US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very integrity of the blockchain into question.”
If that’s actually true, they should be given a sentence of time served and a job writing useful software.
It’s not. They tricked some MEV-Boost bots into doing bad trades.
Still highlights a vulnerability doesn’t it? The system is only as secure as the most vulnerable piece.
No, it really doesn’t. That’s like creating a bot that buys and sells company shares automatically, and saying the stock exchange has a vulnerability because your bot makes bad decisions.
Here is a more detailed explanation of the exploit.
The Pepaire-Bueno brothers exploited a bug in MEV-boost’s code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.
The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. […]
So hardly an attack on any core system of cryptocurrencies.
This is a prime example of why the “code is law” selling point for smart contracts is a disaster waiting to happen. Proponents claim you won’t need lawyers, arbitrators, courts, etc, but in reality you’ll need all those and on top of that programmers to write and verify smart contracts.
“code is law” can become “might makes right” without oversight. Those who lobby against oversight are a problem.