In a landmark case that has to be the first of its kind, two brothers, both graduates of the prestigious Massachusetts Institute of Technology (MIT), have been apprehended and charged with exploiting a vulnerability in the Ethereum blockchain.
Their alleged actions resulted in a massive $25 million theft in 12 seconds. Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, face fraud and money laundering charges.
A Well-Planned Exploit Of the Ethereum Blockchain By the Two Brothers
Two Brothers Arrested for Attacking Ethereum Blockchain and Stealing $25M in Cryptocurrency
🔗: pic.twitter.com/2Mlb3zIdpo
— U.S. Department of Justice (@TheJusticeDept) May 15, 2024
Federal prosecutors in Manhattan filed the charges, describing the scheme as meticulously planned and executed with the precision of a high-stakes digital heist.
“The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe,” said Damian Williams, the U.S. attorney for the Southern District of New York.
The Peraire-Bueno brothers were arrested on Tuesday, with Anton being taken into custody in Boston and James in New York. They are expected to appear in federal court on Wednesday afternoon. The brothers’ lawyers have not yet commented on the charges.
According to the US Justice Department, the brothers set up validators on the Ethereum network, which are intended to help order transactions and facilitate profitable trades through bots. However, they allegedly used their validators to deceive traders and secure access to pending transactions. This manipulation allowed them to alter the flow of electronic currency, effectively stealing the crypto. They then moved the stolen funds through complex transactions to obscure their origins.
Over several months, the brothers meticulously planned their operation. They studied the trading patterns of Ethereum bots and established shell companies and identified cryptocurrency exchanges with lax ‘know your customer’ (KYC) procedures to launder their illicit gains.
Their thoroughness even extended to researching extradition procedures, highlighting the depth of their preparation.
Stolen Funds Going Up This Year
The heist is only the tip of the iceberg of ill-gotten crypto in recent years. United Nations sanctions monitors recently reported that North Korea laundered $147.5 million in stolen cryptocurrency through the Tornado Cash platform in March alone.
A confidential document submitted to the U.N. Security Council sanctions committee revealed that North Korean suspects have been linked to 97 cyberattacks on crypto firms over the past seven years, amounting to approximately $3.6 billion.
According to PeckShield, approximately $100 million of stolen cryptocurrency funds were successfully recovered in March, representing 52.8% of the total hacked amount. Despite initial losses of $187.29 million across over 30 hacking incidents, the Munchables incident was particularly notable. Following negotiations, the hacker returned the stolen funds, significantly contributing to the recovered amount.
Meanwhile, a recent $71 million wallet impersonation scam resulted in an investor transferring 97% of their assets to a bait wallet address. The hacker swiftly converted the stolen Wrapped Bitcoin (WBTC) into approximately 23,000 ETH and began distributing the funds across multiple wallets after six days.
In the first quarter of 2024, total losses from hacking and fraudulent activities reached approximately $336.3 million, down from $437.5 million in the same period in 2023. The quarter saw 46 hacking incidents and 15 cases of fraudulent activities.
Ethereum was the most targeted blockchain, followed by the BNB Chain, with both networks accounting for 73% of the total losses. Major incidents included the $81.7 million exploit on Orbit Bridge and the $62 million Munchables hack, with a notable recovery of $73.9 million (22%) from seven exploits. Hacking incidents accounted for 95.6% of the losses, while scams and rug pulls comprised 4.4%.