3 - 5 minute read
A group of MEV bots lost over $25 million in a sophisticated attack on the Ethereum blockchain. The attacker replaced the normal MEV transactions of the bots with malicious ones, causing them to lose money.
Maximal extractable value (MEV) bots operate like blockchain-based high-frequency traders. They focus on using speed and the technicalities of how blockchains work to capture arbitrage opportunities. But to do so, they often have to put large amounts of money at risk in order to manipulate prices to sufficient levels.
An attacker compromised some of these MEV bots on April 3 by substituting their regular transactions with malicious ones, resulting in the theft of their funds. In doing so, the attacker inflicted substantial losses on the MEV bots.
Joseph Plaza, decentralized finance trader at Wintermute, explained that the exploiter likely set “bait” transactions to lure the MEV bots. The attacker then replaced the initial baiting transactions with new, malicious ones, allowing them to steal the funds. To prepare for the attack, the perpetrator deposited 32 ETH to become a validator 18 days before the incident.
Plaza added that the attacker probably waited until it was their turn to propose a block as a validator, which coincided with the attack. They subsequently reorganized the contents of the block and created a new one containing their malicious transactions in order to drain assets.
Smart contract developer “3155.eth” initially revealed the incident on Twitter, and PeckShield subsequently traced the stolen assets to three Ethereum addresses, consolidated from eight other addresses.
Flashbots, the developer of the primary MEV software used on Ethereum, known as MEV-Boost, has responded with a fix to prevent such incidents from occurring in the future.
The team has introduced a feature that instructs relayers, a trusted mediator party between block builders and validators, to publish a signed block before transmitting its contents to a proposer, a step that was previously absent. This action aims to decrease the likelihood of a malicious proposer within MEV-Boost proposing a block that deviates from what they received from a relay.
This attack highlights the risks associated with MEV bots and the importance of security measures in the blockchain ecosystem. While the attack was sophisticated, it is important to note that it was not a flaw in the Ethereum blockchain itself. As Joseph Plaza stated, “The attack was done through a combination of engineering, social engineering, and economic incentive.”
Traders should be cautious when using MEV bots and ensure that they are using reputable software providers. It is also important to stay up-to-date with the latest security measures and developments in the blockchain ecosystem.
In conclusion, while the Ethereum blockchain remains secure, attacks like these serve as a reminder of the importance of diligence and caution when engaging in blockchain-based activities. It is essential for traders to stay informed and take necessary precautions to protect their assets. Trading carries high risk and it is important to understand these risks before engaging in any trading activities.
