Written by: Golden Finance xiaozou

On May 15, 2024, the official website of the U.S. Department of Justice announced a cyber attack case related to Ethereum MEV.

According to the lawsuit, two brothers who graduated from the Massachusetts Institute of Technology were arrested and accused of using the MEV attack on Ethereum to steal about $25 million (about 180 million yuan) worth of cryptocurrency in about 12 seconds (one block verification time). It is reported that this is the first MEV case to be filed.

I. Brief Description of the Case

1. The defendants, Anton Peraire-Bueno (24) and James Peraire-Bueno (28), are brothers who studied mathematics and computer science at MIT, one of the most prestigious universities in the United States. Using the professional skills acquired during their studies and their expertise in cryptocurrency trading, Anton and James Peraire-Bueno exploited the integrity of the Ethereum blockchain to fraudulently obtain approximately $25 million worth of cryptocurrency from victim cryptocurrency traders (the Exploit). Through the Exploit, Anton and James Peraire-Bueno manipulated and tampered with the process and protocol by which transactions are verified and added to the Ethereum blockchain. In this way, they fraudulently obtained access to pending private transactions and used that access to change certain transactions and obtain the victims’ cryptocurrency. Once the defendants stole the victims’ cryptocurrency, they refused requests to return the stolen cryptocurrency and took numerous steps to hide their ill-gotten gains.

2. Defendants Anton Peraire-Bueno and James Peraire-Bueno carefully planned this exploit for months. Among other things, they studied the trading behavior of victim traders whose cryptocurrency they ultimately stole. In planning the exploit, they also took numerous steps to conceal their identities and laid the foundation for hiding the stolen proceeds, including establishing shell companies, using multiple private cryptocurrency addresses, and using offshore cryptocurrency exchanges. After the exploit, the defendants moved the stolen cryptocurrency through a series of transactions designed to hide the source and ownership of the stolen funds.

3. Throughout the planning, execution, and follow-up of the exploit, Defendants Anton Peraire-Bueno and James Peraire-Bueno also searched online for information on how to conduct an exploit, methods to conceal their involvement in the exploit, available cryptocurrency exchanges with lax KYC requirements that they could use to launder funds, attorneys with expertise in cryptocurrency cases, extradition proceedings, and other information related to the crimes alleged in this Indictment.

2. Introduction to Cryptocurrency, Ethereum Network and MEV

Cryptocurrency

4. Cryptocurrency is a digital currency that uses a decentralized system of cryptography to verify transactions and maintain transaction records. Like traditional fiat currencies, there are many types of cryptocurrencies. Cryptocurrency owners typically store their cryptocurrencies in digital "wallets" that are identified by unique electronic addresses.

5. Every cryptocurrency transaction is recorded on a public ledger, often called a "blockchain," which acts as a public accounting record. Among other things, the blockchain records the date and time of each cryptocurrency transaction, the unique cryptocurrency address associated with the transaction, and the amount of cryptocurrency transferred. Like cryptocurrencies, there are many types of blockchains.

6. "Blocks" are data structures in the blockchain database where transaction information is permanently recorded. They are the basic building blocks of the blockchain.

Ethereum Network

7. The actions described here relate to the Ethereum network. Ethereum is a decentralized blockchain used by millions of people around the world. As of at least 2023, the Ethereum blockchain has an average of over 1 million transactions per day. The Ethereum network is run by no central actor, but rather by a decentralized global network of actors that operates based on a set of rules and protocols. These rules and protocols are often enforced through "smart contracts" (self-executing computer protocols with if/then conditionals) that enable transactions to be conducted on the Ethereum blockchain without the need for a trusted intermediary. Ether or "ETH" is the native cryptocurrency on the Ethereum network.

8. "Validators" are key participants in the Ethereum network. Validators are responsible for checking whether new blocks are valid before they are added to the Ethereum blockchain. Therefore, the verification process is critical to ensuring the integrity and security of the Ethereum blockchain. To become a validator, a validator must "stake" or deposit 32 ETH in a smart contract. Ethereum randomly selects a validator to verify a block; once selected, the validator has approximately 12 seconds to complete the verification process. In order to incentivize the verification of new blocks on the Ethereum blockchain, the validator will receive an agreed-upon amount of cryptocurrency (i.e., a specific portion of the maximum extractable value of the transactions that make up the new block), as well as other fees (including validator consumption). In addition, the validator receives cryptocurrency in the form of newly minted ETH. If the validator attempts to defraud the Ethereum blockchain or performs its verification duties improperly, the staked ETH in the smart contract will be at risk of "slashing" or loss.

9. When a user makes a transaction on the Ethereum blockchain, such as a buy or sell transaction, the transaction is not immediately added to the blockchain. Instead, the pending transaction waits in the "memory pool" along with other pending transactions, which is publicly visible. Pending transactions are only added to the blockchain after they are structured into a proposal block and then verified by validators. After a block is published to the blockchain, it is closed and cannot be changed or deleted.

MEV, Searchers, Builders, and Relays

10. Pending transactions in the memory pool are not processed in chronological order, but rather by their potential "maximum extractable value" (MEV). MEV is the maximum value that can be obtained by including, reordering, or excluding transactions when publishing a new block to the blockchain. Without a coordinated block construction protocol, competition for MEV opportunities among validators often leads to network congestion and instability.

11. MEV-Boost is an open source software that aims to optimize the block construction process of Ethereum validators by establishing a protocol for organizing transactions into blocks. About 90% of Ethereum validators use MEV-Boost.

12. Using MEV-Boost, Ethereum validators outsource the block construction process to a network of "searchers", "builders" and "relays". These participants operate under a privacy and commitment protocol designed to ensure that each network participant - searchers, builders, validators - interacts in an orderly manner to maximize value and network efficiency.

13. Seekers are effectively traders who use automated bots (“MEV Bots”) to scan the public memory pool for profitable arbitrage opportunities. After identifying a profitable opportunity (e.g., one that will increase the price of a given cryptocurrency), the Seeker sends a “package” of proposed transactions to the Builder. The package typically consists of the following transactions in a precise order: (a) the Seeker’s “front-running” transaction, where the Seeker buys a certain amount of the cryptocurrency that the Seeker predicts will increase in value; (b) pending transactions in the memory pool that the MEV Bot identifies that will increase the price of that cryptocurrency; and (c) the Seeker’s sell transaction, where the Seeker sells the cryptocurrency for a higher price than it originally paid, taking a profit from the transaction. Builders receive the transaction packages from each Seeker and compile them into a proposal block that maximizes the validator’s MEV. The Builder then sends the proposal block to a “Relay,” which receives the proposal block from the Builder and initially submits only the “block header” to the Validator, which contains the reward payment information that the Validator will receive for validating the proposed block built by the Builder. Only after the validator makes a verification commitment through a digital signature will the relay send the entire content of the proposed block (i.e. the complete ordered list of transactions) to the validator.

14. In this process, the relay operates in a similar way to an escrow account, temporarily maintaining the transaction data of the proposed block that was originally private until the validator commits to publish the block to the blockchain in full order. The relay will only publish the transactions in the proposed block to the validator after the validator confirms through a digital signature that it will publish the proposed block to the blockchain according to the builder's creation structure. Before the transactions in the proposed block are published to the validator, they remain private and not publicly visible.

15. Tampering with the MEV-Boost protocol, which is relied upon by the vast majority of Ethereum users, would threaten the stability and integrity of the Ethereum blockchain for all network participants.

3. Decryption of the attack process

16. Over a period of several months, Defendants Anton Peraire-Bueno and James Peraire-Bueno carefully planned and executed the Exploit using at least one computer and laid the foundation for money laundering. In fact, as explained below, as early as December 2022, Anton Peraire-Bueno and James Peraire-Bueno created and shared online a plan document for the Exploit.

17. Anton Peraire-Bueno and James Peraire-Bueno took the following steps to plan and execute the exploit: (a) establish a series of Ethereum validator nodes that concealed their identities through the use of front companies, intermediary cryptocurrency addresses, exchanges, and privacy layer networks; (b) deploy a series of test transactions, or "decoy transactions," designed to identify specific variables that would be most likely to attract MEV Bots, which would become victims of the exploit (collectively, the "Victim Traders"); (c) identify and exploit a vulnerability in the Boost Ultimate code that caused the relay to prematurely publish the entire contents of a proposed block; (d) reorder the proposed blocks to benefit Defendants; and (e) publish the reordered blocks to the Ethereum blockchain, stealing approximately $25 million in cryptocurrency from the Victim Traders.

Establishing an Ethereum verification node

18. In late December 2022, in order to advance their exploit scheme, Defendants Anton Peraire-Bueno and James Peraire-Bueno formed a company, Pine Needle Inc (“Pine Needle”). In the company registration documents, Anton Peraire-Bueno is shown as the President of Pine Needle and James Peraire-Bueno is the Treasurer. On or about January 4, 2023, Anton Peraire-Bueno and James Peraire-Bueno opened a bank account (the “Pine Needle Bank-1 Account”) at a bank (“Bank-1”). The Pine Needle Bank-1 Account was funded in part by deposits that Defendants had made in January 2023 to personal bank accounts opened at another bank (“Bank-2”). In February 2023, Anton Peraire-Bueno opened an account (the Pine Needle Exchange Account) at a centralized cryptocurrency exchange, which Defendants funded with deposits from the Pine Needle Bank-1 Account.

19. At approximately the same time that Defendants Anton Peraire-Bueno and James Peraire-Bueno opened bank accounts and cryptocurrency accounts for Pine Needle, Defendant Anton Peraire-Bueno searched online for information about cryptocurrency exchanges and money laundering methods that had lax protocol KYC requirements, including specific searches for “how to launder cryptocurrency” and “cefi exchanges with no KYC.” Then, between approximately February 28, 2023 and March 20, 2023, the Pine Needle exchange account sent approximately 529.5 ETH to approximately 14 intermediary addresses, directly or indirectly, through offshore cryptocurrency exchanges. During the same period, these intermediary addresses sent the same amount of cryptocurrency to a privacy layer network on the Ethereum blockchain that enables users to hide information about their identity and source of funds on the blockchain. The approximately 529.5 ETH (valued at approximately $880,000 at the time) was then used to create 16 Ethereum validation nodes (“validators”) to perform the exploit, as described below.

Deceiving Victim Traders and Identifying Vulnerabilities in Relays

20. On or about December 12, 2022, Defendant Anton Peraire-Bueno visited a specific website (noted in the Indictment as “Website-1”, undisclosed URL) that hosted the MEV-Boost relay open source code, which, as described below, was compromised during the exploit, compromising the integrity of the relay code. Later that same month, Anton Peraire-Bueno conducted online searches related to penalties for Ethereum validator misconduct, which was a foreseeable consequence of executing the exploit.

21. On or about December 27, 2022, Defendants Anton Peraire-Bueno and James Peraire-Bueno created and shared a document (the “Exploit Plan”) that outlined a four-stage plan for successfully executing an exploit. Defendants specifically identified four stages: (1) baiting, (2) monitoring the block (unblinding the block), (3) searching, and (4) propagation. Over the next several months, Defendants executed each of the stages outlined in their exploit plan.

22. With respect to “Bait,” Defendants Anton Peraire-Bueno and James Peraire-Bueno targeted three Victim Traders (“Victim Trader 1,” “Victim Trader 2,” and “Victim Trader 3”) who were Seekers operating MEV Bots that specialized in cryptocurrency arbitrage trading. During the “Bait” ​​phase, Defendants tested a series of Bait Trades that the MEV Bots operated by the Victim Traders believed provided profitable arbitrage opportunities, causing the Victim Traders to propose to the Builders trading packages containing Bait Trades. During this process, Defendants became familiar with the trading behavior of the Victim Traders’ MEV Bots.

Executing the exploit

23. On or about April 2, 2023, Defendants Anton Peraire-Bueno and James Peraire-Bueno conducted an exploit through which they stole approximately $25,000,000 worth of cryptocurrency from victim traders.

24. First, upon receiving notification that one of the 16 validators had been selected to validate a new block, Defendants Anton Peraire-Bueno and James Peraire-Bueno defrauded the Victim Trader’s MEV Bot by proposing at least eight specific transactions (“Decoy Transactions”) that, based on the aforementioned Decoy Transactions, Defendants understood would cause the Victim Trader’s MEV Bot to propose transaction packages containing the Decoy Transactions. The Decoy Transactions did, in fact, cause the Victim Trader to propose approximately eight transaction packages containing the Decoy Transactions, which were submitted to the Constructor. In these eight transaction packages, the Victim Trader actually purchased large amounts of extremely illiquid cryptocurrencies (front-running) that the Victim Trader expected the price of these cryptocurrencies to increase as a result of the Decoy Transactions, which were approximately $25 million worth of various stablecoins pegged to the U.S. dollar, or other more liquid cryptocurrencies. The Victim Trader also included a sell transaction in each transaction package, whereby the Victim Trader would sell their newly acquired cryptocurrency immediately following the Decoy Transactions at a price higher than the purchase price. Importantly, the victim trader’s transaction package contains an encoded condition that the front-running transaction will not be executed unless: (a) a decoy transaction occurs immediately after the front-running transaction, or (b) a sell transaction occurs immediately after the decoy transaction. The builders, in turn, submit proposed blocks containing ordered transaction packages to the relay.

25. Second, Anton Peraire-Bueno and James Peraire-Bueno timed the decoy transactions to coincide with the time when one of the 16 validators was selected to validate the proposed block, and they used a validator (the “malicious validator”) to validate and tamper with the proposed block containing the victim trader’s transactions, which was privately submitted to the relay by the block builder.

26. Again, after the relay published the block header of the proposed block containing the victim trader's transactions, defendants Anton Peraire-Bueno and James Peraire-Bueno exploited a vulnerability in the relay's computer code and sent a false signature to the relay in place of a valid digital signature. Based on their research and planning prior to the vulnerability attack, Anton Peraire-Bueno and James Peraire-Bueno knew that the information contained in the false signature could not be verified and ultimately published to the blockchain. This false signature was designed to deceive the relay into publishing the entire contents of the proposed block, including private transaction information, to the defendants in advance. After obtaining the "victim trader's" transactions, the defendants tampered with the proposed block as follows:

a. Defendants allowed the Victim Traders to complete their buy trades (i.e., their front-running). In effect, the Victim Traders sold approximately $25 million in various stablecoins or other more liquid cryptocurrencies to purchase particularly urgent assets.

b. Defendants violated the Relay Protocol and the MEV-Boost system and subsequently replaced the decoy transactions with altered transactions. In the altered transactions, defendants sold the illiquid cryptocurrency that the victim trader had just purchased as a result of the decoy transactions and that defendants already held based on information collected through the decoy transactions. In exchange, defendants received the victim trader's stablecoins or more liquid cryptocurrencies that were used to purchase the illiquid cryptocurrency. In effect, the altered transactions drained the liquidity pool of all cryptocurrencies that the victim trader had deposited based on their front-running transactions.

c. As a result of these actions, the victim traders’ final sales transactions could not be conducted. The illiquid cryptocurrencies purchased by the victim traders in the previous transactions had become effectively worthless, and the $25 million of various stablecoins or other more liquid cryptocurrencies that the victim traders used to purchase these transactions had been stolen by the defendants through the tampering transactions.

27. Finally. Defendants Anton Peraire-Bueno and James Peraire-Bueno used malicious validators to post reordered blocks containing altered transactions to the blockchain.

28. On or about April 3, 2023, the day after the breach, Defendant James Peraire-Bueno emailed a representative of Bank-2 requesting a safe large enough to fit a laptop. Two days after the breach, on or about April 5, 2023, James Peraire-Bueno emailed Website-1 asking if Website-1 would provide access logs for vetted IP addresses of individuals who accessed the public repository hosted on Website-1. As described in Paragraph 20, the source code for the Relay was hosted on Website-1, and Defendant Anton Peraire-Bueno accessed Website-1 on or about December 12, 2022.

29. Meanwhile, in the weeks following the breach, defendant Anton Peraire-Bueno searched online for “top crypto lawyers,” “statute of limitations in the U.S.,” “statute of limitations for wire fraud,” “fraudulent Ethereum address database,” and “money laundering statute of limitations.”

Subsequently, the two defendants confused cryptocurrencies by lending and exchanging DAI and USDC, and finally laundered USDC between multiple exchange accounts, bank accounts, and securities broker accounts.