MEV Bots Case: Committing Crimes Using Ethereum Asset Pool Rules

The core of this case is not simply profiting from running MEV Bots, but rather that two men in the United States exploited vulnerabilities in MEV Bots to carry out a “Hacker” attack and implement extortion, involving an amount of approximately 25 million dollars.

1. Basic Situation

The individuals involved are Anton Peraire-Bueno (24 years old at the time) and James Peraire-Bueno (28 years old at the time), who are brothers and graduated from the Massachusetts Institute of Technology. The U.S. Department of Justice has charged them with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering.

Their main criminal act was to exploit the public nature of the “validators” on the Ethereum blockchain and the MEV (Maximum Extractable Value) system to orchestrate and execute a complex attack, “stealing” cryptocurrencies from transactions waiting to be processed, and then extorting victims with it, with an involved amount of approximately $25 million in cryptocurrency. The individuals involved in the case were arrested and prosecuted in May 2024, and the case is currently under trial, with them potentially facing over 20 years in prison.

2. Key Details

To understand this case, it is essential to grasp several key concepts:

MEV (Maximum Extractable Value): The maximum profit that can be obtained on the blockchain by adjusting, including, or excluding the order of transactions. Common MEV activities include arbitrage and liquidation. Legitimate MEV bot operators bid for favorable transaction positions by paying high Gas fees.

Mempool: A public pool of transactions waiting to be packaged into blocks by validators.

Validator: A network participant responsible for packaging transactions and creating new blocks.

Their modus operandi can be simplified into the following steps:

Step 1: Probing and Positioning. They continuously monitor the Ethereum Mempool like other MEV Bots, looking for profitable arbitrage trading opportunities. They discovered some arbitrage bundles consisting of three transactions that could generate substantial profits.

Step 2: Plan the “Trap”. They did not bid for these transactions by raising the Gas fees like normal people, but instead designed a complex attack scheme. They exploited a vulnerability in the Ethereum code, specifically targeting how MEV-Boost (a software that helps validators capture MEV) operates.

Step 3: Execute the Attack - “Hijack” the Transactions. They successfully “hijacked” these pending transactions by setting up their own validator nodes and leveraging their technical expertise within a very short time window (approximately 12 seconds).

Specifically, they prevented these transactions from being normally packed into blocks through a series of complex operations while making the original MEV Bots that submitted these transactions believe that the transactions had failed.

Step 4: Theft and Reconstruction. After the original MEV Bots abandon, they quickly rearrange these “hijacked” transactions and redirect the arbitrage profits to wallet addresses under their control. The entire process appears on the blockchain as a series of normal transaction reorganizations, but in essence, it is a theft exploiting vulnerabilities.

Step 5: Attempting Money Laundering and Ransom. After succeeding, they did not stop. They laundered the stolen funds through a series of complex on-chain operations (such as using mixers, cross-chain bridges, and transferring funds to overseas cryptocurrency exchanges) in an attempt to cover up the source of the funds.

More seriously, they contacted the victims and threatened that if the latter did not pay the ransom, they would report the victims' cryptocurrency activities to the tax authorities and disclose their identities. This constitutes extortion.

3. Important Impact

This is the first time the U.S. Department of Justice has filed a criminal lawsuit related to MEV-related attack behaviors. It classifies a relatively novel and highly technical behavior in the blockchain field as a criminal offense. The case clearly distinguishes between “competitive” MEV and “fraudulent” Hacker attacks. Merely running MEV Bots to participate in competition is not illegal, but exploiting loopholes to steal the transaction value discovered by others and implementing extortion constitutes a serious crime.

U.S. Deputy Attorney General Lisa Monaco emphasized in a statement: “The defendants used highly specialized technical knowledge to manipulate and defraud the Ethereum blockchain, thereby stealing cryptocurrency. Despite the defendants employing complex methods, they were still identified and arrested.” At the same time, the prosecution also proposed that digital asset policy should be established by Congress rather than decided by the courts, which may set a precedent for cryptocurrency-related cases.

This case sends a strong signal to participants in the DeFi (Decentralized Finance) and MEV fields: even in the realm where code is law, exploiting technical loopholes for illegal profit will also be subject to traditional legal sanctions. It also prompts blockchain communities like Ethereum to pay more attention to the security of their protocols and infrastructure.

Four, Extended Thinking

In this case, the behavior of the perpetrator in illegally obtaining others' cryptocurrencies through technical means meets the elements of theft as defined in our criminal law. According to Article 264 of the Criminal Law, those who secretly steal public or private property of particularly large amounts shall be sentenced to fixed-term imprisonment of over ten years or life imprisonment. The amount involved is 25 million USD (approximately 180 million RMB), far exceeding the “particularly large amount” standard. Their extortion behavior may constitute the crime of blackmail. The perpetrator threatened to report in order to demand property, which fully complies with the provisions of Article 274 of the Criminal Law. This crime, in conjunction with theft, reflects a comprehensive evaluation of composite criminal behavior. Of course, their subsequent attempt to cover up the proceeds of crime may also constitute money laundering.

In the judicial process of our country, based on the key review of the actor's subjective intent, the amount of illegal profit, and the illegality of technical means, according to the relevant guiding opinions of the Supreme People's Court, virtual currency can be considered as a property object protected by criminal law. Specifically, at the operational level of criminal justice procedures, this case highlights three core issues. First, criminal characterization, the illegal transfer of assets using blockchain vulnerabilities is essentially a crime that infringes property rights. Second, evidence identification, the standards for fixing, extracting, and identifying blockchain data as electronic evidence. Third, cross-border cooperation: if it involves Chinese entities or funds flowing to China, international criminal justice assistance needs to be initiated.

This case also enlightens us from another perspective that our country needs to strengthen the assessment of new types of crimes in the blockchain field, improve relevant judicial interpretations, and ensure effective suppression of criminal activities using new technologies while maintaining the principle of technological neutrality.

In summary, the $25 million MEV Bots case is essentially a high-tech financial theft and extortion case that exploits vulnerabilities in blockchain protocols. The defendants' actions far exceed the scope of legitimate MEV competition, constituting clear fraud and money laundering crimes. The outcome of this case will set an important legal precedent for the handling of similar incidents in the future.