Brothers arrested: 25 million USD stolen on the Ethereum blockchain in 12 seconds
3 min readIn a groundbreaking case believed to be the first of its kind, two brothers, both graduates of the prestigious Massachusetts Institute of Technology (MIT), have been arrested and charged with exploiting a security flaw on the Ethereum blockchain. Their alleged actions led to a massive theft of 25 million USD in 12 seconds. Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, are charged with fraud and money laundering.
A well-planned exploitation of the Ethereum blockchain by the two brothers
Two Brothers Arrested for Attacking Ethereum Blockchain and Stealing $25M in Cryptocurrency
đ: https://t.co/rY4No6YUrm pic.twitter.com/2Mlb3zIdpo
— U.S. Department of Justice (@TheJusticeDept) May 15, 2024
Federal prosecutors in Manhattan filed the charges, describing the plan as meticulously planned and executed with the precision of a high-stakes digital heist.
“The brothers, who studied computer science and mathematics at one of the world’s most prestigious universities, are alleged to have used their specialized skills and training to manipulate the protocols relied on by millions of Ethereum users around the world,” said Damian Williams, U.S. Attorney for the Southern District of New York.
The Peraire-Bueno brothers were arrested Tuesday, with Anton taken into custody in Boston and James in New York. They are expected to appear in federal court Wednesday afternoon. The brothers’ lawyers have not yet commented on the charges.
According to the U.S. Department of Justice, the brothers set up validators on the Ethereum network to help order transactions and facilitate profitable trades through bots. However, they allegedly used their validators to deceive traders and gain access to pending transactions. This manipulation allowed them to alter the flow of electronic currency and effectively steal the cryptocurrency. They then moved the stolen funds through complex transactions to conceal their origin.
Over several months, the brothers meticulously planned their operation, studying the trading patterns of Ethereum bots and established shell companies and seeking out cryptocurrency exchanges with lax Know Your Customer (KYC) procedures to launder their illicit profits.
Their thoroughness even went so far that they researched extradition proceedings, which underlines the thoroughness of their preparation.
Stolen funds increase this year
The heist is just the tip of the iceberg of ill-gotten cryptocurrency in recent years. The United Nations sanctions monitors recently reported that North Korea laundered 147.5 million USD in stolen cryptocurrency through the Tornado Cash platform in March alone. A confidential document submitted to the UN Security Council sanctions committee reveals that North Korean suspects are linked to 97 cyberattacks on crypto firms over the past seven years, totaling approximately 3.6 billion UDS.
According to PeckShield, around 100 million USD in stolen cryptocurrency funds were successfully recovered in March, representing 52.8% of the total hacked amount. Despite initial losses of 187.29 million USD in over 30 hacking incidents, the Munchables incident was particularly notable.
After negotiations, the hacker returned the stolen funds, significantly contributing to the recovered amount. Meanwhile, a recent 71 million USD wallet impersonation scam resulted in an investor transferring 97% of his assets to a decoy wallet address. The hacker quickly converted the stolen Wrapped Bitcoin (WBTC) into about 23,000 ETH and after six days began distributing the funds across multiple wallets.
In the first quarter of 2024, total losses from hacking attacks and fraudulent activities were approximately 336.3 million USD, down from 437.5 million USD in the same period of 2023. There were 46 hacking incidents and 15 cases of fraudulent activities in the quarter.
Ethereum was the most attacked blockchain, followed by the BNB Chain, with both networks accounting for 73% of the total losses. The most notable incidents included the 81.7 million USD Orbit Bridging attack and the 62 million USD Munchables hack, with seven attacks recovering 73.9 million USD (22%). Hacking incidents accounted for 95.6% of the losses, while fraud and rip-offs accounted for 4.4%.
Crypto exchanges with the lowest fees 2024