Did U.S. Regulators Just Legitimize MEV Extraction?

A landmark indictment charging two brothers for “stealing” $25 million by front-running transactions in the Ethereum blockchain, a process known as Maximal Extractable Value (MEV), will serve to set legal boundaries around the pervasive practice, experts say.

On May 15, the U.S. Southern District of New York Court (SDNY) charged Anton Perair-Bueno and his brother James with conspiracy to commit wire fraud, conspiracy to commit money laundering, and wire fraud.

The charges stem from the brother’s efforts in late 2022 to move and conceal $25 million extracted from three bots engaged in Maximal Extractable Value (MEV) on the Ethereum network. The pair targeted the bots with “false signatures” designed to trick the bots into giving up their payloads.

Notably, the indictment described the pair as having “fraudulently obtained” the funds by “exploit[ing] the very integrity of the Ethereum blockchain.”

“Anton Peraire-Bueno and James Pepaire-Bueno manipulated and tampered with the process and protocols by which transactions are validated and added to the Ethereum blockchain,” the SDNY said. “In doing so, they fraudulently gained access to pending private transactions and used that access to alter certain transactions and obtain their victims’ cryptocurrency. Once the defendants stole their victims’ cryptocurrency, they rejected requests to return the stolen cryptocurrency and took numerous steps to hide their ill-gotten gains.”

MEV describes arbitrage strategies used by block producers and validators to extract profits from decentralized blockchains by reordering on-chain transactions. These strategies typically involve front-running or sandwiching pending transactions before they are confirmed to extract the maximum allowable slippage as profit.

According to Flashbots, an MEV research organization, 508,804 Ether has been extracted through MEV since Sept. 15, 2022.

The incident comprises the first instance of U.S. authorities bringing criminal charges against network participants engaged in MEV extraction. If convicted, the pair could face up to 20 years in prison for each criminal count.

When is MEV illegal?

Crucially, the charges call into question when MEV activities could run afoul of the law.

The indictment highlighted that the Peraire-Bueno brothers were able to execute their scheme by using fraudulent signatures to exploit vulnerabilities in MEV-Boost — software released by Flashbots that seeks to facilitate a “fair” marketplace for validators and block proposers to participate in MEV extraction.

“Tampering with established protocols like MEV-Boost, which are relied upon by the vast majority of Ethereum users, threatens the stability and integrity of Ethereum’s blockchain,” the indictment said.

Invalid Signatures

Hudson Jameson, formerly of Flashbots, noted the indictment’s emphasis on the use of invalid signatures in enabling the brothers to make off with their $25 million payload, arguing that the charges are unlikely to establish the precedent for a wholesale regulatory assault against MEV.

“The indictment is likely not something that will directly harm MEV,” Jameson said. "In fact, the indictment expressly explains how the brother's actions hurt the integrity of the chain…They used a flaw in MEV boost to push invalid signatures to preview bundles. That gives an unfair advantage via an exploit.”

Speaking to The Defiant, Chen Arad, co-founder and CXO of Solidus Labs, highlighted that the Department of Justice for excluded “common” MEV strategies such as transaction reordering and sandwiching from its classification of criminal activity.

“The indictment… identified a transaction reordering instance that was only made possible by exploiting a vulnerability within the underlying trusted system,” Arad told The Defiant.

“Catastrophic”

However, Mohamed Fouda, a venture partner at Volt Capital, described the normalization of MEV extraction as “catastrophic,” warning that the indictment could serve as a “trap” designed to “pull every operator on Ethereum into a web of legal compliance requirements.”

“Intentionally or not, [the indictment] legitimizes the harmful behavior of sandwich attacks and frontrunning,” Fouda said. “It deals with it as a ‘fact’ and a completely normal behavior: a trader sees an opportunity and acts on it to make a profit.”

“If bots steal your money through MEV, that is fine and business as usual. If you dare to make your transactions private or fight the MEV bots, you are in big trouble,” Fouda continued.

But Arad disagreed that legitimizing MEV is harmful to web3 users, arguing that drawing a line between what is considered acceptable MEV extraction and what constitutes market abuse or fraud serves to provide greater regulatory clarity to the web3 industry.

Unfair Advantage

“There’s no question there’s a need for more regulatory clarity regarding crypto and DeFi,” said Arad. “This enforcement action, in particular, is focused on the use of a vulnerability to execute an exploit which provided an unfair advantage."

"The biggest takeaway for the industry should be — fraud and manipulation are always wrong and illegal, no matter the asset class or the extent of established regulation,” he added.