Here is a more detailed explanation of the exploit.
The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.
The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]
So hardly an attack on any core system of cryptocurrencies.
“These brothers allegedly committed a first-of-its-kind manipulation of the Ethereum blockchain by fraudulently gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victims,” said Special Agent in Charge Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office.
Good to know the prosecutors have an understanding of what they're prosecuting... Not even a single mention of MEV in the DoJ press release.
gaining access to pending transactions, altering the movement of the electronic currency, and ultimately stealing $25 million in cryptocurrency from their victim
I skipped "fraudulent" because neither MEV bots nor this attack can be called fraudulent imo, although MEV is definitely taking value one didn't help create.
Because it's not the public mempool. It's a private MEV mempool that people pay to add their transactions to for special priority or conditional inclusion. For instance, asshole profiteers can use it to sandwich attack traders to siphon off "market inefficiencies" or some people just want immediate front of the line inclusion in the next block.
Presumably they exploited something in this MEV system (completely unrelated to the Ethereum protocol) that allowed them to see the pool and they shouldn't have. Wish I knew more but everything I read was incredibly vague and misleading.
Are you sure there is such a thing? My understanding was that they just submit their sandwich transactions to the mempool with higher and lower gas respectively to achieve their desired priority ranking. Could be wrong though.
I'm sure, yes. If you submit to a public mempool, you have no guarantees that your two transactions will land on either side of the target transaction in the same block (They likely won't). You need to leverage conditional transactions with MEV so you guarantee the miner will select and position your transactions where you need them. In this case, before and after the target transaction.
Wow, thanks for the link. It seems things have gotten a lot more complicated with PoS. I didn't even know about PBS. I haven't been following along properly.
So they discovered faulty code and made some money?
Can anyone explain to me how this is illegal?
The code is a contract. If someone writes bad code and loses money, then write better code - just like if someone writes a bad legal contract and loses money.
IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.
Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.
Hacking a private corporate system, which is generally on closed nets and requires an internal actor / phishing, is significantly different from exploiting a code fault on a public network.
Trustless systems rely on mathematics to secure their networks. This is both the revolution of them and the risk. If you build a system of value and it is on a public network, and you fail to properly secure it, that is supposed to be the risk. You lose money, hopefully go bankrupt / lose credibility, and a more efficient actor eats your lunch.
Treating it like a traditional system with these unspoken legal safeguards when it uses a public blockchain and public network is absurd.
You can't just make up your own permission and punishment system, and then expect the legal system to just step aside and let it handle all disputes, especially when it comes to fraud. That's like founding your own city in an existing country, and declaring all existing law obsolete. I know some people think this is a real possibility, but the real world doesn't work like that.
It is more like finding a gold mine on public BLM land. It is over treacherous mountains only experienced climbers can access. There are no signs or doors saying it is licensed to anyone; indeed, it isn't officially registered with BLM. So the climbers go in and take as many gold nuggets as they can carry.
Unbeknownst to them, it was a mine discovered by rich and connected people who have cronies in BLM. Rangers go and arrest the climbers and say that you aren't allowed to climb, climbing is illegal, and taking gold from that mine is illegal because someone else found it and dug it, even though they didn't properly secure it nor did they put up any signs. They assumed the mountain was enough protection.
You withdraw cash at an ATM but the software has faulty code which causes your balance to remain the same after withdrawing any amount.
You notice this and then empty the entire ATM this way, making $200,000. I'm sure once you explain to the jury that the ATM just gave you a bad contract, they will acquit you.
No one ever said ATM-code is law. Ethereum code is supposed to be. Code is law is one of their slogans.
Everything that a blockchain does could be handled by a single office computer. The whole reason for the huge, expensive over-head is to put crypto beyond the law. Stuff like this exposes the whole, huge waste of human effort.
Code is the law of the blockchain, his transaction wasn't reverted, he got caught irl. It's like saying constitution isn't law because laws of physics don't prevent murder.
The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said.
To activate 1 validator you need 32 ETH.
So for the 16 validators they got, it would be 512 ETH. Prices in December 2022 for eth were around 1200$. So they "invested" in this fraud over 600,000$.
Today's eth price is around 3000$ so they'd be having over 1.5 mil, if they weren't that greedy
The headline’s a bit misleading. The drive is a plasma thruster, and the company found that by adding Boronated water to the exhaust the plasma would fuse with some of the boron creating a kind of afterburner effect, not a sustained fusion reaction. It’s kind of interesting as a way to boost the performance of the plasma thruster, but not “OMG it’s a Fusion Drive!!!” interesting.
Yeah, that’s the fault of the article author. The actual press release uses “fusion-enhanced” which is a lot more honest.
To be fair, they’re quoting a 50% increase in thrust so it’s not completely clickbait to say “fusion powered” but it definitely does give the wrong picture.
Wasn’t there an rocket concept like that from the 70’s, using the freed electrons for containement or something? I saw it once on Wikipedia and then never found it again.
There has been some fusor research going on for decades. The issue that killed that direction of fusion research was ultimately that the electrons do not behave as the initial simple models suggested and in the real world the power loss from the fast electrons is just too big for any reasonably sized device to allow for self sustaining fusion.
Basically this. Look at all the big fusion reactor projects - they’ve been going for decades and JUST NOW hit a very miniscule amount of net output within the past several months.
It’s not just tech titans. Letting media companies megamerge left us with a handful of corporations that control the narrative. Studios shouldn’t be able to own the content, the tv channels, the set top boxes and the wires they’re transmitted on.
Yup. News sources have been consolidating for the last 50 years. It used to be that every news outlets you watched was ultimately owned by one of 40 companies. Today, that number is 5. So if five billionaires get together and decide something is not going to be talked about, then it DOESN’T get talked about. This is why the Internet has them so freaked out. They can’t control it (yet) so it’s a threat to their version of reality.
This is also why our “liberal news media” does such a terrible job of speaking truth to bullshit. It’s not necessary to report “both sides of an argument” if one side of the argument is insane, woo-woo dipshiterry. What they’re doing there is gaslighting you into thinking that babbling nonsense is “just another point of view” It’s not in the interest of billionaires to have informed citizens, capable of critical thinking, so the point of this exercise is to keep us fighting with each other about where the REAL source of our problems come from while they . . . the rich . . . run off with all the f*cking money.
Not sure how other people are but I couldn’t not have a smartphone for my job. Feels like that’s either a luxury for rich people or one tiny benefit for people with lower demand jobs who are done with the job when they leave the office
I’ll just divert all my calls and texts to my wife’s phone and have my son handle all my administrative tasks. I’m also refusing to check email before noon and I decline meetings because they are not productive.
Hang on, my wife just told me my boss says I no longer have to work at all now!
Feels like that’s either a luxury for rich people or one tiny benefit for people with lower demand jobs who are done with the job when they leave the office
what do you mean by “lower demand jobs who are done with the job when they leave the office”?
Seems like you’re making a lot of assumptions. I’m in sales. I make money by being responsive, and having a smartphone gives me tools to use wherever I am instead of having to always going to a computer or tablet like the article describes
i was arguing with someone “in sales” about how there may be more important things in life than being responsive to make money at all times?
my bad. excuse me mister higher demand job
joking aside, you’re probably young (excuse my assumption) if you still don’t feel the urgency of disconnecting from work and having some undistracted time for yourself and your loved ones. Enjoy it while you can still do that without burning out
Again, you’re making a lot of assumptions, which are incorrect. Not trying to give away all my personal information so I’ll skip that.
I wasn’t saying anything like “being responsive to make money at all times”. We’re commenting on a thread about an article advocating people get rid of their smartphones, and I said I couldn’t do my job without a smartphone.
Feels like that’s either a luxury for rich people or one tiny benefit for people with lower demand jobs who are done with the job when they leave the office
it’s not a luxury
what’s a lower demand job?
why aren’t you done with your job when you leave the office or if you’re working from home like so many people, at a certain hour?
you permit yourself to make assumptions about so many people, i make assumptions (or rather deductions) from what you write
and i’m getting tired of this discussion. Glue that thing to your head if that makes you even more money 🤷
I feel similarly. My job uses all kinds of 2FA and email-chain nonsense that pretty much require me to keep one as well. I’m starting to learn how to retrofit a special half-dumb phone to do those required things, but it’s quite a process compared to what George Clooney got to do
The online era is going to be a thousand Library of Alexandria's worth of lost information, records, journals, news, ... everything. It will all just digital-rot into the memory hole.
what is called the “Van Allen Belt”, thus deflecting solar radiation. Not only does this allow the earth to retain its atmosphere,
Scientists figured out that upper layers of the atmosphere would create their own magnetic field, which is important for the impending pole reversal every few 100k years.
Don't they sign pretty thick and explicit NDAs when they work at and leave OpenAI some serious shit must have happened.
Unless those safety researchers were also part of the team trying to oust Altman for being a creep ass then it makes perfect sense. But it doesn't sound like that was the case here.
Technology
Hot