this post was submitted on 16 May 2024
277 points (96.6% liked)

Technology

59446 readers
3481 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] shrugal@lemm.ee 115 points 6 months ago (27 children)

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

[–] survirtual@lemmy.world 35 points 6 months ago (5 children)

So they discovered faulty code and made some money?

Can anyone explain to me how this is illegal?

The code is a contract. If someone writes bad code and loses money, then write better code - just like if someone writes a bad legal contract and loses money.

The justice system is awful.

[–] shrugal@lemm.ee 39 points 6 months ago* (last edited 6 months ago) (1 children)

IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.

Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.

[–] blargerer@kbin.social 33 points 6 months ago (2 children)

This is like saying they discovered how to pick a lock so deserve everything in whats locked by it.

[–] possiblylinux127@lemmy.zip -2 points 6 months ago

The didn't pick the lock, they created bunch of fake exchanges.

[–] yetAnotherUser@feddit.de 30 points 6 months ago (2 children)

You withdraw cash at an ATM but the software has faulty code which causes your balance to remain the same after withdrawing any amount.

You notice this and then empty the entire ATM this way, making $200,000. I'm sure once you explain to the jury that the ATM just gave you a bad contract, they will acquit you.

[–] Cypher@lemmy.world 4 points 6 months ago
[–] General_Effort@lemmy.world 3 points 6 months ago (2 children)

No one ever said ATM-code is law. Ethereum code is supposed to be. Code is law is one of their slogans.

Everything that a blockchain does could be handled by a single office computer. The whole reason for the huge, expensive over-head is to put crypto beyond the law. Stuff like this exposes the whole, huge waste of human effort.

[–] possiblylinux127@lemmy.zip 2 points 6 months ago

It isn't above law.

[–] qwerty@discuss.tchncs.de 2 points 6 months ago

Code is the law of the blockchain, his transaction wasn't reverted, he got caught irl. It's like saying constitution isn't law because laws of physics don't prevent murder.

[–] possiblylinux127@lemmy.zip 5 points 6 months ago

They created a bunch of fake shell companies in foreign companies and were preparing to flee the US

[–] Blackmist@feddit.uk 2 points 6 months ago (1 children)

Doesn't sound a huge deal different to High Frequency Trading, and Wall Street nobheads fall over themselves to exploit that.

[–] pedroapero@lemmy.ml 1 points 6 months ago

Sounds to me that the difference is they exploited a bug to get private information in order to game the bots.

load more comments (21 replies)