Ethereum Bot Gets Attacked for $20M as Validator Strikes Back

The incident raises questions about whether validators can be trusted, one former member of the Ethereum Foundation said.

AccessTimeIconApr 3, 2023 at 10:56 a.m. UTC
Updated Apr 3, 2023 at 5:40 p.m. UTC
BowTiedBull
President
BowTied Jungle
The pseudonymous investor BowtiedBull explores the BowtiedJungle, where citizens swap advice on investing, job-seeking, ...
BowTiedBull
President
BowTied Jungle
Consensus 2023 Logo
The pseudonymous investor BowtiedBull explores the BowtiedJungle, where citizens swap advice on investing, job-seeking, ...

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.

BowTiedBull
President
BowTied Jungle
The pseudonymous investor BowtiedBull explores the BowtiedJungle, where citizens swap advice on investing, job-seeking, ...
BowTiedBull
President
BowTied Jungle
Consensus 2023 Logo
The pseudonymous investor BowtiedBull explores the BowtiedJungle, where citizens swap advice on investing, job-seeking, ...

One of the major Ethereum MEV bots has been targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.

MEV is an acronym for "maximal extractable value," which is a method validators use to try to maximize their profits when they validate transactions by including, excluding or changing the order of transactions in a block.

The attack happened all within one Ethereum block, with blockchain auditor OtterSec saying a validator appeared to force a series of transactions into the block to steal funds the bot had planned to gain by front-running. A validator is responsible for processing transactions and creating new blocks on the blockchain.

The attack has the potential to transform the MEV ecosystem because MEV extractors will be wonder "which Ethereum validators are malicious," former Ethereum Foundation member Hudson Jameson said in a tweet.

MEV flashbots use a technique called "sandwich attacks" to steal value from users by sending transactions just before and after a victim sends his or her own. This is a malicious way of manipulating the underlying price of the asset so that the bot can steal the price difference from the user.

In this case, OtterSec added that the validator responsible for causing the attack had funded his wallet more than two weeks ago from privacy layer Aztec Network, suggesting that it was a planned attack.

Blockchain sleuth Peckshield revealed that the $20 million in stolen funds are spread across three wallets, with eight linked addresses being originally funded from Indian crypto exchange KuCoin.

Edited by Sheldon Reback and Mark Nacinovich.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.


Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


CoinDesk - Unknown

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.