25 million stolen in 12 seconds

25 million stolen in 12 seconds
0
224
4min.

25 million stolen in 12 seconds. Details of another cryptocurrency fraud!

25 million stolen in 12 seconds

The US Department of Justice has arrested two brothers for attacking the Ethereum blockchain.

For reference: Ethereum is a decentralized blockchain platform that creates a peer-to-peer network for the secure execution and verification of special code called smart contracts. Smart contracts allow participants to enter into transactions directly with one another without a trusted central authority.

Anton Per-Bueno, 24, and James, 28, are graduates of the prestigious Massachusetts Institute of Technology. Instead of using their knowledge of the latest IT technologies, the guys decided to fraudulently gain access to transactions in the system that were waiting for confirmation, then intercept them and receive the victims’ cryptocurrency. The whole process took the tech geniuses only a few seconds.

According to official information, they have been charged with conspiracy to commit wire fraud and money laundering.

How did they do it?

The brothers developed a detailed plan for the cyber operation. First, they created 16 Ethereum validator accounts, investing 529.5 ETH (~$880,000), and then attacked MEV bot operators specializing in arbitrage.

Next, they used decoy transactions to find out how these bots trade. Then they lured the bots to ONE of their validators, which was checking the new block, and effectively tricked these bots into offering certain transactions. The brothers made it appear as if they were the ones controlling the bots on certain trades, and also used their validator to “spoof” the new block by sending a fake digital signature that gave them access to the full block content and replaced the “temptation transactions” with “spoof transactions.” During these fake transactions, the brothers allegedly sold illiquid cryptocurrencies, which they tricked the victims’ trading bots into placing purchase orders.

Anton and James then allegedly laundered the funds using different addresses and sets of transactions, including converting the stolen funds into DAI and then USDC.

“These brothers allegedly carried out a first-of-its-kind manipulation of the Ethereum blockchain, fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrencies from their victims,” said Thomas Fattorusso, Special Agent in Charge of the IRS Criminal Investigation Division.

25 million stolen in 12 seconds

“The scheme employed by the defendants calls into question the very integrity of blockchain technology,” said prosecutor Damian Williams.

During the investigation of the case, law enforcement officers learned that the guys were very thoroughly prepared. They searched the Internet for information on how to hide their involvement and cover their tracks and were interested in exchanges with no verification. They also made inquiries about lawyers with experience in cases involving cryptocurrencies and extradition.

Ethereum representatives stated that the brothers refused to return the stolen funds and tried to launder and hide them.

Prosecutors say that this is the first time a criminal case has been opened for this form of fraud. Each of the genius brothers faces more than 20 years in prison. Do you think this punishment is fair and how secure are cryptocurrencies?

Share your thoughts!

TOP