• shrugal@lemm.ee
    link
    fedilink
    English
    arrow-up
    116
    arrow-down
    1
    ·
    6 months ago

    Here is a more detailed explanation of the exploit.

    The Pepaire-Bueno brothers exploited a bug in MEV-boost’s code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

    The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. […]

    So hardly an attack on any core system of cryptocurrencies.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      22
      ·
      6 months ago

      Frustratingly vague for a Slashdot write-up.

      “These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office.

      Good to know the prosecutors have an understanding of what they’re prosecuting… Not even a single mention of MEV in the DoJ press release.

      • Kazumara@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        by fraudulently gaining access to pending transactions

        That makes no sense to me. The mempool is public, everyone can see pending transactions.

        • treadful@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Because it’s not the public mempool. It’s a private MEV mempool that people pay to add their transactions to for special priority or conditional inclusion. For instance, asshole profiteers can use it to sandwich attack traders to siphon off “market inefficiencies” or some people just want immediate front of the line inclusion in the next block.

          Presumably they exploited something in this MEV system (completely unrelated to the Ethereum protocol) that allowed them to see the pool and they shouldn’t have. Wish I knew more but everything I read was incredibly vague and misleading.

          • Kazumara@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            It’s a private MEV mempool

            Are you sure there is such a thing? My understanding was that they just submit their sandwich transactions to the mempool with higher and lower gas respectively to achieve their desired priority ranking. Could be wrong though.

            • treadful@lemmy.zip
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              I’m sure, yes. If you submit to a public mempool, you have no guarantees that your two transactions will land on either side of the target transaction in the same block (They likely won’t). You need to leverage conditional transactions with MEV so you guarantee the miner will select and position your transactions where you need them. In this case, before and after the target transaction.

              Check out the Ethereum Foundation’s page on MEV for more info.

              • Kazumara@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                1
                ·
                6 months ago

                Wow, thanks for the link. It seems things have gotten a lot more complicated with PoS. I didn’t even know about PBS. I haven’t been following along properly.

      • bartolomeo@suppo.fi
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        What’s funny is that that’s a description of MEV.

        gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victim

        I skipped “fraudulent” because neither MEV bots nor this attack can be called fraudulent imo, although MEV is definitely taking value one didn’t help create.