Two MIT graduates arrested for stealing $40 million worth of cryptocurrency in just 12 seconds, suspected of hacking blockchain transaction processes



The U.S. Department of Justice announced that it had indicted two men in their 20s for illegally obtaining $25 million (approximately 3.8 billion yen) worth of the virtual currency Ethereum. According to the indictment, the two men are graduates of the Massachusetts Institute of Technology (MIT) and have advanced knowledge of virtual currencies, and they successfully obtained the Ethereum by illegally accessing the blockchain transaction process.

Office of Public Affairs | Two Brothers Arrested for Attacking Ethereum Blockchain and Stealing $25M in Cryptocurrency | United States Department of Justice

https://www.justice.gov/opa/pr/two-brothers-arrested-attacking-ethereum-blockchain-and-stealing-25m-cryptocurrency

Southern District of New York | Two Brothers Arrested For Attacking The Ethereum Blockchain And Stealing $25 Million In Cryptocurrency | United States Department of Justice
https://www.justice.gov/usao-sdny/pr/two-brothers-arrested-attacking-ethereum-blockchain-and-stealing-25-million

DOJ charges MIT brothers with $25 million crypto theft
https://www.cnbc.com/2024/05/15/feds-charge-brothers-in-25-million-cryptocurrency-heist-that-took-12-seconds.html

The suspects arrested were Anton Peraire-Bueno, a resident of Boston, and James Peraire-Bueno, a resident of New York. The two are the sons of MIT aeronautics and astronautics professor Jaime Peraire. The older brother, James, graduated with a master's degree in aeronautics and astronautics from MIT in June 2021, while the younger brother, Anton, just graduated with a bachelor's degree in computer science and engineering from MIT in February 2024. In addition, Anton has a history of working as a cryptocurrency research intern for several months at Polychain Capital, a cryptocurrency venture, in 2021.

The method used by the suspects was to illegally access pending private transactions in the brief time it takes for Ethereum transactions to be added to the blockchain. The suspects had already set up validators that verify the validity of transaction data, and used them to interfere with the verification process of private transactions.

The suspects then exploited a vulnerability in the block construction process and rearranged the blocks before they were added to the blockchain in a way that was favorable to them, which allowed them to redirect the virtual currency to an address under their control.



According to the indictment, the suspects obtained $25 million worth of Ethereum in just 12 seconds. The victims reportedly realized the fraud and asked the suspects to return the money, but the suspects refused. They also concealed the stolen cryptocurrency by using overseas cryptocurrency exchanges that had poor identity verification procedures. According to the indictment, $3 million of the stolen cryptocurrency was frozen, but the rest had already been exchanged for stablecoins pegged to the US dollar.

The suspects were arrested and indicted on May 14, 2024, on charges of wire fraud, wire fraud conspiracy and money laundering conspiracy. If convicted, each faces up to 20 years in prison for each charge.

'We're in shock. We don't even know what's going on,' Professor Perreille, the father of the suspects, told CNBC, declining to comment further.

The U.S. Securities and Exchange Commission (SEC) is considering reviewing exchange-traded funds (ETFs) linked to the prices of virtual currencies such as Ethereum and Bitcoin, and is scheduled to announce whether to approve or reject them in late May 2024. CNBC analyzed that this incident has increased concerns about the reliability of the virtual currency market, making it more likely that SCE will reject the Ethereum ETF.

in Web Service,   Security, Posted by log1i_yk