MEV bot operators lose $25m in exploit
A group of blockchain bots that use MEV to extract additional income lost more than $25 million in an attack by a rogue validator.
1/ In Ethereum block 16964664, 8 MEV txns were exploited by a rogue validator.
Flashbots are supposed to check correctly if a node validator is not malicious. In this incident the validators were newly created (one created 18 days ago was malicious). pic.twitter.com/03sgbgZXnO
— CertiK Alert (@CertiKAlert) April 3, 2023
Eight bots were targeted at carrying out ‘sandwich transactions’, CertiK researchers noted. In this strategy the software detects an attempt to buy a large amount of an asset and front-runs it; as a result the price rises. Executing the user’s order moves quotes higher, and the bot sells the coins for profit (a combination of front-running and back-running). All transactions are batched in a single block.
According to the experts, the rogue validator credited to his own addresses wrapped Bitcoin (WBTC) and Ethereum (WETH), as well as USD Coin (USDC), Tether (USDT) and Dai (DAI) worth about $25.4 million.
9 hours ago, MEV bots lost $25.38m as a result of the MEV transactions being replaced by a rogue validator. The majority of funds are in 3 wallets (0x3c9, 0x27b, 0x5b0)
Here we have a breakdown of the funds that were taken ? pic.twitter.com/3l0KFmHL5G
— CertiK Alert (@CertiKAlert) April 3, 2023
CertiK specialists noted that, in the MEV framework, checks on nodes for potential malfeasance are performed by Flashbots’ flash bots. In this incident the exploit-actor validator had been active for about three weeks.
In the view of experts, the vulnerability stems from centralisation of power among the network’s block-producing node operators.
2/ The vulnerability was primarily due to centralisation of power among validators.
The MEV executed a sandwich attack in which they front-run and then back-run a transaction in order to profit. The rogue validator front-run the MEVs back-run transaction. pic.twitter.com/fGZTUkT0Sl
— CertiK Alert (@CertiKAlert) April 3, 2023
Developers of Flashbots’ MEV-Boost solution, popular in the Ethereum network, responded to the incident with code changes to prevent similar attacks. The patch introduces a previously missing function for relays, which act as intermediaries between block builders and validators.
We just published an update to the mev-boost-relay codebase, which is used by many relays in the mev-boost ecosystem: https://t.co/7wf1UceD5X
— Chris Hager ⚡? (@metachris) April 3, 2023
Under the proposal, the relay will publish a signed block before it is forwarded to the consensus layer. This should prevent a scenario where an attacker could revert executed data.
In February, Flashbots introduced the MEV-Share protocol, which expanded the possibilities for users in distributing MEV.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!