On May 15th, the United States Department of Justice (DOJ) filed charges against Anton and James Peraire-Bueno, accusing them of orchestrating an attack on the Ethereum network that resulted in the transfer of $25 million from maximal extractable value (MEV) bots to the defendants. The indictment alleges that the brothers manipulated the ordering of blocks through their Ethereum validators, engaging in wire fraud. The charges have sparked a debate within the crypto community, with some arguing that the MEV bots were attempting to deceive the brothers and thus the defendants should not be considered victims. Others believe that the brothers were wrong to exploit a flaw in the code. Some have also expressed concerns that this case could set a precedent for the regulation of Ethereum. The technical nature of the case has further fueled the controversy, as terms like “MEV,” “searchers,” “relays,” and “sandwich attacks” are being discussed without full understanding from all Ethereum users. The following provides an explanation of how the brothers allegedly carried out their attack.
Maximal extractable value (MEV) refers to the maximum value that can be extracted from a block of transactions based on their order. Some trades are more advantageous if they are executed in a specific order. For example, a trader who wants to buy a large amount of Ether (ETH) at a low price would not want another trader to buy it first, as it could drive up the price. In some cases, traders may choose not to trade at all if they can’t have priority.
Under normal circumstances, when a user posts an Ethereum transaction, it goes to the network’s memory pool, where it is stored until it is either canceled or confirmed and added to the blockchain. Any device on the network can view the contents of the mempool, which means that another trader can potentially copy a trade and execute it first. This practice is known as “front-running.”
If a trader can front-run a trade, they can profit from a “sandwich attack.” This involves buying an asset to increase its price before another trader’s transaction is executed, and then selling the asset at a higher price after the transaction is completed. To prevent sandwich attacks, most decentralized exchanges submit transactions directly to a whitelist of block-builders, bypassing the mempool. However, some traders still submit their transactions to the mempool, making them susceptible to sandwich attacks.
If a user submits a trade to the mempool, other users, typically bots, will compete to execute a sandwich attack on the original user. The bot that pays the highest gas fee to the validators will have their transaction executed first. However, the attack will only be profitable if the gas fee paid is less than the profit from the attack. The maximum amount of gas a user should be willing to pay for an arbitrage opportunity is called the “MEV.”
MEV not only refers to sandwich attacks or front-runs but also includes other arbitrage opportunities that arise from the order of transactions. However, the Peraire-Bueno case specifically involves bots attempting to perform a sandwich attack, so the other types of MEV are not relevant.
To understand the allegations made in the indictment, it is important to consider how the MEV ecosystem functions today. In the early days of Ethereum, individual firms ran MEV bots that also served as validator nodes. This led to intense competition and reduced profits. However, most nodes now use the Flashbots system, which allows bots to hide their profitable arbitrages until their transactions are added to the blockchain. Flashbots also enables traders to hide their own trades to defend against sandwich attacks.
In the Flashbots system, some computers act as “searchers” and scan the blockchain for arbitrage opportunities using proprietary code. Once they find profitable transactions, they bundle them and send them to “builder” computers. The builder computers collect bundles from searchers and transactions from traders who want to bypass the mempool. These bundles and additional transactions are then sent to relays, which use them to create a proposed block.
The relays offer a gas fee to validators in exchange for a commitment to confirm their block. They aim to propose a high enough gas fee to ensure their block is published but not so high that the individual trades become unprofitable. If a validator wants to publish a relay’s block, it responds with a signature committing to confirming the block. Only after the signature is transmitted does the relay reveal the transactions within the block, which is then added to the blockchain.
The Peraire-Bueno brothers are accused of exploiting this Flashbots MEV system by tricking it into believing that a profitable arbitrage existed. They allegedly transferred $25 million to themselves by creating Ethereum validator nodes and publishing “bait” transactions that appeared to be lucrative MEV opportunities. They tested these transactions to ensure they would be included in a relay’s block. Once they were confident, they waited for one of their validator nodes to be chosen as a block producer and published “lure” transactions that they wanted included in a block. These transactions were ultimately included in a relay’s block, which the brothers confirmed with a fake signature. Due to a flaw in the cryptographic system, the relay accepted the fake signature, and the block was confirmed by other validators.
In the original block proposed by the relay, searchers bought illiquid tokens using stablecoins, driving up their prices. The brothers then purchased the same tokens at a higher price, resulting in stablecoins being transferred into the exchange’s liquidity pool. The searchers sold the tokens they had purchased, draining the pool of stablecoins. Finally, the brothers sold their tokens into the drained pool, receiving much less than they paid originally. In essence, the original block executed a sandwich attack against the brothers.
However, the reordered block executed a different scenario. In this block, the brothers bought the tokens first, increasing their prices. The searchers then purchased more tokens, draining them from the pool and replacing them with stablecoins. After the searchers made their purchase, the brothers sold their tokens into the pool, draining most of the stablecoins. When the searchers attempted to resell their tokens, the pool did not have enough liquidity to buy them back, resulting in a failed transaction. As a result, the searchers were left with essentially worthless tokens. The reordered block was confirmed instead of the original, allowing the brothers to profit $25 million in stablecoins while the searchers lost the same amount.
The DOJ considers this action to be wire fraud because the bait transactions and false signature were material representations intended to deceive the MEV bots. The indictment argues that these actions constituted binding statements made in a commercial transaction and were knowingly sent to deceive the bots.
The case has generated controversy within the crypto community. Some users find it difficult to accept that the MEV bots, which were attempting to sandwich-attack traders, are now being portrayed as victims. Others argue that the brothers should not have exploited the flaw in the MEV system. Concerns have also been raised that this case could lead to the regulation of Ethereum. The indictment has been criticized for legitimizing sandwich attacks and front-running, and for misrepresenting the roles of relayers in the Ethereum system.
While there are technical solutions to address perceived issues with MEV, such as threshold encryption and delegated Byzantine fault tolerance consensus mechanisms, there have been no known cases of sandwich attack victims prosecuting MEV bots for wire fraud. The debate surrounding the Peraire-Bueno case highlights the ongoing controversy surrounding MEV and its implications for the Ethereum network.