A sophisticated exploit led to a loss of over $25 million for a group of blockchain bots working to generate revenue through a process called maximal extractable value (MEV).
MEV bots operate like blockchain-based high frequency traders. They focus on using speed and the technicalities of how blockchains work to capture arbitrage opportunities. But to do so, they often have to put large amounts of money at risk (in order to manipulate prices to sufficient levels).
An attacker compromised some of these MEV bots on April 3, by substituting their regular transactions with malicious ones, resulting in the theft of their funds. In doing so, the attacker inflicted substantial losses on the MEV bots.
Joe Plaza, decentralized finance trader at Wintermute, explained that the exploiter likely set “bait” transactions to lure the MEV bots. The attacker then replaced the initial baiting transactions with new, malicious ones, allowing them to steal the funds. To prepare for the attack, the perpetrator deposited 32 ETH to become a validator 18 days before the incident.
Plaza added that the attacker probably waited until it was their turn to propose a block as a validator, which coincided with the attack. They subsequently reorganized the contents of the block and created a new one containing their malicious transactions in order to drain assets.
Smart contract developer “3155.eth” initially revealed the incident on Twitter, and PeckShield subsequently traced the stolen assets to three Ethereum addresses, consolidated from eight other addresses.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://www.theblock.co/post/224482/ethereum-mev-bots-lose-over-25-million-in-sophisticated-attack?utm_source=rss&utm_medium=rss