builders subsequently submitted the proposed blocks containing the ordered transaction bundles to the relay.

25. Second, Anton Peraire-Bueno and James Peraire-Bueno synchronized the timing of the bait transactions with the time one of the 16 validators was selected to validate the proposed block, using one validator ("malicious validator") to validate and manipulate the proposed block containing the victim traders' transactions, which was privately submitted to the relay by the block builders.

26. Again, after the relay published the block header of the proposed block containing the victim traders' transactions, the defendants Anton Peraire-Bueno and James Peraire-Bueno exploited a vulnerability in the relay's computer code to send a false signature to the relay instead of a valid digital signature. Based on their research and planning prior to the vulnerability attack, Anton Peraire-Bueno and James Peraire-Bueno knew that the information contained in the false signature could not be verified and could not ultimately be published to the blockchain. This false signature was designed to deceive the relay into prematurely releasing the entire content of the proposed block to the defendants, including private transaction information. After obtaining the transactions from the "victim traders," the defendants manipulated the proposed block as follows:

a. The defendants allowed the victim traders to complete their buy transactions (i.e., their front-running transactions). In fact, the victim traders sold approximately $25 million worth of various stablecoins or other more liquid cryptocurrencies to purchase particularly urgent assets.

b. The defendants violated the relay protocol and the MEV-Boost system, subsequently replacing the bait transactions with manipulated transactions. In the manipulated transactions, the defendants sold the illiquid cryptocurrencies that the victim traders had just purchased due to the bait transactions, which the defendants had already held based on the information collected from the bait transactions. In exchange, the defendants received the victim traders' stablecoins or more liquid cryptocurrencies, which were used to purchase the illiquid cryptocurrencies. In reality, the manipulated transactions drained the liquidity pool of all the cryptocurrency deposited by the victim traders based on their front-running transactions.

c. As a result of these actions, the victim traders' final selling transactions could not proceed. The illiquid cryptocurrencies that the victim traders had purchased in the earlier transactions had effectively become worthless, and the $25 million worth of various stablecoins or other more liquid cryptocurrencies used by the victim traders to purchase these transactions had been stolen by the defendants through the manipulated transactions.

27. Finally, the defendants Anton Peraire-Bueno and James Peraire-Bueno used the malicious validator to publish the reordered block containing the manipulated transactions to the blockchain.

28. The day after the vulnerability attack, around April 3, 2023, defendant James Peraire-Bueno emailed a representative of Bank-2 requesting a sufficiently large safe that could fit a laptop. Two days after the attack, around April 5, 2023, James Peraire-Bueno emailed website -1 asking whether the website could provide access logs with reviewed IP addresses for individuals accessing the public repository hosted on website -1. As noted in paragraph 20, the source code for the relay was hosted on website -1, which defendant Anton Peraire-Bueno accessed around December 12, 2022.

29. Meanwhile, in the weeks following the vulnerability attack, defendant Anton Peraire-Bueno searched online for information such as "top cryptocurrency lawyers," "statute of limitations for lawsuits in the U.S.," "statute of limitations for telecommunications fraud lawsuits," "fraudulent Ethereum address database," and "statute of limitations for money laundering."

Subsequently, the two defendants obscured the cryptocurrency through steps such as lending and exchanging between DAI and USDC, ultimately laundering the USDC across multiple exchange accounts, bank accounts, and brokerage accounts.