Maximum Extractable Value (MEV) bots attempting to “sandwich trade” were outsmarted by a rogue validator, resulting in the loss of $25 million worth of digital assets.
In a tweet, blockchain security firm CertiK noted that Bots trying to execute sandwich trades – detecting when traders try to buy tokens and interfering with the trade for some profit – lost a massive amount of cryptocurrency to a validator gone greedy.
It appears that several MEV bots were exploited in Ethereum block https://t.co/6GwTvIKfPA
The MEV bots were executing sandwich trades which start by swapping millions for a small amount of tokens. The reverse transactions were then replaced by a validator. pic.twitter.com/6v051qg9U8
— CertiKAlert (@CertiKAlert) April 3, 2023
When bots started exchanging millions, reverse transactions were replaced by a validator, according to CertiK. This ended up causing a loss of $1.8 million in Wrapped Bitcoin (WBTC), $5.2 million in USD Coin (USDC), $3 million in Tether (USDT), $1.7 million in Dai (DAI) and $13.5 million. in Wrapped Ether (WETH). Most of the funds have been transferred to three different wallets at the time of writing this article.
In a Twitter thread, CertiK I enter in more detail about how the attack came about. The security company explained that the vulnerability was due to the “centralization of power” of the validators. When the MEV bots tried to trade ahead and trade behind to make a profit, the rogue validator jumped in to trade behind MEV, causing the losses.
The CertiK team told Cointelegraph that this event is one of the largest MEV bot exploits they have recorded since September 2022. They explained that:
“We have recorded a total of approximately $27 million from MEV bot exploits since September 2022, and this incident represents the vast majority.”
In addition, the CertiK team also highlighted that this could affect other MEV seekers who are carrying out strategies such as sandwich trading. “There is a possibility that MEV seekers are wary of pursuing non-atomic strategies such as sandwich trading, as this exploit only really affects this particular strategy,” the team stated.
Although MEV bots have the potential to earn large amounts of digital assets, they are also prone to hacks and exploits. On September 28, 2022, an MEV bot won 800 Ether (ETH), worth $1 million at the time, through arbitrage trading. An hour later, the bot lost everything to a hacker who exploited a vulnerability in the bot code.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.