One of the major Ethereum MEV (maximal extractable value) bots has been targeted in an attack, apparently by one of the blockchain’s validators, resulting in the loss of almost $20 million.
The attack happened all within one Ethereum block, with blockchain auditor OtterSec saying a validator appeared to force a series of transactions into the block to steal funds the bot had planned to gain by front-running. A validator is responsible for processing transactions and creating new blocks on the blockchain.
“Maximal extractable value refers to the maximum value that can be extracted from block production in excess of the standard block rewards and gas fees by including, excluding, and changing the order of transactions in a block,” according to the Ethereum Foundation.
MEV flashbots use a technique called “sandwich attacks” to steal value from users by sending transactions just before and after a victim sends their own. This is a malicious way of manipulating the underlying price of the asset so that the bot can steal the price difference from the user.
In this case, OtterSec added that the validator responsible for causing the attack had funded their wallet more than two weeks ago from privacy layer Aztec Network, suggesting that it was a planned attack.
Recommended for you:
- Cory Doctorow’s Web3 Rallying Cry: ‘Seize the Means of Computation’
- Crypto Markets Analysis: Crypto Long Positions Surging Among Asset Managers
- Ethereum’s Mainnet Tenth ‘Shadow Fork’ Goes Live Ahead of September Merge
- Join the Most Important Conversation in Crypto and Web3 in Austin, Texas April 26-28
Blockchain sleuth Peckshield revealed that the $20 million in stolen funds are currently sat across three wallets, with eight linked addresses being originally funded from Kucoin.
The attack has the potential to transform the MEV ecosystem as MEV extractors will be wonder “which Ethereum validators are malicious,” former Ethereum Foundation member Hudson Jameson said in a tweet.