this post was submitted on 16 May 2024
277 points (96.6% liked)

Technology

58753 readers
4557 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
277
MIT Students Stole $25 Million In Seconds By Exploiting ETH Blockchain Bug, DOJ Says (slashdot.org)
submitted 5 months ago by 0nekoneko7@lemmy.world to c/technology@lemmy.world
92 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] shrugal@lemm.ee 115 points 5 months ago (27 children)

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

[–] treadful@lemmy.zip 22 points 5 months ago (6 children)

Frustratingly vague for a Slashdot write-up.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office.

Good to know the prosecutors have an understanding of what they're prosecuting... Not even a single mention of MEV in the DoJ press release.

[–] bartolomeo@suppo.fi 2 points 5 months ago

What's funny is that that's a description of MEV.

gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victim

I skipped "fraudulent" because neither MEV bots nor this attack can be called fraudulent imo, although MEV is definitely taking value one didn't help create.

load more comments (5 replies)
load more comments (25 replies)