Who Is the Real Victim? When Front-Running Crypto Bots Lose at Their Own Game
A recent indictment out of the Southern District of New York charges two brothers, Anton and James Peraire-Bueno, with wire fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering for allegedly exploiting Ethereum blockchain to fraudulently obtain US$25 million worth of cryptocurrency from cryptocurrency traders. In the Department of Justice (DOJ) press release announcing the charges, DOJ stated that the brothers’ actions “call[] the very integrity of the blockchain into question,” and that “this first-of-its kind wire fraud and money laundering scheme” is just the beginning of DOJ’s efforts to “continue to root out fraud, support victims, and restore confidence to [cryptocurrency] markets.” In this unprecedented prosecution, DOJ seeks to protect cryptocurrency bots engaging in legitimate front-running activity from actors who are able to exploit holes in crypto algorithms. This begs the question — are crypto front-runners now the victims?
In the traditional finance industry, front-running is the illegal practice whereby market participants — brokers, traders, or firms — use advanced knowledge of their clients’ trade orders to their own advantage. A prime example is a broker who, knowing its client is about to place a major order, quickly executes its own trade ahead of its client, thereby benefiting from the anticipated price movement. That unethical practice is illegal on Wall Street under Securities and Exchange Commission (SEC) Rule 17J-1, which requires investment companies, their investment advisers, and principal underwriters to establish codes of ethics to prevent affiliated persons from engaging in fraudulent practices. It also has been the basis for the SEC to exact substantial penalties for violations of Section 10(b) of the Securities Exchange Act of 1934, Rule 10(b)(5) thereunder, and Section 17(a) of the Securities Act of 1933.
Front-running in crypto, though slightly different, stems from the same logic: users exploit their knowledge of pending transactions to gain an advantage over other participants in the blockchain network. When a user initiates a transaction on a blockchain, it is broadcasted to the network and added to the “mempool” — a temporary storage area containing pending transactions that are waiting to be added in a block by miners, or validators. In a front-running attack, users monitor the mempool to identify specific transactions to target. When a transaction is in the mempool, its details are visible to all: sender’s and receiver’s addresses, amount of cryptocurrency being sent, and the transaction price. The goal is to identify a transaction that will be profitable if it is front-run and to execute a similar transaction.
Unlike stock transactions that are monitored by the SEC, exchanges, and others, including self-regulatory organizations like the Financial Industry Regulatory Authority, cryptocurrency transactions take place in a world largely without regulation. Indeed, most of these transactions take place on decentralized exchanges that (debatably) are not subject to any regulatory oversight, though the SEC has brought insider trading charges that it claimed involved crypto asset securities and has brought numerous cases against cryptocurrency platforms and exchanges (with mixed results). The lack of clear regulatory oversight of crypto markets can make it more difficult to detect and prevent front-running, as no central authority monitors and polices the trading activity. According to one source, crypto bots designed for this very purpose have made at least US$1 billion in profits across various blockchains as of October 2022, at the expense of retail investors.
The Peraire-Bueno brothers, according to DOJ, went a step further: instead of just front-running the transaction, they exploited Ethereum’s algorithm to cause other parties — bots — to front-run transactions, and then replaced the transactions with tampered transactions on both the buy and sell side to sell their own tokens to the front-runners. This resulted in a US$25million pay day, the indictment alleges. In its self-proclaimed “novel” case, DOJ has decided to protect crypto front-runner bots by bringing charges against human actors who allegedly exploited them.
As DOJ looks to prosecute crypto fraud by using creative means to bring down parties it deems to be bad actors, and as the SEC continues to ramp up its enforcement efforts against the traditionally decentralized and unregulated cryptocurrency world (see SEC’s 2024 Examination Priorities), it is likely that additional crypto-related enforcement actions are on the horizon. Participants in these markets can expect to see agencies looking at all sorts of cryptocurrency activities, including front-running, with an eye towards imaginative methods of enforcement in the coming months and years.
We will be following this case, along with other crypto-related developments, here on Enforcement Edge. If you have questions, reach out to any of the authors or any of their colleagues in Arnold & Porter’s White Collar Defense & Investigations practice group.
© Arnold & Porter Kaye Scholer LLP 2024 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.