Perrier-Bueno Brothers 25M from MEV Bots Exploitation
On May 15, the United States Department of Justice (DOJ) indicted two brothers, Anton and James Perrier-Buino, for allegedly conducting an attack on the Ethereum network that resulted in the transfer of $25 million from high-value (MEV) bots. The defendants. The indictment alleges that the attackers used their Ethereum validators to supply blocks where the order was so malicious that it amounted to wire fraud.
The charges were revealed in a grand jury indictment that sets forth the DOJ's view.
The issue has divided the crypto community. Some say the MEV bots themselves were trying to scam the brothers and the accused shouldn't be seen as victims, while others say the brothers were at fault for using bad code. Some have argued that the issue sets a dangerous precedent and will lead to complete control of Ethereum.
The technical nature of the issue has further exacerbated the controversy, with terms such as “MEV”, “seekers”, “relay”, “sandwich attacks” and other terms that cannot be understood by Ethereum users being thrown around in the discussion. .
The following is a description of how the brothers carried out their attack.
What is the maximum withdrawal amount?
According to the Ethereum network documentation, MEV refers to the maximum value that can be issued from a block of transactions based on their order.
Certain transactions on the chain are more useful to a user if they go in a certain order. For example, a trader who wants to buy a large amount of Ether (ETH) at a cheap price to use their Staticon funds will not want to buy it in the first quantity. To add value. In some cases, the user chooses not to trade at all if they cannot prioritize their trade.
Under normal circumstances, when a user posts an Ethereum transaction, it is sent to the network's memory pool, or “mempool,” and stored until it is deleted or verified and added to the blockchain. Once inside Mempul, any device on the network can view its contents.
This means that if a trade is made in a conventional way, another trader can copy it and make it work first. In this case, the merchant who posted the trade first will pay more for the property they are buying. The process of copying other traders' trades and executing them first is called “front running”.
If a trader can execute a front-end trade, they can profit by conducting a “sandwich attack,” which involves first buying the asset at a higher price for the subsequent trader, then selling it to the liquid pool after the subsequent traders trade. He was killed.
To protect against sandwich attacks, most decentralized exchanges today bypass the mempool entirely and submit transactions directly to a group of authorized block-builders. This prevents bots from accessing and copying users' transactions.
Related: 1inch Releases New Tool to Protect Merchants from ‘Sandwich Attack'
However, some traders still enter their transactions directly into Mempool, thus opening themselves up to a sandwich attack.
If a user submits a trade to Mempool, other users – usually bots – compete with each other to attack the first user's sandwich. In this case, the bot that pays the highest gas fee to the prices will be the first to make their transaction, so it can carry out the attack.
However, the attack is profitable only if the gas payment is less than the profit from the attack. Therefore, the bot should theoretically be willing to pay an amount equal to or less than the profit. This amount, called the “MEV,” is the maximum amount of gas a user would be willing to pay to fulfill the arbitrage.
MEV doesn't just refer to extraction that occurs in sandwich attacks or forward runs, though. It may also reveal other arbitrage opportunities arising from the sequence of transactions, such as the gain from liquidating bad loans.
However, the Perrier-Buneau case specifically involves bots attempting to perform a sandwich attack, so the other types of MEV are not relevant in this example.
The MEV ecosystem
To understand the claims made in the lawsuit, it's helpful to think about how the MEV ecosystem works today.
In the early days of Ethereum, individual organizations ran MEV bots which were validator nodes. This has led to intense competition and reduced profits. However, most nodes today use the Flashbots system, which allows bots to hide their profitable arbitrage until their transactions are added to the blockchain.
This allows them to make huge profits through custom coding, as their arbitrage transactions are never added to the association and cannot be copied.
Flashbots also allow traders to hide their trades to protect themselves from sandwich attacks.
According to the documents, in the Flashbots system, some computers play the role of “seekers”. They use proprietary code to scan the blockchain for arbitrage opportunities. Once you get the profitable transactions, you put them into a package and send them to the “developer” computer.
Builder computers collect packets from searchers, as well as transactions from merchants who want to bypass the Mempool. These packets and additional transactions are sent to relays that take transactions from multiple builders and use them to create a scheduled block.
Once a relay creates a proposed block and publishes it, it pays validators gas in exchange for committing to verify the block. The distributor tried to provide a high enough gas bill that the ban could be published, but not enough to make the various individual transactions unprofitable for its customers – individual builders, prospectors and consumers.
If a verifying node wants to publish a relay block, it responds with a signature that it has given itself to verify that block. Only once the signature has been transmitted will the transmitter display the transactions in the block. After verification by other validators on the network, the block is added to the blockchain.
The Pereira Bueno brothers are accused of exploiting this flashbots MEV system and tricking the system into believing there was a viable arbitrage by transferring $25 million to themselves.
Related: MEV bot makes $1.7M profit from ‘non-working' Dogwifhat trade
How to use the MEV system
According to the lawsuit, the two brothers first created 16 Ethereum validator nodes and carried out the exploit. Through these nodes, they publish “bait” transactions that look like profitable MEV opportunities. Relay picks up some of these transactions and includes them in blocks, while others are not. Over time, the collaborators used these test transactions to figure out how to guarantee that their transactions would be included in the relay block.
After verifying that their transactions are included in the block, they wait for one of the 16 validator nodes to be selected as the block producer. They then published the eight “decoy” transactions they wanted to be included in the block. These transactions were taken by three different detectors and finally included in the relay. After constructing the buildings comprising the transaction, the conveyancer published the title of the block and asked the brothers to confirm the intersection.
Brethren's authentication node responded by creating a fake signature to indicate the blocking of the transmission, the lawsuit said. Due to a flaw in the cryptographic system used to create the signature, the node could be tricked into believing that it has signed the message, but in fact the signature is invalid and not accepted by other authenticating nodes. As a firm commitment. The suit says so.
“After the victim traders submit the block containing the ordered transactions to the proposed block; […] The defendants exploited a vulnerability in Relay's computer code by sending Relay a false signature […] In lieu of a valid signature. According to their research and planning before the exploitation, [the defendants] He knew that the information contained in the fake signature could not be finally verified by the blockchain for publication.
Once this pseudo-signature is transmitted, the relay publishes the contents of the block. In response, the validator reorders the block and signs it with a real signature, making the reordered block public rather than the one the relay chose. As a result, this reordered ban is confirmed by other certifiers, the lawsuit alleges.
In the first block provided by Relay, the three miners initially bought a large number of very illegal tokens and inflated their value using the stablecoin. The brothers then bought these same tokens at a higher price. This has resulted in a large amount of stablecoins moving into the exchange's liquid pool.
The miners then unloaded the tokens they had bought, depleting the pool of stablecoins that both parties had invested in. Eventually, the brothers sold their tokens in the now-empty pool, receiving much less of the tokens than they originally paid for them. Basically, the first bloke performed a classic sandwich attack on the brothers.
However, the reordered ban did something very different. In it, the brothers bought tokens first, increasing their value. Then, the miners bought more tokens, draining them from the pool and replacing them with statscoins. After the prospectors made their purchases, the brothers sold their tokens into the pool, withdrawing most of the stablecoins from it.
Finally, the seekers tried to sell their tokens again. But this time the pool did not have enough liquidity to buy back the tokens. As a result, the last transaction failed, and the prospectors were basically stuck with worthless tokens.
Because the reordered block was confirmed instead of the original, the brothers gained $25 million in stablecoin from the trade, while the prospectors lost $25 million. Basically, the brothers modified the sandwich attack to make the attackers lose money instead of themselves.
In the Justice Department's view, this action is “wire fraud” because the decoy transactions and false signatures are “material representations,” binding statements made by one party to another in a commercial transaction, and sent knowingly to deceive the MEV bots. . According to the lawsuit:
“The defendants […] By making a material representation of a scheme to defraud victim traders; [including] Lure transactions and fake signatures, to fraudulently obtain cryptocurrency.
The Perrier-Bueno brothers have not been charged, and a trial date has not been set as of press time.
The crypto community responds
The issue has been controversial in the crypto community.
Some Ethereum users have expressed their belief in the DOJ's opinion that MEV bots who allegedly tried to attack sandwich traders deserve to be thrown in jail.
For example, on May 15, Helios Labs CEO Mert Mumtaz asked rhetorically on X, “Wait. These guys *check note* are being sued for wire fraud for chasing MEV bots on Ethereum?????? Trading Strategy co-founder Mikko Ohtama argued that the DOJ is practicing a double standard. “You're only allowed to sandwich retail users,” he said. “When you sandwich MEV bots, you are a criminal and the MEV bot operator will sue you in the nearest US court.”
AllianceDAO contributor Mohamed Fuda argued that the issue creates a slippery slope as it could lead to complete control of Ethereum. The lawsuit is both a “recognition of Ethereum's power to solve financial transactions” and at the same time “a trap to draw every operator on Ethereum into a web of legal compliance requirements.”
The lawsuit “legitimizes the sandwich attack and the harmful behavior of the Frontline,” Fuda said, calling it a “tragedy.”
In addition, it “paints a false picture of the roles of intermediaries in the Ethereum system” and considers them a service. Fuda said this treatment is “likely to be tied to the ‘responsibilities' and ‘duties' that MAV applicants will have to undertake”, which could subject Ethereum operators to “a number of compliance requirements”.
While some users shared these criticisms, others defended the DOJ's actions. “It's always illegal to exploit software for profit,” crypto trader Bini wrote in a May 15 post on X, arguing that “code is not law. There's a lot of precedence here.”
Hudson Jameson, vice president of Polygon Labs, expressed similar sentiments in his response to FODA's post. “It wasn't just fishing bots and making sandwiches,” he said. “They exploited a flaw in the MEV booster itself.” In response, Foda acknowledged that “they may have committed a crime” but argued that “it doesn't negate the fact that sandwich bots are safe or business as usual.”
The practice of earning MEV has been controversial since the inception of the Ethereum network. Some networks have tried to prevent MEV, which they believe to be “malicious”, in various ways. For example, Shutter uses baseline encryption to stop front-running and sandwich attacks, while NeoX states that it achieves the same goal by using a Byzantine fault tolerance consensus mechanism.
However, these are technical solutions to the perceived problem. So far, there are no known cases where victims of sandwich attacks have tried to sue MEV bots for wire fraud.
Related: Vitalik Buterin Proposes Solutions to Ethereum's MEV Problem
