On May 15, the United States Department of Justice (DOJ) announced the arrest of two brothers on charges of conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering for exploiting the “very integrity of the Ethereum blockchain” resulting in the theft of $25 million in cryptocurrency.
What Just Happened?
This event was a unique case of a “malicious validator”. By exploiting a vulnerability within the MEV-Boost relay protocol, the attackers manipulated and tampered with the processes by which new transactions are validated and added to the Ethereum blockchain.
This exploit enabled the malicious validator to unbundle pending transactions from an already constructed block before committing to propose the block to the network. Under normal MEV-Boost protocol, the contents of a block are hidden from the validator until the validator commits to proposing that block by signing the block header.
In this case, the malicious validator was able to trick the MEV-Boost relay into disclosing the contents of the block before the validator committed, allowing it to unbundle the block’s transactions into a new block where it inputted its own front-run transactions, draining funds from five different MEV Bots.
Why is it Important?
This first-of-its-kind enforcement action by the DOJ marks a significant milestone in addressing risks within the Ethereum block-building supply chain, referred to as the “Prechain” ecosystem by Solidus Labs.
While the charges in this case stem from a cyber exploit that resulted in stolen funds, the meticulous establishment of these charges in the indictment reflects a well-informed understanding of the intricacies of the Prechain ecosystem.
Importantly, this indictment may serve as a catalyst for other law enforcement teams, regulators, and policymakers worldwide to enhance their oversight and understanding of the Prechain ecosystem.
What Does It Mean for Market Participants?
The DOJ states in the indictment that tampering with the established MEV-Boost protocols, which are relied upon by the vast majority of Ethereum users, threatens the stability of the Ethereum blockchain for all network participants. In this case, exploiting a vulnerability within MEV-Boost constitutes criminal activity in the form of wire fraud.
A deeper dive into the indictment also raises questions about the classification of transactions as public or private within the Ethereum block-building process. This distinction could have far-reaching implications for regulatory frameworks and the legal and compliance responsibilities of builders, relays, and validators in the Prechain ecosystem.
Solidus’ take
A Deeper Dive into the Indictment
The Decentralized Nature of the Ethereum Network
In its indictment, the DOJ explicitly defines the Ethereum network as a “decentralized blockchain that is used by millions of people across the world... [with] more than one million daily transactions...” and that “no centralized actor runs the Ethereum Network... it is run through a decentralized network of participants across the world that operate based on a set of rules and protocols...” .
These statements are important in framing normal activity based on the protocol’s autonomous, decentralized functioning, in contrast to activities that alter this baseline.
The Role of MEV-Boost and Normative Behavior
In its indictment, the DOJ implicitly characterized Ethereum’s block-building lifecycle and market structure as potentially normative, with embedded expectations by network participants with respect to the system’s attributes and functions. Particularly notable is the discussion around transaction (re)ordering, as it typically occurs within the bounds of the MEV-Boost protocol, including front-running and sandwiching strategies. The indictment reads:
“Tampering with these established MEV-Boost protocols, which are relied upon by the vast majority of Ethereum users, threatens the stability and integrity of the Ethereum blockchain for all network participants.”
The MEV-Boost protocol, even though it enables MEV extraction, some types of which might be considered market manipulation in other contexts, is framed here as normative. In contrast, the exploit that thwarts user expectations around norma system behavior, and relies on a “False Signature” is what constitutes fraud.
The Public or Private Nature of Transactions May Play a Role in Future Regulation
In its indictment, the DOJ characterized the exploited transactions within the initial block, the ones unbounded as part of the exploit, as “private”. The fact that they were intended to be private but then unmasked through a protocol vulnerability is a key pillar of the DOJ’s indictment.
.png)
