Two MIT students charged for exploiting Ethereum blockchain bug, stole $25 million in crypto


Ethereum logo

Just when you’ve thought you’ve seen everything when it comes to cryptocurrency theft, two brothers attending MIT have uncovered a brand new way to steal millions.

According to a U.S. Department of Justice (DOJ) announcement on Wednesday, Anton Peraire-Bueno and James Peraire-Bueno have both been charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. The brothers allegedly found a way to exploit the Ethereum blockchain and stole $25 million in cryptocurrency as a result.

“As we allege, the defendants’ scheme calls the very integrity of the blockchain into question,” U.S. Attorney Damian Williams for the Southern District of New York said in a statement. “The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe.” 

“Once they put their plan into action, their heist only took 12 seconds to complete,” Williams continued. “This alleged scheme was novel and has never before been charged.”

How two MIT students exploited the Ethereum blockchain

While one part of the brothers’ scheme may have taken only 12 seconds, the DOJ indictment makes it clear that they meticulously planned and prepared for months in order to successfully exploit the Ethereum blockchain.

On the Ethereum blockchain, transactions aren’t verified in chronological order, but by “maximum extractable value” or MEV, essentially how much value can be earned by validators from the transaction. Validators verify transactions, and in turn, add new blocks to the blockchain. 

According to the DOJ, the two MIT students exploited a flaw in MEV-Boost, an open-source software used by 90 percent of Ethereum validators. Upon discovering the exploit, Anton and James Peraire-Bueno set up a series of validators using shell companies in order to conceal their identities. The DOJ alleges it took “several months” for the two to prepare for their scheme.

The Peraire-Bueno brothers set their plot in motion by creating “bait transactions” in order to trick “victim traders” into revealing their trading behaviors.

In April 2023, the two pulled off their $25 million crypto heist by “luring” in the victim traders’ MEV bots with eight transactions containing “illiquid cryptocurrency” to frontrun and then transfer into stablecoins and other liquid cryptocurrencies. These bundled “Lure Transactions” from the brothers were timed to be verified by one of their own validators.

From there, the brothers further exploited the system by forging signatures to deceive the blockchain relay into releasing the transaction information, which they then manipulated. As a result, Anton and James Peraire-Bueno walked away with $25 million and proceeded to take further steps to conceal their alleged crime.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office in a statement. “In this case, IRS-CI New York’s Cyber Unit simply followed the money.”

According to the DOJ, the two left a trail of incriminating evidence, including a document laying out the exploit in full detail, breaking their scheme into “four stages:” The Bait, Unblinding the Block, The Search, and The Propagation.

In addition, in the weeks and months following the exploit, the brothers search history unveiled queries for terms such as “top crypto lawyers,” “wire fraud statute of limitations,” “money laundering,” “fraudulent Ethereum addresses database,” and searches related to which countries the U.S. has extradition agreements with.

The two face up to twenty years in prison for each charge.

Like it? Share with your friends!


What's Your Reaction?

hate hate
confused confused
fail fail
fun fun
geeky geeky
love love
lol lol
omg omg
win win


Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube and Vimeo Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format