$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register

These transactions are grouped onto blocks that are chained together, hence the name.
As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to approve by vote and securely add to the chain.
When randomly picked to propose a new block for the chain, a validator has roughly 12 seconds to complete that operation and offer a valid block to its peers to verify and accept for the chain.
Bots called searchers rifle through those pending transactions, and using fun algorithms assemble bundles of transactions for builder bots to package together into blocks for validators to consider for the chain.
Builder bots can also use interesting algorithms to combine and optimize bundles from multiple searchers to craft these proposed transaction blocks.
The builders stand to receive a reward in terms of fees and other sources when their proposed blocks make it onto the chain, and the validators approving the blocks get a cut of that income.
It's in the interests of the validators to pick the blocks that are the most profitable, it's in the builders' interests to construct blocks that look attractive to validators, and the blockchain's users pay fees to get their transactions picked up.
The builders offer their proposed blocks to validators via relays.
The relays only provide just enough info to the validators for those bots to determine how much they stand to gain from accepting a particular block, and not the specifics of the transactions; when a validator accepts a block for processing, it gets the full details from the relay to analyze and attest.
Nine out of ten validator bots use an open source program called MEV-Boost to communicate with multiple relays to select the most-rewarding block from a whole range of builders competing for a payout.
The MEV in MEV-Boost stands for Maximum or Maximal Extractable Value, and is fairly complex, but essentially it's what the validators, builders, and their searchers stand to make from crafting, proposing, and attesting a block of carefully picked and ordered transactions from the mempool buffer.
The searcher can offer to pay block builders to use its bundle knowing it will still make a profit.
Searchers and builders set the order of transactions in a proposed block, but so can validators: A validator chosen by the system to provide the next block can go it alone and offer its own block for committee approval.
That's why relays usually withhold the full details of proposed blocks until a validator promises, using a digital signature according to the US Dept of Justice, to attest a chosen block.
Otherwise, a validator could look through all the proposed blocks, pick a profitable one, and then create its own block based on that offered one, and pass it to the committee to accept, screwing over the searchers and builders by taking the rewards.
Prosecutors claim the pair found a flaw in the MEV-Boost project's relay code that could be exploited to release the full details of a proposed block prematurely.
Thus, the duo allegedly set up validators that exploited a relay to hand over a complete proposed block too early, rejigged the transaction list to their advantage, and sent the block off for committee approval, netting them a hefty windfall.
First, the duo waited for one of their validators to be randomly selected to provide the next block for the Ethereum chain.
The three traders' automated searchers took the bait, it's claimed, and offered bundles of transactions to block builders that aimed to achieve the following: Buy up $25 million of those illiquid cryptocurrencies using stablecoins and other liquid assets, run the brothers' transactions, and then sell that cryptocurrency at a higher price and pocket the difference.
The allegedly altered block was sent off for verification by committee vote and accepted onto the chain.


This Cyber News was published on go.theregister.com. Publication date: Sat, 18 May 2024 08:43:05 +0000


Cyber News related to $25M gone in 12 seconds! Brothers accused of Ethereum heist The Register

Accepting Ethereum for Businesses, An Overview - For a business looking to stay ahead of the curve, opting to accept Ethereum payments could be the key to unlocking a new world of opportunities. Accepting Ethereum payments offers businesses global market reach, cost-effectiveness, privacy and ...
10 months ago Hackread.com
Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds - It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency - and only 12 seconds to actually pull off the heist. The brothers, Anton Peraire-Bueno and James Pepaire-Bueno, ...
7 months ago Securityboulevard.com
Exploring the Phenomenal Rise of Ethereum as a Digital Asset - In this exploration, we delve into the multifaceted layers of Ethereum's meteoric rise, dissecting the technological breakthroughs, the vibrant community dynamics, and the pivotal moments that have propelled it to the forefront of the digital asset ...
10 months ago Hackread.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
7 months ago Go.theregister.com
The Mystery of the $400 Million FTX Heist May Have Been Solved - When more than $400 million worth of crypto was mysteriously pulled out of the coffers of what was once the world's biggest cryptocurrency exchange, FTX, on the very day that it declared bankruptcy in November of 2022, many initially suspected ...
10 months ago Wired.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
Brothers arrested for $25 million theft in Ethereum blockchain attack - Anton Peraire-Bueno and James Pepaire-Bueno were arrested in Boston and New York on Tuesday on charges of wire fraud and conspiracy to commit wire fraud and money laundering. If convicted, each of them faces a maximum penalty of 20 years in prison ...
7 months ago Bleepingcomputer.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws - The car manufacturer has disclosed that a breach discovered last November has exposed personal data of more than 53,000 current and former employees of the company. This breach occurred during a hit on its external VPN by a threat actor who then ...
7 months ago Cisoseries.com
Arrests in $400M SIM-Swap Tied to Heist at FTX? - Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct ...
10 months ago Krebsonsecurity.com
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000% - Deceptive actors are manipulating pool liquidity, sending token prices soaring by a shocking 22,000%. 80,000 Heist Unveiled: The manipulation of pool liquidity resulted in a swift and calculated theft of $80,000 from unsuspecting token holders. Check ...
1 year ago Blog.checkpoint.com
Who is Alleged Medibank Hacker Aleksandr Ermakov? - Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old ...
10 months ago Krebsonsecurity.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
Kremlin accuses US of plotting election-day cyberattack The Register - The Kremlin has accused the United States of meddling in Russia's upcoming presidential election, and even accused Uncle Sam of planning a cyberattack on the country's online voting system. The snoops did not provide any proof to support these ...
9 months ago Go.theregister.com
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2023-44183 - ...
1 year ago
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
1 year ago Theregister.com
Protecting branch office environments from ransomware The Register - Sponsored Feature Ransomware gangs that steal and encrypt vital business data before extorting payment for its decryption and restoration are ramping up global attacks at an ever-increasing rate. Cyber security experts agree that ransomware now ...
9 months ago Go.theregister.com
FBI Uncovers North Korean Hacking Group 'Lazarus' Behind 100M Crypto Heist - The FBI has unveiled evidence connecting a North Korean hacking group known as 'Lazarus' to the massive crypto heist of over $100 million – one of the biggest digital currency thefts to date. ...
1 year ago Therecord.media
LockBit leaks Boeing files after failed ransom negotiations The Register - The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand. The gang dumped the files online early Friday morning. This latest leak ...
1 year ago Theregister.com
North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)