MIT Students Stole $25 Million In Seconds By Exploiting ETH Blockchain Bug, DOJ Says

moon , 15 days ago

Wtf why is this considered illegal at all?

bbuez , 15 days ago (edited 15 days ago)

charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering

It seems that they went to great depth to make this happen

possiblylinux127 , 14 days ago

The article leaves out information. Basically they set up fake crypto exchanges and commuted fraud

General_Effort , 16 days ago (edited 14 days ago)

I'll try a simple explanation of what this is about, cause this is hilarious. It's the kind of understated humor, you get in a good british comedy.

For a payment system you must store who owns how much and how the owners transfer the currency. Easy-peasy. A simple office PC can handle that faster and cheaper than a blockchain. But what if the owner of the PC decides to manipulate the records? No problem, you just go to the police with your own records and receipts and they go to jail for fraud. Their belongings are sold off to pay you damages. That's how these things have worked since forever. It's how businesses keep track of their debts.

Just one little problem: What if the government wants your money. Maybe you don't want to pay your taxes, or some fine. Or maybe you have debts you don't want to pay, like your alimony. Perhaps the government wants to seize the proceeds from a drug deal. They can just go to the record keeper and force them to transfer currency.

This is where cryptocurrencies come to the rescue (as it were). There are different schemes. ETH (Ethereum) uses validators. The validators are paid to take care of the record-keeping. The trick is, that you have to put down ETH as a collateral (called staking) to run a validator. If you manipulate the record/blockchain, then the other validators will notice and raise the alarm. That results in you losing your collateral.

This means the validators can remain anonymous. You don't need to know their identities to punish them for fraud. You just take their crypto-money. They need to remain anonymous so that the government (or the mob) can't get to them.

This is where it gets hilarious. These 2 brothers operated fraudulent validators. The stake/the collateral didn't matter at all. The whole scheme didn't matter. It was a horrible waste of money and effort. The indictment even details how they tried to launder the crypto. That is, how they tried to transfer it, so that it couldn't be traced on the blockchain. The indictment even has the search queries they used to look up the info on how to do that.

The whole point of it all is that you supposedly do not need the government to prosecute anyone. If validators are kept honest by the threat of criminal prosecution, then you do not need the whole Proof of Stake scheme. You do not need the whole expensive overhead.

The only rational reason for crypto to exist, is to avoid laws; buying drugs and what not. I'm not judging. The hilarious fact is that the law knew everything about these guys.

It's all a sham. The one thing that crypto is supposed to do: Foil the government. And it doesn't work.

---

When people want to buy crypto on the blockchain, they put out a request so that a validator will execute that transaction and record it on the blockchain. So, while the request is waiting, a bot comes along and scans it. It may be that a purchase changes the exchange value of a currency. In that case, the bot adds 2 more transactions. First, to buy that currency before the original request, and to sell it afterward. The original request drives up the price in between the buy and sell, so that the bot makes a profit for its operator. The original request has to pay a little extra. That's where the profit comes from.

Sound shady? I hope not, because that's what the victims did.

The accused operated their own validators. At the right time, they put out their own buy request to lure in a bot. When the bot proposed the bundled transactions, their validators feigned acceptance. But then switched out the lure transaction of buying for selling.

The indictment makes a fairly good argument. It's like there is a "contract" between these automatic systems. The trading bot wants the bundled transactions to be carried out exactly so. The validator feigns agreement, but does not follow through.

Wrench , 16 days ago

That sounds a lot like what I understood how etrade platforms like Robinhood work when I was reading up on the GME shorts fiasco.

I definitely only have a surface level understanding of it, but it sounded like the stock brokers have a buffer in-between the transaction request to buy/sell, and they first try to handle that locally within their portfolio, before expanding to external trades. And if there's a favorable internal trade, brokers like Robinhood siphon out a little something something for themselves.

Sounds like people are getting busted for doing essentially the same thing Wallstreet has been doing for decades. Again.

General_Effort , 15 days ago

It reminded me of high-frequency trading.

---

Mind, the people who do that are the victims here!

I didn't explain how exactly they were harmed. It's actually kinda funny, too.

It costs virtually nothing to create crypto-tokens. So that's what people do. Do some wash trades, slip some money to influencers to hype their new token as the next big thing, then offload the whole supply and run with the money. The "investors" quickly discover that these tokens are only good for one thing: To sell to a greater fool. At that point, there are no more buyers.

The accused obtained such useless tokens. The indictment doesn't say how. I guess they simply bought it for next to nothing.

Effectively, they tricked the victims' bots into buying these tokens at face value. The victims were left with crypto supposedly worth $25 million but in reality unsellable. If this was stealing $25 million, then I wonder about the legality of selling these crypto tokens in the first place.

Eventually, all crypto is like that. Some cryptocurrencies are used as payment systems, but eventually something better must come along. Then that currency becomes unsellable. Someone must always be left holding the bag, as it is said in crypto circles.

I think they are guilty of fraud. But I do wonder: If we are to accept that leaving someone with worthless crypto is equal to stealing money, what does that mean for the legality of crypto as a whole?

n3m37h , 16 days ago

Isn't that just 'high frequency trading'?

General_Effort , 15 days ago

I thought the same thing, but mind: That's what the victims did. See my other reply going into this more.

podperson , 14 days ago

Man - that comma in the second sentence murdered my brain. Excellent synopsis though.

possiblylinux127 , 16 days ago (edited 16 days ago)

It is wrong to criminalize him. He found a bug and got a reward. Bring him in to fix the bug and to make it better. If you start scaring away people hunting for bugs and exploits for fun you will end up being exploited by a much nastier adversary

Edit: I did more research and it seems like there was some questionable actions such as creating a bunch of fake shell companies and crypto exchanges. This wasn't a "bug" as the title is clickbait.

vrighter , 16 days ago

not stole. Were given.

If code is law, then they just found the right way to ask. And the code gave the money to them, because they asked nicely.

possiblylinux127 , 16 days ago

Code isn't law. The article above does a bad job of explaining it and makes it sound like it was just a weekend bug find. It wasn't a bug, it was them setting up a bunch of fake entities misdirect funds.

https://arstechnica.com/tech-policy/2024/05/sophisticated-25m-ethereum-heist-took-about-12-seconds-doj-says/

KillingTimeItself , 16 days ago

incoming JSTOR replay in the courts, here we go!

LodeMike , 16 days ago

Context?

P1nkman , 16 days ago

https://www.theverge.com/2013/1/13/3873490/aaron-swartz-his-death-and-legacy

KillingTimeItself , 16 days ago

funny internet man aaron swartz stole a bunch of shit from JSTOR and was planning to release it to the public, because fuck privatized research and materials or something.

The US government was like "fuck this guy, actually get rid of him" and then he killed himself.

Etterra , 16 days ago

It's a victimless crime really.

A_Random_Idiot , 16 days ago

Its all imagination and pixie dust anyway.

Like trying to arrest someone for theft cause they took a jar of sand home, and some delusional lunatic goes "OMG YOU CANT TAKE THAT, THATS MONEY, EACH GRAIN IS WORTH 80,000 DOLLARS!"

hark , 17 days ago

This is a prime example of why the "code is law" selling point for smart contracts is a disaster waiting to happen. Proponents claim you won't need lawyers, arbitrators, courts, etc, but in reality you'll need all those and on top of that programmers to write and verify smart contracts.

mPony , 16 days ago

"code is law" can become "might makes right" without oversight.
Those who lobby against oversight are a problem.

Imgonnatrythis , 17 days ago

Whoa. A slashdot link? Remember when that wasn't a cesspool, but it's been awhile. For an ars technica summary this was extremely disappointing with regards to details.

My only take away here is that we really should make H.E.B (highly educated brothers) a part of the vernacular.

CosmicTurtle0 , 17 days ago

I'm honestly very surprised that site is still around. Like digg.

PlantJam , 17 days ago

Sorry, the term HEB is already taken by Texas groceries.

thesmokingman , 16 days ago

And if you didn’t know it was for “Howard E Butt” now you know and can enjoy them even more.

I fucking miss HEB.

dogslayeggs , 17 days ago

Remember when the slashdot effect was a thing that mattered?

possiblylinux127 , 16 days ago

https://arstechnica.com/tech-policy/2024/05/sophisticated-25m-ethereum-heist-took-about-12-seconds-doj-says/

Frog-Brawler , 17 days ago

Yea, we wouldn’t want anyone doing anything illegal with crypto… 🙄

shortwavesurfer , 17 days ago

We also wouldnt want anyone doing anything illegal with dollars, euros, yen, etc. Crypto is money and all money will be used for illegal things

Ibaudia , 17 days ago

True, but Crypto has been awash with scams from its inception. Blockchain inherently rewards those who engage with it deceptively since access to tokens = ownership, there are no take backsies, 0 consumer protections, and it's global.

shortwavesurfer , 17 days ago

The same things that make it like that make it good money. If i hand you a $100 bill i cant get it back without either asking you or force. With today's payment methods i can just call the bank crying that i never did that transaction and fuck you over. Deceptive auto renewing memberships like gyms and other things dont work either because crypto like cash is a push payment instead of a pull payment. I cant just take your money whenever i damn well feel like it you have to actively give it to me.

Edit: it also truely makes it "your money". A government goon can call up your bank any time and have your account frozen or drained because money in the bank is a conditional IOU subject to revocation at any time for any reason with no explaination to you required.

best_username_ever , 17 days ago

Your solution is to blame people who make mistakes, and reward companies who scam them. Real money is backed by governments and a justice system. The alternative is anarchy, and bitcoins show it really well.

shortwavesurfer , 17 days ago

Yeah, we are going to have to agree to disagree there. What you call real money backed by the government and justice systems has always failed eventually. Because people manipulate it for personal gain. I wish you good luck manipulating Bitcoin since it hasn't happened in the 14 years it's existed. Lots have tried, all have failed.

Ibaudia , 17 days ago

Never! Except with early pump-and-dumps, whale manipulation, spoofing, wash trading, Mt. Gox, or what's happening with Tether.

But besides all that stuff creating massively disruptive volatility on a slow as shit network, what's not to love?

shortwavesurfer , 17 days ago

Exactly, companies and services have scammed users, but the core protocol is as good or better today than it was in 2010 and it has not been hacked. Trust me, many people would be extatic to see it happen. The fundamentals are rock solid.

Ibaudia , 17 days ago (edited 17 days ago)

My point is that its lack of regulation and decentralization makes it more vulnerable to the types of attacks that actually matter, namely market manipulation, fraud, and scams targeting specific accounts through social engineering. Those are already the biggest problems with FIAT, and crypto just intensifies them by removing existing protections.

Ibaudia , 17 days ago

If I took $100 cash from you under false pretense, it would be a crime and I would be prosecuted for it. I would also have to expose myself by interacting with you. If I trick you with a fake login page and steal all your shit from your crypto wallet, then according to the blockchain that's just fine, and I can do it completely anonymously from the other side of the planet with 0 hope for anyone to do anything about it. I had access to the tokens, so I can do anything I want with them and no one can stop me, reverse it, or even find me. That's the issue.

Every crypto bro I've talked to has said some version of "well don't get scammed then", which is such a fucking stupid and asinine answer. Every financial system has consumer protections except for crypto because they are 100% necessary for normal people to survive.

qwerty , 16 days ago

Scammers have been doing that with cash, PayPal, gift cards and even regular bank transfers that are supposedly so safe.

Crypto transactions being irreversible are no different than cash or gold transactions, you can't magically revert giving someone cash once you realize they scammed you. Only thing you can do is report it to the police. Crypto works the same way, but for transparent coins like btc, or eth you at least have a proof that a transaction took place unlike cash.

Ibaudia , 16 days ago

Yes, exactly my point. It's way harder to scam with physical stores of value like cash, because there aren't layers of obfuscation like there can be with digital stores of value. That is why scamming is so much less common in meatspace compared to crypto, where every single interaction, even with a vendor or exchange, is a potential landmine you have to be cognizant of.

With PayPal or bank transactions, those can be reversed and there are regulatory bodies to ensure consumer protections. Even with physical stores like cash, it is much easier to track someone and prosecute for illegal activity since they can't hide behind crypto wallets.

Every store of value has some form consumer protections and systems of accountability except for crypto, and as such scammers are empowered by it.

rudyharrelson , 16 days ago

I'm curious if you would prefer crypto disappear entirely, or if you would prefer it be properly regulated so it has all the same, or greater, protections so that it can be part of the economy without being as risky for consumers.

I can only assume the early internet had little to no consumer protections on purchases (compared to the protections they have today, that is), but I could be wrong on that. Laws and regulations tend to always lag behind technology.

I like the idea of taking power away from big banks. Crypto is no silver bullet, but I'd like to think it could get there one day. But since capitalism always protects itself, I doubt any wealthy lobbies are going to be asking congress to pass common sense regulation for a currency that takes power away from institutional banks.

Ibaudia , 16 days ago

I would prefer for crypto to be gone. Based on my understanding of blockchain, I don't see how it can be used as currency ever. Blockchains can be extremely useful, just not as currency.

The only thing you can really do about stolen tokens is have some authority de-list them and re-issue new token to the victim. That's hardly a solution. It also extremely centralizes control, which runs antithetical to the purported benefits of crypto.

Crypto also doesn't take power away from institutions. If institutions were to leverage their power in the space, they would become just as, if not more powerful than they are currently, assuming a mass-adoption scenario. The inflexibility of crypto always works to the advantage of those setting the rules.

Crypto is also incredibly power inefficient. Even with proof-of-stake instead of proof-of-work, it is still factors less efficient than normal FIAT transactions, and as of yet I see no solution to that. One may pop up in some hypothetical future, but I have no faith in that.

Additionally, crypto will also always reward those who engage with it disingenuously, as it is not linked to one's real identity and, again, is inflexible and impossible to truly regulate. In a mass-adoption scenario, scammers would become enormously more successful.

Most importantly, crypto is a digital asset whose store of value is implicitly tied to the belief that it can be sold for FIAT. It is almost exclusively a speculative vehicle, and always had been since its inception. Actual crypto purchases are disincentivized by how slow, inefficient, unwieldy, and volatile it is. Not to mention high transaction fees for the most popular coins. It is also deflationary, meaning one is disincentivized from spending it, which is extremely bad for the economy in a mass-adoption scenario. Gentle inflation is one of the core principles underpinning our economy. Having currency also be an asset that appreciates in value is objectively a bad thing.

I feel like I could keep going for a while but hopefully you at least understand why I feel this way now lol.

rudyharrelson , 16 days ago

I would prefer for crypto to be gone. Based on my understanding of blockchain, I don’t see how it can be used as currency ever. Blockchains can be extremely useful, just not as currency.

Hm, my understanding was that blockchain was the technology that handles the distributed ledger rather than the currency itself. Blockchain seems useful to a point in this realm, but is, like we both know, extremely energy inefficient and unsustainable.

The only thing you can really do about stolen tokens is have some authority de-list them and re-issue new token to the victim. That’s hardly a solution. It also extremely centralizes control, which runs antithetical to the purported benefits of crypto.

No arguments here. Though I think there could be better solutions out aside from using some centralized authority to delist stolen tokens. Blacklisting certain wallet IDs could be a crowd-sourced project, much like how blocklists for adblockers are largely community-driven.

Crypto also doesn’t take power away from institutions. [...]

Gotta disagree with "crypto doesn't take power away from institutions". Exactly as you said, if institutions leverage their pre-existing power in the crypto space, it becomes centralized because a small pool of wealthy players control the majority of the currency. The currency itself is not centralized, but it can be exploited by bad actors who wish to manipulate its value (or just profit off of it, either way). If existing institutions weren't using their massively accumulated wealth to affect the crypto space, they would be losing power over the people who decided to avail themselves of it and bypass conventional banks. I consider this a weakness in cryptocurrency that needs to be addressed, but is this weakness any different from any other currency?

Crypto is also incredibly power inefficient. Even with proof-of-stake instead of proof-of-work, it is still factors less efficient than normal FIAT transactions, and as of yet I see no solution to that. One may pop up in some hypothetical future, but I have no faith in that.

Zero arguments from me. It's an environmental disaster.

Additionally, crypto will also always reward those who engage with it disingenuously, as it is not linked to one’s real identity and, again, is inflexible and impossible to truly regulate. In a mass-adoption scenario, scammers would become enormously more successful.

Depends on how you intereact with crypto. In the US, most states require crypto brokers to verify the identity of those trading on their platforms. No different from opening a checking account with a bank. Sure, one could get into crypto anonymously but it's considerably harder. Some crypto ATMs exist, but I think virtually all of them have cameras and require you to show photo ID to use them (at least in the US).

Most importantly, crypto is a digital asset whose store of value is implicitly tied to the belief that it can be sold for FIAT. It is almost exclusively a speculative vehicle, and always had been since its inception. Actual crypto purchases are disincentivized by how slow, inefficient, unwieldy, and volatile it is. Not to mention high transaction fees for the most popular coins. It is also deflationary, meaning one is disincentivized from spending it, which is extremely bad for the economy in a mass-adoption scenario. Gentle inflation is one of the core principles underpinning our economy. Having currency also be an asset that appreciates in value is objectively a bad thing.

I disagree that it's been a speculative vehicle since its inception. It's undeniably a speculative investment now, and has been for years, but when it first started out, it was basically worthless and adopted by a handful of businesses who were understandably pissed off after the 2008 market crash. People naturally speculated as to whether or not it would take off, and I think it's unfortunate that it became a speculative investment by those who weren't really interested in its use as a currency.

I'm no economist, but I don't see much difference between "crypto's value is implicitly tied to the belief that it can be sold for FIAT" and "FIAT's value is implicitly tied to the belief that the issuing government values it"

I feel like I could keep going for a while but hopefully you at least understand why I feel this way now lol.

Oh believe me, none of this is news to me. I just wanted to see what you thought. I've found the cryptocurrency conversation interesting as the years have passed and enjoy asking people for their thoughts when they appear to be engaging in good faith. Most people I see are very unpleasantly hardline for or against crypto and don't care to take time to discuss any of the nuance.

qwerty , 16 days ago

How is it harder to scam with cash? You come to my store to buy something, you hand me the bill, I take it and don't give you anything in return. Even if you call the police it's my word against yours, how will you prove that I took your money?

Most scams are done irl with FIAT (fake bills, overpriced cooking pots, fake tech support, palm reading, IRS google play cards, nigerian princes, fake e-bay items, fake charge-backs for real e-bay items, uber ride cancels, uncancellable memberships, hidden costs...) at the end of the day you can't protect everyone from everything, especially from their own gullibility. The design of crypto, when used properly, prevents all of the non-gullibility based scam types (chargebacks, cancels, hidden costs, automatic deductions etc.). For some people complete control over their money is a plus and some prefere to have it handled by banks and governments, maybe crypto just wasn't made for the latter.

Ibaudia , 16 days ago

You come to my store to buy something, you hand me the bill, I take it and don't give you anything in return.

Video cameras. Also the shopkeep develops a reputation and is easily identifiable.

Most scams are done irl with FIAT,

Technically the truth, but a MUCH larger percentage of the crypto ecosystem is devoted to scams. I don't think that is just "growing pains", the design of crypto, again, incentivizes this behavior because it gives victims no recourse.

at the end of the day you can't protect everyone from everything, especially from their own gullibility.

Yes, but gullibility is the #1 problem and again, crypto has no safeguards or recourse.

For some people complete control over their money is a plus

Control but only within the system and ruleset that is made by those who control the chain. If institutions leverage their power in the space in a mass-adoption scenario, then they will be the ones making these rules and controlling what you can do, and the rigidity of crypto's rules advantage them in that case, no the consumer.

qwerty , 16 days ago

I don't have cameras in my store and i doubt you walk around with a gopro strapt to your forehead. Crypto stores develop reputation as well.

On what are you basing the opinion that MUCH larger percentage of the crypto ecosystem is devoted to scams? Legal action is the only recourse you have with cash, the same can be done with crypto. If design of crypto incentives scams then so does the design of cash.

Yes, but gullibility is the #1 problem and again, crypto has no safeguards or recourse.

Neither does cash, gift cards and all of the methods Nigerian princes and certified Microsoft technicians from IRS have been successfully using for years to scam their victims.

The whole point of making the system decentralized is so that a powerful actor can't seize control over it. There are hundreds of chains with different rules and regulations, you can chose the one that fits your needs, and if a powerful actor tries to change it's rules the community can decide that the version of the chain with altered rules isn't one they want to take part in and split off. It has happened before with block size wars that resulted in btc/bch split. Both chains run fine to this day, each with their own rules decided by their own community.

Sethayy , 17 days ago

Honestly if I get scammed I don't have the time nor money to fight it, sounds like mostly protection for those at the top

Ibaudia , 17 days ago

If you get scammed using FIAT you can just call your bank and they can issue a chargeback through the card provider, especially if it's credit.

qwerty , 16 days ago

And that never happened with fiat, everyone knows thoes wild west snake oil salesman were using bitcoin.

Ibaudia , 16 days ago

There will always be scammers, my point is just that Bitcoin empowers them. Scammers and fraudsters have many more tools through Bitcoin than they would with FIAT, and they are more likely to succeed and thrive.

Shurimal , 17 days ago

Nice! Too bad they got caught, though.

No sympathy for cryptobros and trading bots.

shrugal , 17 days ago

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

treadful , 17 days ago

Frustratingly vague for a Slashdot write-up.

“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office.

Good to know the prosecutors have an understanding of what they're prosecuting... Not even a single mention of MEV in the DoJ press release.

bartolomeo , 17 days ago

What's funny is that that's a description of MEV.

gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victim

I skipped "fraudulent" because neither MEV bots nor this attack can be called fraudulent imo, although MEV is definitely taking value one didn't help create.

Kazumara , 16 days ago

by fraudulently gaining access to pending transactions

That makes no sense to me. The mempool is public, everyone can see pending transactions.

treadful , 16 days ago

Because it's not the public mempool. It's a private MEV mempool that people pay to add their transactions to for special priority or conditional inclusion. For instance, asshole profiteers can use it to sandwich attack traders to siphon off "market inefficiencies" or some people just want immediate front of the line inclusion in the next block.

Presumably they exploited something in this MEV system (completely unrelated to the Ethereum protocol) that allowed them to see the pool and they shouldn't have. Wish I knew more but everything I read was incredibly vague and misleading.

Kazumara , 16 days ago

It’s a private MEV mempool

Are you sure there is such a thing? My understanding was that they just submit their sandwich transactions to the mempool with higher and lower gas respectively to achieve their desired priority ranking. Could be wrong though.

treadful , 15 days ago

I'm sure, yes. If you submit to a public mempool, you have no guarantees that your two transactions will land on either side of the target transaction in the same block (They likely won't). You need to leverage conditional transactions with MEV so you guarantee the miner will select and position your transactions where you need them. In this case, before and after the target transaction.

Check out the Ethereum Foundation's page on MEV for more info.

Kazumara , 15 days ago

Wow, thanks for the link. It seems things have gotten a lot more complicated with PoS. I didn't even know about PBS. I haven't been following along properly.

survirtual , 17 days ago

So they discovered faulty code and made some money?

Can anyone explain to me how this is illegal?

The code is a contract. If someone writes bad code and loses money, then write better code - just like if someone writes a bad legal contract and loses money.

The justice system is awful.

shrugal , 17 days ago (edited 17 days ago)

IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.

Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.

survirtual , 17 days ago

Hacking a private corporate system, which is generally on closed nets and requires an internal actor / phishing, is significantly different from exploiting a code fault on a public network.

Trustless systems rely on mathematics to secure their networks. This is both the revolution of them and the risk. If you build a system of value and it is on a public network, and you fail to properly secure it, that is supposed to be the risk. You lose money, hopefully go bankrupt / lose credibility, and a more efficient actor eats your lunch.

Treating it like a traditional system with these unspoken legal safeguards when it uses a public blockchain and public network is absurd.

shrugal , 17 days ago

What's absurd is this crypto maximalist take.

You can't just make up your own permission and punishment system, and then expect the legal system to just step aside and let it handle all disputes, especially when it comes to fraud. That's like founding your own city in an existing country, and declaring all existing law obsolete. I know some people think this is a real possibility, but the real world doesn't work like that.

survirtual , 16 days ago

The "real" world works however the people want it to.

As it stands, it works with laws that protect the rich and elite with superior rights.

Someday, maybe the people will decide on a more equitable system. Nature and mathematics might be heavy contributors to that system.

blargerer , 17 days ago

This is like saying they discovered how to pick a lock so deserve everything in whats locked by it.

survirtual , 17 days ago

No.

It is more like finding a gold mine on public BLM land. It is over treacherous mountains only experienced climbers can access. There are no signs or doors saying it is licensed to anyone; indeed, it isn't officially registered with BLM. So the climbers go in and take as many gold nuggets as they can carry.

Unbeknownst to them, it was a mine discovered by rich and connected people who have cronies in BLM. Rangers go and arrest the climbers and say that you aren't allowed to climb, climbing is illegal, and taking gold from that mine is illegal because someone else found it and dug it, even though they didn't properly secure it nor did they put up any signs. They assumed the mountain was enough protection.

This is closer to the situation.

technocrit , 17 days ago

Imagine believing that regular people have any rights whatsoever to "public" land.

survirtual , 16 days ago

Do you know how BLM land works?

If you find a valuable resource on it, you can register it and you get exclusive access to mine it.

Look it up.

maryjayjay , 16 days ago

My boss bought a mining claim west of Fort Collins. I can confirm you are correct.

possiblylinux127 , 16 days ago

The didn't pick the lock, they created bunch of fake exchanges.

yetAnotherUser , 17 days ago

You withdraw cash at an ATM but the software has faulty code which causes your balance to remain the same after withdrawing any amount.

You notice this and then empty the entire ATM this way, making $200,000. I'm sure once you explain to the jury that the ATM just gave you a bad contract, they will acquit you.

General_Effort , 16 days ago

No one ever said ATM-code is law. Ethereum code is supposed to be. Code is law is one of their slogans.

Everything that a blockchain does could be handled by a single office computer. The whole reason for the huge, expensive over-head is to put crypto beyond the law. Stuff like this exposes the whole, huge waste of human effort.

possiblylinux127 , 16 days ago

It isn't above law.

qwerty , 16 days ago

Code is the law of the blockchain, his transaction wasn't reverted, he got caught irl. It's like saying constitution isn't law because laws of physics don't prevent murder.

Cypher , 16 days ago

A bartender in Australia did essentially just that but to the tune of $1.6 million AUD.

https://www.businessinsider.com/australian-bartender-withdraws-over-million-dollars-atm-glitch-vice-podcast-2020-4?op=1

possiblylinux127 , 16 days ago

They created a bunch of fake shell companies in foreign companies and were preparing to flee the US

Blackmist , 16 days ago

Doesn't sound a huge deal different to High Frequency Trading, and Wall Street nobheads fall over themselves to exploit that.

pedroapero , 14 days ago

Sounds to me that the difference is they exploited a bug to get private information in order to game the bots.

bartolomeo , 17 days ago

Let them eat MEV bot operators.

walter_wiggles , 17 days ago

Lesson learned: always use your girlfriend's browser to look up how to do crime.

ivanafterall , 17 days ago

You'd think these guys would know how to open a private Firefox tab.

possiblylinux127 , 16 days ago

More likely they should know who to use Tor

ShittyBeatlesFCPres , 17 days ago

US Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question."

If that’s actually true, they should be given a sentence of time served and a job writing useful software.

Kyrgizion , 17 days ago

More likely they'll get the Mitnick treatment.

shrugal , 17 days ago

It's not. They tricked some MEV-Boost bots into doing bad trades.

assassin_aragorn , 16 days ago

Still highlights a vulnerability doesn't it? The system is only as secure as the most vulnerable piece.

shrugal , 15 days ago

No, it really doesn't. That's like creating a bot that buys and sells company shares automatically, and saying the stock exchange has a vulnerability because your bot makes bad decisions.

possiblylinux127 , 16 days ago

They are good at fraud

0nekoneko7 OP , 17 days ago

"Each brother faces "a maximum penalty of 20 years in prison for each count," the DOJ said." 😬 They will be going in for a long time.

Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office, said that investigators "simply followed the money." 🔎💸

Miaou , 17 days ago

Should have stolen taxpayer's money instead, silly them

cybersandwich , 17 days ago

Or raped someone.
.how the fuck is this more prison time than much more serious crimes.

Presumably they can claw back some of the money too

Evil_incarnate , 17 days ago

The people with money make the laws. They want to protect their money above all else, so crimes against their money are punished more harshly than others. Note this doesn't happen when people with money steal from poor people en masse.

technocrit , 17 days ago

TBH the system barely even prosecutes sexual assault. It's probably more likely to be raped by a cop than be helped in a rape prosecution.