On May 15, the United States Department of Justice (DOJ) charged two brothers, Anton and James Peraire-Bueno, with allegedly carrying out an attack on the Ethereum network that resulted in $25 million being transferred from maximal extractable value (MEV) bots to the defendants. The indictment claims that the attackers, through their Ethereum validators, proposed blocks whose ordering was so malicious that it constituted the crime of wire fraud.
The charges were revealed in a grand jury indictment that laid out the DOJâs view.
The case has divided the crypto community. Some claim that the MEV bots were themselves attempting to defraud the brothers and that the defendants should not be seen as victims, while others say the brothers were in the wrong for exploiting bad code. Some have also argued that the case sets a dangerous precedent and will lead to full-scale regulation of Ethereum.
The technical nature of the case has only compounded the controversy further, as terms like âMEV,â âsearchers,â ârelays,â âsandwich attacksâ and others that may not be understood by all Ethereum users are being tossed around in the discussion.
The following is an exposition of how the brothers allegedly carried out their attack.Â
What is maximal extractable value?
According to Ethereum network documents, MEVÂ refers to the maximum value that can be extracted from a block of transactions based on their ordering.
Some on-chain trades will be more beneficial to a user if they go through in a particular order. For example, a trader who wants to use their stablecoins to buy a large amount of Ether (ETH) when itâs at a low price will not want another trader to be able to buy it in size first, as the first traderâs purchase may cause the price to increase. In some cases, the user may prefer not to trade at all if they canât place their trade in priority.
Under normal circumstances, when a user posts an Ethereum transaction, it gets sent to the networkâs memory pool, or âmempool,â where it is stored until it is either canceled or confirmed and added to the blockchain. Once it is in the mempool, any device on the network can view its contents.
This means that if a trade is placed through the normal method, another trader can potentially copy it and have it executed first. In this case, the trader who originally posted the trade will pay a higher price for the asset they are buying. The process of copying other tradersâ transactions and executing them first as su is called âfront-running.â
Visual representation of front-running. Source: Medium
If a trader can front-run a trade, they can potentially profit by performing a âsandwich attack,â which involves first buying up the asset to make the subsequent trader pay a higher price, then selling into the liquidity pool after the subsequent traderâs transaction has been executed.
To defend against sandwich attacks, most decentralized exchanges today submit transactions directly to a whitelisted group of block-builders, bypassing the mempool entirely. This prevents bots from detecting the usersâ transactions and copying them.
Related: 1inch releases new tool to protect traders against âsandwich attacksâ
However, some traders still submit their transactions directly to the mempool, thereby opening themselves up to the possibility of a sandwich attack.
If a user does submit a trade to the mempool, other users â which are typically bots â will compete with each other to sandwich-attack the original user. In this case, the bot that pays the highest gas fee to the validators will have their transaction executed first and will, therefore, be able to perform the attack.
However, the attack will only be profitable if the gas fee paid is less than the profit from the attack. Therefore, the bot should theoretically only be willing to pay an amount equal to or less than the profit. This amount, the maximum amount of gas a user should be willing to pay to execute an arbitrage, is called the âMEV.â
MEV doesnât only refer to the extraction that occurs in sandwich attacks or front-runs, though. It can also describe other arbitrage opportunities that arise from the order of transactions, such as profits from liquidating bad loans.
However, the Peraire-Bueno case specifically involves bots that were attempting to perform a sandwich attack, so the other types of MEV are not relevant in this instance.
The MEV ecosystem
To understand the claims made in the indictment, itâs also helpful to consider how the MEV ecosystem works today.
In the early days of Ethereum, individual firms ran MEV bots that were also validator nodes. This led to rampant competition and a reduction in profits. However, most nodes today use the Flashbots system, which allows bots to hide their profitable arbitrages until the moment their transactions are added to the blockchain.Â
This allows them to earn bigger profits through custom coding, as their arbitrage transactions are never added to the mempool and cannot be copied.
Flashbots has also allowed traders to hide their own trades to defend themselves against sandwich attacks.
According to its documents, in the Flashbots system, some computers play the role of âsearchers.â They use proprietary code to scan the blockchain for arbitrage opportunities. Once they find a set of profitable transactions, they order them into a bundle and send them to a âbuilderâ computer.
The builder computers collect bundles from the searchers, as well as transactions from traders who want to bypass the mempool. These bundles and extra transactions are sent to relays, which take in transactions from multiple builders and use them to create a proposed block.
Once a relay has created a proposed block, it offers a gas fee to the validators in exchange for a commitment to confirm its block after publishing. The relay attempts to propose a high enough gas fee that its block will likely be published, but not high enough to make the various individual trades unprofitable for its clients â the individual builders, searchers and users.
If a validator node wants to publish a relayâs block, it responds with a signature committing itself to confirming that block. Only once the signature is transmitted does the relay reveal the transactions within the block. The block is then added to the blockchain after other validators on the network confirm it.
Flashbots âMEV-Boostâ architecture. Source: Flashbots
The Peraire-Bueno brothers are accused of exploiting this flashbots MEV system, transferring $25 million to themselves by tricking the system into believing that a profitable arbitrage existed, when, in fact, the âarbitrageâ resulted in losses for the searchers who discovered it.
Related: MEV bot pulls $1.7M profit from a single âinefficientâ Dogwifhat trade
How they allegedly exploited the MEV system
According to the indictment, the two brothers carried out the exploit by first creating 16 Ethereum validator nodes. Through these nodes, they published a set of âbaitâ transactions that appeared to be lucrative MEV opportunities. Relays picked up some of these transactions and included them in blocks, while others were not included. Over time, the accomplices used these test transactions to determine how to guarantee that their transactions would be included in a relayâs block.
Once they were sure they could get their transactions included in a block, they waited for one of their 16 validator nodes to get chosen as a block producer. They then published eight âlureâ transactions that they wanted included in a block. These transactions were picked up by three different searchers and were ultimately included by a relay. After building blocks that included the transactions, the relay published the header for its block and requested the brothersâ node to confirm it.
The brothersâ validator node responded by producing a fake signature committing to propose the relayâs block, the indictment alleges. Due to a flaw in the cryptographic system used to produce the signature, it was possible for the node to fool the relay into believing it had signed the message, but in fact, the signature was not valid and would not be accepted by other validator nodes as a firm commitment. The indictment states:
âAfter the Relay released the blockheader for the proposed block which contained the Victim Tradersâ ordered transactions, [...] the defendants, exploited a vulnerability in the Relayâs computer code by sending the Relay a false signature [...] in lieu of a valid signature. Based on their research and planning prior to the exploit, [the defendants] knew that the information contained in the False Signature could not be verified for ultimate publication to the blockchain.â
Once this fake signature was transmitted, the relay published the contents of its block. In response, the validator reordered the block and signed it with the real signature, officially proposing the reordered block instead of the one the relay had preferred. As a result, this reordered block was confirmed by other validators, the indictment claims.
In the original block proposed by the relay, the three searchers first used stablecoins to purchase a large number of highly illiquid tokens, pushing up their prices. Afterward, the brothers purchased these same tokens at a higher price. This resulted in a large amount of stablecoins being transferred into the exchangeâs liquidity pool.
The searchers then unloaded the tokens they had just purchased, draining the pool of the stablecoins that both parties had just put into it. Finally, the brothers sold their tokens into the now-drained pool, causing them to receive much less for the tokens than they originally paid. In essence, the original block executed a classic sandwich attack against the brothers.
However, the reordered block did something very different. In it, the brothers purchased the tokens first, pushing up their prices. Then, the searchers purchased more tokens, draining them from the pool and replacing them with stablecoins. After the searchers made their purchase, the brothers sold their tokens into the pool, draining most of the stablecoins out of it.Â
Finally, the searchers attempted to resell their tokens. But at this point, the pool no longer had enough liquidity to buy back the tokens. As a result, the final transaction failed, and the searchers were stuck with essentially worthless tokens.
Because the reordered block was confirmed instead of the original, the brothers profited $25 million in stablecoins from the trade, while the searchers lost $25 million. Essentially, the brothers reversed the sandwich attack, causing the attackers to lose money instead of themselves.
In the Justice Departmentâs view, this action constituted âwire fraudâ because the lure transactions and false signature were âmaterial representations,â binding statements made from one party to another in a commercial transaction, and because they were knowingly sent to deceive the MEV bots. As the indictment states:
âThe defendants [...] engaged in a scheme to defraud the Victim Traders, by making material representations, [including] the Lure transactions and False Signature, in order to fraudulently obtain cryptocurrency.â
The Peraire-Bueno brothers have not been arraigned, and no trial date has been set as of the time of publication.
The crypto community responds
The case has been controversial within the crypto community.
Some Ethereum users have expressed incredulity at the DOJâs view that MEV bots, which were allegedly attempting to sandwich-attack traders themselves, deserved to have their opponents thrown in jail.
For example, on May 15, Helius Labs CEO Mert Mumtaz asked rhetorically on X, âHold up. These guys are being charged with wire fraud for *checks notes* baiting MEV bots on Ethereum??????â TradingStrategy co-founder Mikko Ohtamaa argued that the DOJ is practicing a double standard. âYou are only allowed to sandwich retail users,â he claimed. âWhen you sandwich MEV bots then you are a criminal and MEV bot operator sues you in the nearest US court.â
AllianceDAO contributor Mohamed Fouda argued that the case creates a slippery slope, as it may lead to full-scale regulation of Ethereum. The indictment is both âa recognition of the power of Ethereum to settle financial transactionsâ and simultaneously âa trap to pull every operator on Ethereum into a web of legal compliance requirements,â he claimed.
Source: Mohamed Fouda
The indictment âlegitimizes the harmful behavior of Sandwich attacks and frontrunning,â treating them as normal, Fouda stated, which he considers to be âcatastrophic.â
In addition, it âdraws a faulty picture of the roles of relayers in the Ethereum system,â treating them as escrow services. Fouda claimed that this treatment was âprobably to tie them to specific âresponsibilitiesâ and âdutiesâ they owe to the MEV searchers,â which can cause Ethereum operators to be subjected to âmultiple compliance requirements.â
While some users shared these criticisms, others defended the DOJâs actions. Crypto trader Beanie posted to X on May 15 to argue that âexploiting software for gain is always illegal,â adding that âcode isnât law. Lots of precedence here.â
Polygon Labs vice president Hudson Jameson expressed a similar view in a reply to Foudaâs post. âIt wasnât simply baiting bots and sandwiching,â he claimed. âThey actually exploited a flaw in MEV boost itself.â In response, Fouda conceded that âwhat they did is probably a crimeâ but argued that it âdoesnât negate the fact that sandwich bots are Ok or business as usual.â
The practice of obtaining MEV has been controversial since the beginning of the Ethereum network. Some networks have attempted to prevent what they consider to be âmaliciousâ MEV in various ways. For example, Shutter claims to use threshold encryption to stop front-running and sandwich attacks, whereas Neo X has stated that it accomplishes a similar aim using a delegated Byzantine fault tolerance consensus mechanism.
However, these are technical solutions to the perceived problem. So far, there are no known cases of sandwich attack victims attempting to prosecute MEV bots for wire fraud.
Related:Â Vitalik Buterin proposes solutions for Ethereumâs MEV problem