The United States Department of Justice has recently uncovered a case involving the theft of $25 million in cryptocurrency through a scheme that targeted the Ethereum blockchain’s integrity. The indictment, which was unsealed by authorities, charges brothers Anton Peraire-Bueno and James Pepaire-Bueno with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. According to U.S. officials, the brothers managed to fraudulently obtain the substantial sum of crypto within a mere 12 seconds, raising concerns about the very foundation of the blockchain itself.
Thomas Fattorusso, a special agent with the IRS Criminal Investigation’s New York Field Office, explained, “These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims.” The scheme centered around the manipulation of the maximum extractable value (MEV) in the Ethereum blockchain. By deploying a series of test transactions, the brothers were able to exploit a vulnerability that caused the blockchain to prematurely release a proposed block’s full content, enabling them to steal the crypto.
The brothers, however, refused to return the stolen funds and took measures to conceal their assets. They utilized shell companies and foreign crypto exchanges to transfer the stolen crypto to multiple wallets. If convicted, they could face up to 20 years in prison for each count.
Interestingly, the incident occurred at a time when the number of victims falling prey to crypto hacks, exploits, and scams was at its lowest in April since 2021. According to CertiK, a blockchain security platform, approximately $25 million was lost to illicit actors during that month. However, the platform reported a staggering $1 billion in crypto lost to such actors in 2023.
In other news, an analysis of crypto hacks has shed light on the preferred exploit of the Lazarus Group, a notorious hacking group.