top of page
  • L Misthos and S Pettigrove

Popular Ethereum trading tactic targeted by US DOJ

The US Department of Justice (DoJ) has turned its attention to popular MEV trading tactics unsealing an indictment against brothers, Anton and James Peraire-Beuno, who face up to 20 years in prison over an “MEV attack” on the Ethereum blockchain that netted the pair USD$25 million worth of cryptocurrency.

In the indictment unsealed by the DoJ, the brothers have been charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering after their 12-second attack took advantage of normal trading practices.

MEV, or maximal extractable value, is a software used by a majority of Ethereum validators to verify transactions on the Ethereum blockchain. Validators can use the MEV system to see transactions before they are officially verified and added to the blockchain. Traders can leverage this information to prioritise transactions with higher fees and inserting their own transactions ahead of others such that it affects the market price of the asset and gaining value from buying or selling based on the price movement. Some compare the practice to front running in traditional markets.

The process works as follows:

  • Transactions are submitted by Ethereum users which are added to a "mempool", a digital area where transactions sit briefly before being validated and added to a block in the chain;

  • Bots set up through the MEV (called "Searchers") access the mempool and assess which transactions could result in profitable trades;

  • In order to bundle the potentially profitable transactions together, the Searchers validate a target transaction, a signed transaction before the target transaction, and a signed transaction after the target transaction;

  • The Searches employ a range of tactics, for example rearranging certain transactions to make a trading profit;

  • The transactions are then verified by Ethereum validators and become part of the irreversible blockchain.

The whole process usually takes a few seconds and enables MEV Searchers to benefit from transactions at the expense of Ethereum users.

The Ethereum community more or less accepts these practices, due to the difficultly in eradicating it and where the profits are relatively insignificant. However, the Peraire-Bueno brothers alleged exploit went far beyond what many in the community consider to be reasonable.

In order to effect the attack, the brothers allegedly targeted the MEV Searchers when they sought to validate the three transactions (being the target, before signed and after signed transactions). The DoJ allege the brothers set up validators designed to entice the MEV Searchers into honeypot transactions, and using 'false signatures' were able to receive the full content of the proposed block, including private transaction information.

The attack has raised a number of questions in the Ethereum, and broader crypto communities. Namely, it has re-enlivened the "code is law" discussion, where one side believe stealing is stealing irrespective of how it comes about, and the other side contend that if the code allows an exploit, then the practice is acceptable at law.

The debate also made rounds when the DOJ indicted Avraham Eisenberg who drained USD$110 million from Mango Markets by exploiting the perpetual futures market. In that instance, Eisenberg bought perpetual futures referencing Mango's governance token, before initiating a large volume of buy orders on multiple crypto exchanges, resulting in a price increase which he cashed in on without proceeding with the buy orders.

For the two brothers, however, prominent community members (for example MetaMask's lead product manager Taylor Monahan) believe this particular exploit crossed the line of what is generally allowed.

In its press release, the DoJ claimed the attack "exploited the very integrity of the Ethereum blockchain", a statement that lends itself to the overarching sentiment by the DoJ that blockchains are inherently vulnerable.

Crypto community members, specifically those who are in tune with the Ethereum ecosystem, quickly recognised the attack for what it was, which is an exploit of a bug in the code, something made technically possible by the Ethereum code. As it was happening, X user "Mudit Gupta" laid out (in code) how the attack works:

With the brothers now facing up to 20 years in prison, the US Courts look likely to decide their fate and the boundaries of fraud and legitimate arbitrage activity in the context of blockchain validator networks and MEV trading.

By Michael Bacina, Steven Pettigrove and Luke Misthos


bottom of page