Blockchain
Brothers arrested for allegedly exploiting the Ethereum blockchain to steal $25 million in 12 seconds
Last updated: May 15, 2024 10:03 pm EDT | 2 minute read
In a landmark case that must be the first of its kind, two brothers, both graduates of the prestigious Massachusetts Institute of Technology (MIT), have been arrested and accused of exploiting a vulnerability in the Ethereum blockchain.
Their alleged actions led to a massive theft of $25 million in 12 seconds. Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, risk fraud and money laundering charges.
A well-planned exploit of the Ethereum blockchain by the two brothers
Two brothers arrested for hacking the Ethereum blockchain and stealing $25 million in cryptocurrencies
🔗: https://t.co/rY4No6YUrm pic.twitter.com/2Mlb3zIdpo
— US Department of Justice (@TheJusticeDept) May 15, 2024
Federal prosecutors in Manhattan filed the charges, describing the scheme as meticulously planned and executed with the precision of a high-stakes digital robbery.
“The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied on by millions of Ethereum users around the world,” said Damian Williams, the U.S. attorney for the Southern District of New York.
The Peraire-Bueno brothers were arrested on Tuesday, while Anton was taken into custody in Boston and James in New York. They are expected to appear in federal court Wednesday afternoon. The brothers’ lawyers have not yet commented on the allegations.
According to the US Department of Justice, the brothers created validators on the Ethereum network, which are intended to help order transactions and facilitate profitable trades through bots. However, they allegedly used their validators to deceive traders and grant access to pending transactions. This manipulation allowed them to alter the flow of electronic currency, effectively stealing the cryptocurrency. They then moved the stolen funds through complex transactions to obscure their origins.
For several months the brothers meticulously planned their operation. They studied the trading patterns of Ethereum bots and established shell companies and identified cryptocurrency exchanges with lax “know your customer” (KYC) procedures to launder their ill-gotten gains.
Their thoroughness also extended to research into extradition procedures, highlighting the depth of their preparation.
Stolen funds will increase this year
The robbery is just the tip of the iceberg of illicitly obtained cryptocurrencies in recent years. UN sanctions monitors recently reported this North Korea laundered $147.5 million in stolen cryptocurrencies through the Tornado Cash platform only in the month of March.
A classified document submitted to the United Nations Security Council’s sanctions committee revealed that North Korean suspects have been linked to 97 cyberattacks against crypto firms over the past seven years, totaling around $3.6 billion.
According to PeckShield, approximately $100 million in stolen cryptocurrency funds were successfully recovered in March, which represent 52.8% of the total hacked attacks. Despite initial losses of $187.29 million in over 30 hacking incidents, the Munchable incident it was particularly notable. Following negotiations, the hacker returned the stolen funds, significantly contributing to the recovered sum.
Meanwhile, a recent A $71 million wallet impersonation scam led to an investor transferring 97% of his assets to a decoy wallet address. The hacker quickly converted the stolen Wrapped Bitcoin (WBTC) into approximately 23,000 ETH and after six days began distributing the funds across multiple wallets.
In the first quarter of 2024, total losses from hacking and fraudulent activities reached approximately $336.3 million, down from $437.5 million in the same period in 2023. There were 46 hacking incidents in the quarter hacking and 15 cases of fraudulent activity.
Ethereum was the most targeted blockchain, followed by the BNB chain, with both networks accounting for 73% of the total losses. Top incidents include the $81.7 million Orbit Bridge exploit and the $62 million Munchables hack, with a notable recovery of $73.9 million (22%) from seven exploits. Hacking incidents accounted for 95.6% of losses, while scams and robberies accounted for 4.4%.