$25-million Ethereum transaction theft took 12 seconds


From the bbc.com story,

“The defendants’ scheme calls the very integrity of the blockchain into question,” US Attorney Damian Williams said in a statement on Wednesday, referring to the public ledger that records crypto payments.

The brothers allegedly stole from Ethereum traders by fraudulently gaining access to pending private transactions and then altering the transactions to obtain their victims’ cryptocurrency.

The process, which investigators say they referred to as “the Exploit”, took only a matter of seconds to execute.

If one is of a certain cynical bent, this comment from the US Attorney might sound like “big gummit” trying to toss cold water on cryptocurrencies threatening to overturn the power of central governments and international bankers to control the rest of us serfs via the fiat currency they can print at will.


One who actually recollects and understands the CLAIMS made by cryptocurrency advocates about the benefits of cryptocurrencies and how the “technology” of cryptocurrencies enables those benefits might stop in their tracks and give serious thought to the validity of those claims.

There is one process for “creating” (“mining” in crypto terminology) individual cryptocurrence units in the form of digital tokens that use complex cryptography calculations to “encode” the individual unit’s unique identifier (like the serial number on a $100 bill). That “mining” process is also purposely complex to act as a natural upper bound on how many new crypto coins or tokens can be “mined” in a given window of time to avoid a sudden collapse in value. Some types of cryptocurrency also impose an upper limit on how many tokens can be generated. (Bitcoin has a limit of 21 million tokens. Ethereum doesn’t have any limit…)

There’s a different process for tracking the OWNERSHIP of those tokens that’s based upon “blockchain” technologies. Instead of having ONE set of “books” (digital or physical) tracking all known coins and their current owners, cryptocurrencies use a “block chain” which is a collection of individual databases linked together by a protocol that shares transaction information to ALL members of the collection as ownership changes hands.

The claim to fame of block chain technologies is that by distributing the “ledger” across hundreds (thousands?) of copies, it becomes impossible for one bad actor to “forge” a transaction altering an existing entry. How? Every time a change is made, as the change ripples through the collection of ledgers, the change has to be accepted by a quorum of the members to take effect. If audit logic in members begins rejecting a transaction and erasing it, the bad actor has to try to get a majority of the members to accept the bad transaction before audits catch up and wipe it back to prior state. This is SUPPOSED to be very difficult for hackers to do.

By the way, this is one reason why most (all?) blockchain technologies are poorly suited for not only “micro-transactions” that might occur billions of times per day but even regular transations that occur millions of times per day. The latency in having a transaction replicate through the system and reach “accepted” state after satisfying these quorum audits is too long to be used for relatively low value transactions.

If this story above is correct, these actors identified a flaw in the block chain algorithm and protocol that allowed them to defeat the “audit quorum” logic that would normally detect and reverse their hacked transaction. If they were able to change ownership with only 12 seconds of elapsed time, they clearly found a way to bypass all of the purposely intensive calculations required to ALTER a blockchain which is NOT supposed to be possible.



The stolen Ethereum has not been recovered because ??? The scam must, somehow, permit the transfer to the thief AND then make it impossible to trace by somehow placing the stolen crypto into a wallet (or other location) with recognized validation. THAT is the destroyer of block chain. Without block chain validation, the crypto has no value because it can not be used/sold.


That’s not exactly what happened. Matt Levine has a more detailed explanation at the link below, but here’s what they did:

  1. Trades for crypto currency are public, and you can “see” them several seconds before they are executed.
  2. Trades for crypto are executed in the order that people pay “tip” fees to have their trades executed faster on a given block.
  3. So if I place a bid to buy crypto that’s higher than the current ask, someone can see that order (before it’s executed) and front-run it. They buy the crypto before me at the current price, and then sell it to me at the higher price. That’s a sandwich trade - the front runner (an MEV) prices their trades to come in before and after your bid.
  4. The MIT guys set a trap for an MEV trader. They placed a “fake” buy order for a large quantity of thinly traded crypto that they already held. The MEV came in and placed a big order to buy that crypto, planning to front-run the MIT buy order. But before the trades executed, the MIT guys changed their buy order to a sell order. Effectively, they induced the MEV guys to buy their coins at a higher price with the “bait” order that the MEV wanted to front-run.

So they didn’t change ownership of tokens - they changed a not-yet-executed order to buy tokens.


That is a key point to know (and was not stated in the article).

What did they get as payment? Other crypto? Or what?

Stablecoins - coins whose value is pegged to the US dollar.

Those should be trackable. However, if converted to cash, it could “disappear”. Lock the brothers up for 25+yrs or until the money is returned in full–whichever is LONGER.

Interesting. This actually reiterates something that became apparent in the FTX meltdown. If one accepts at face value the mathematical arguments and the “open source” derived arguments for a public block chain being able to correct some of the flaws with centrally managed fiat currencies, any time you have a big block of wealth reflected in traditional assets over HERE and another block of wealth you’d like to make much bigger over THERE, there is always a need for ancillary integrations between those two HERE and THERE universes that themselves can become the point of exploitation.

In the case of FTX, it was acting as an exchange between various cryptocurrencies and between all of those currencies and legacy “cash” currencies. It was also acting as a “market maker” for different cryptocurrencies, something the protocols themselves don’t address.
Once those type of operations are required when a market becomes large enough, that entire system is only as secure as the weakest link. FTX began fudging balances in its own records.

Here, a system handling ORDERS was manipulated to similate demand to inflate prices to create the opportunity for a front-running scheme. The “thing” that was the subject of the trade was technically immaterial. However, because the “thing” was cryptocurrency rather than something more tightly regulated like wheat futures or stocks or bonds, the system for handling the orders didn’t have the audits and transparency to detect and prevent this manipulation.


Brothers Accused of $25M Ethereum (ETH) Exploit as U.S. Reveals Fraud Charges (coindesk.com)

A pretty clear description. The MEVs don’t exactly sound like they’re interested in anything but arbitrage anyway. They’re not really the good guys.