In a recent attack, Ethereum’s MEV bots got outsmarted by a rogue validator when performing sandwich trades, leading to an exploit of $25 million. The blockchain security firm, CertiK Tweeted and talked about the bots trying to execute sandwich transactions. These transactions occur when traders are trying to purchase tokens and get in the middle of the trade for profit.
It appears that several MEV bots were exploited in Ethereum block https://t.co/6GwTvIKfPA
The MEV bots were executing sandwich trades which start by swapping millions for a small amount of tokens. The reverse transactions were then replaced by a validator. pic.twitter.com/6v051qg9U8
— CertiK Alert (@CertiKAlert) April 3, 2023
The attack took place within a single Ethereum block, and the blockchain auditor OtterSec stated that a single validator was responsible for forcing a series of transactions into the block to steal funds. A validator is responsible for processing transactions, including creating new blocks on the blockchain.
The bots began to swap assets worth millions, and the reverse transactions were replaced by the validator. The move inevitably resulted in the loss of approximately $1.8 million in Wrapped Bitcoin, $5.2 million in USDC, $3 million in USDT, DAI worth $1.7 million, and $13.5 million in Wrapped Ether. Soon after these assets were swapped, the funds were transferred to the addresses of three different wallets.
Furthermore, the CertiK team stated that this is possibly the greatest exploit of MEV bots since September 2022. Since then, the MEV bots were responsible for exploits totaling approximately $27 million, but the recent exploit is the biggest of them all.
The MEV Bots Fiasco
The MEV Flashbots use a technique called “sandwich attacks” to steal value from users by sending transactions moments before and after a user sends one of their own. This is a malicious way of manipulating the underlying price of a certain asset so that the bot could steal the price difference from the user.
Furthermore, OtterSec stated that the validator responsible for the attack had recently funded its wallet a little over two weeks ago using the Aztek Network. Currently, it is debated that the exploit, itself was a planned attack. However, there is no such clarity about the chain of events.
Despite MEV bots earning huge amounts from digital assets, they also tend to be greater victims of exploits. An example can be dated back to September when an MEV bot earned 800 Ether, approximately $1 million through arbitrage trades. The bot ended up losing everything to a hacker who found a loophole in its code.