Comment on MIT Students Stole $25 Million In Seconds By Exploiting ETH Blockchain Bug, DOJ Says

General_Effort@lemmy.world ⁨6⁩ ⁨months⁩ ago

I’ll try a simple explanation of what this is about, cause this is hilarious. It’s the kind of understated humor, you get in a good british comedy.

For a payment system, you must store who owns how much and how the owners transfer the currency. Easy-peasy. A simple office PC can handle that faster and cheaper than a blockchain. But what if the owner of the PC decides to manipulate the records? No problem, you just go to the police with your own records and receipts and they go to jail for fraud. Their belongings are sold off to pay you damages. That’s how these things have worked since forever. It’s how businesses keep track of their debts.

Just one little problem: What if the government wants your money. Maybe you don’t want to pay your taxes, or some fine. Or maybe you have debts you don’t want to pay, like your alimony. Perhaps the government wants to seize the proceeds from a drug deal. They can just go to the record keeper and force them to transfer currency.

This is where cryptocurrencies come to the rescue (as it were). There are different schemes. ETH (Ethereum) uses validators. The validators are paid to take care of the record-keeping. The trick is, that you have to put down ETH as a collateral (called staking) to run a validator. If you manipulate the record/blockchain, then the other validators will notice and raise the alarm. That results in you losing your collateral.

This means the validators can remain anonymous. You don’t need to know their identities to punish them for fraud. You just take their crypto-money. They need to remain anonymous so that the government (or the mob) can’t get to them.

This is where it gets hilarious. These 2 brothers operated fraudulent validators. The stake/the collateral didn’t matter at all. The whole scheme didn’t matter. It was a horrible waste of money and effort. The indictment even details how they tried to launder the crypto. That is, how they tried to transfer it, so that it couldn’t be traced on the blockchain. The indictment even has the search queries they used to look up the info on how to do that.

It’s all a sham. The one thing that crypto is supposed to do: Foil the government. And it doesn’t work.


When people want to buy crypto on the blockchain, they put out a request so that a validator will execute that transaction and record it on the blockchain. So, while the request is waiting, a bot comes along and scans it. It may be that a purchase changes the exchange value of a currency. In that case, the bot adds 2 more transactions. First, to buy that currency before the original request, and to sell it afterward. The original request drives up the price in between the buy and sell, so that the bot makes a profit for its operator. The original request has to pay a little extra. That’s where the profit comes from.

Sound shady? I hope not, because that’s what the victims did.

The accused operated their own validators. At the right time, they put out their own buy request to lure in a bot. When the bot proposed the bundled transactions, their validators feigned acceptance. But then switched out the lure transaction of buying for selling.

The indictment makes a fairly good argument. It’s like there is a “contract” between these automatic systems. The trading bot wants the bundled transactions to be carried out exactly so. The validator feigns agreement, but does not follow through.

source
Sort:hotnewtop