278
you are viewing a single comment's thread
view the rest of the comments
[-] shrugal@lemm.ee 112 points 5 months ago

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

[-] survirtual@lemmy.world 50 points 5 months ago

So they discovered faulty code and made some money?

Can anyone explain to me how this is illegal?

The code is a contract. If someone writes bad code and loses money, then write better code - just like if someone writes a bad legal contract and loses money.

The justice system is awful.

[-] shrugal@lemm.ee 38 points 5 months ago* (last edited 5 months ago)

IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.

Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.

[-] survirtual@lemmy.world 6 points 5 months ago

Hacking a private corporate system, which is generally on closed nets and requires an internal actor / phishing, is significantly different from exploiting a code fault on a public network.

Trustless systems rely on mathematics to secure their networks. This is both the revolution of them and the risk. If you build a system of value and it is on a public network, and you fail to properly secure it, that is supposed to be the risk. You lose money, hopefully go bankrupt / lose credibility, and a more efficient actor eats your lunch.

Treating it like a traditional system with these unspoken legal safeguards when it uses a public blockchain and public network is absurd.

[-] shrugal@lemm.ee 7 points 5 months ago

What's absurd is this crypto maximalist take.

You can't just make up your own permission and punishment system, and then expect the legal system to just step aside and let it handle all disputes, especially when it comes to fraud. That's like founding your own city in an existing country, and declaring all existing law obsolete. I know some people think this is a real possibility, but the real world doesn't work like that.

[-] survirtual@lemmy.world 2 points 5 months ago

The "real" world works however the people want it to.

As it stands, it works with laws that protect the rich and elite with superior rights.

Someday, maybe the people will decide on a more equitable system. Nature and mathematics might be heavy contributors to that system.

[-] blargerer@kbin.social 32 points 5 months ago

This is like saying they discovered how to pick a lock so deserve everything in whats locked by it.

[-] survirtual@lemmy.world 11 points 5 months ago

No.

It is more like finding a gold mine on public BLM land. It is over treacherous mountains only experienced climbers can access. There are no signs or doors saying it is licensed to anyone; indeed, it isn't officially registered with BLM. So the climbers go in and take as many gold nuggets as they can carry.

Unbeknownst to them, it was a mine discovered by rich and connected people who have cronies in BLM. Rangers go and arrest the climbers and say that you aren't allowed to climb, climbing is illegal, and taking gold from that mine is illegal because someone else found it and dug it, even though they didn't properly secure it nor did they put up any signs. They assumed the mountain was enough protection.

This is closer to the situation.

[-] technocrit@lemmy.dbzer0.com 11 points 5 months ago

Imagine believing that regular people have any rights whatsoever to "public" land.

[-] survirtual@lemmy.world 3 points 5 months ago

Do you know how BLM land works?

If you find a valuable resource on it, you can register it and you get exclusive access to mine it.

Look it up.

[-] maryjayjay@lemmy.world 1 points 5 months ago

My boss bought a mining claim west of Fort Collins. I can confirm you are correct.

[-] possiblylinux127@lemmy.zip 1 points 5 months ago

The didn't pick the lock, they created bunch of fake exchanges.

[-] yetAnotherUser@feddit.de 28 points 5 months ago

You withdraw cash at an ATM but the software has faulty code which causes your balance to remain the same after withdrawing any amount.

You notice this and then empty the entire ATM this way, making $200,000. I'm sure once you explain to the jury that the ATM just gave you a bad contract, they will acquit you.

[-] General_Effort@lemmy.world 5 points 5 months ago

No one ever said ATM-code is law. Ethereum code is supposed to be. Code is law is one of their slogans.

Everything that a blockchain does could be handled by a single office computer. The whole reason for the huge, expensive over-head is to put crypto beyond the law. Stuff like this exposes the whole, huge waste of human effort.

[-] possiblylinux127@lemmy.zip 2 points 5 months ago

It isn't above law.

[-] qwerty@discuss.tchncs.de 1 points 5 months ago

Code is the law of the blockchain, his transaction wasn't reverted, he got caught irl. It's like saying constitution isn't law because laws of physics don't prevent murder.

[-] Cypher@lemmy.world 4 points 5 months ago
[-] possiblylinux127@lemmy.zip 4 points 5 months ago

They created a bunch of fake shell companies in foreign companies and were preparing to flee the US

[-] Blackmist@feddit.uk 2 points 5 months ago

Doesn't sound a huge deal different to High Frequency Trading, and Wall Street nobheads fall over themselves to exploit that.

[-] pedroapero@lemmy.ml 1 points 5 months ago

Sounds to me that the difference is they exploited a bug to get private information in order to game the bots.

[-] treadful@lemmy.zip 22 points 5 months ago

Frustratingly vague for a Slashdot write-up.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office.

Good to know the prosecutors have an understanding of what they're prosecuting... Not even a single mention of MEV in the DoJ press release.

[-] bartolomeo@suppo.fi 2 points 5 months ago

What's funny is that that's a description of MEV.

gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victim

I skipped "fraudulent" because neither MEV bots nor this attack can be called fraudulent imo, although MEV is definitely taking value one didn't help create.

[-] Kazumara@discuss.tchncs.de 2 points 5 months ago

by fraudulently gaining access to pending transactions

That makes no sense to me. The mempool is public, everyone can see pending transactions.

[-] treadful@lemmy.zip 1 points 5 months ago

Because it's not the public mempool. It's a private MEV mempool that people pay to add their transactions to for special priority or conditional inclusion. For instance, asshole profiteers can use it to sandwich attack traders to siphon off "market inefficiencies" or some people just want immediate front of the line inclusion in the next block.

Presumably they exploited something in this MEV system (completely unrelated to the Ethereum protocol) that allowed them to see the pool and they shouldn't have. Wish I knew more but everything I read was incredibly vague and misleading.

[-] Kazumara@discuss.tchncs.de 1 points 5 months ago

It’s a private MEV mempool

Are you sure there is such a thing? My understanding was that they just submit their sandwich transactions to the mempool with higher and lower gas respectively to achieve their desired priority ranking. Could be wrong though.

[-] treadful@lemmy.zip 2 points 5 months ago

I'm sure, yes. If you submit to a public mempool, you have no guarantees that your two transactions will land on either side of the target transaction in the same block (They likely won't). You need to leverage conditional transactions with MEV so you guarantee the miner will select and position your transactions where you need them. In this case, before and after the target transaction.

Check out the Ethereum Foundation's page on MEV for more info.

[-] Kazumara@discuss.tchncs.de 1 points 5 months ago

Wow, thanks for the link. It seems things have gotten a lot more complicated with PoS. I didn't even know about PBS. I haven't been following along properly.

[-] bartolomeo@suppo.fi 2 points 5 months ago

Let them eat MEV bot operators.

this post was submitted on 16 May 2024
278 points (100.0% liked)

Technology

59227 readers
2995 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS