Maximal Extractable Value (MEV) bots who were trying to perform “sandwich trades” got outsmarted by a rogue validator, leading to a loss of $25 million worth of digital assets.
In a Twitter post, blockchain security firm CertiK highlighted that bots who were trying to execute sandwich transactions — spotting when traders are trying to purchase tokens and getting in between the trade for some profit — lost a huge amount of crypto to a validator that went rogue.
It appears that several MEV bots were exploited in Ethereum block https://t.co/6GwTvIKfPA
The MEV bots were executing sandwich trades which start by swapping millions for a small amount of tokens. The reverse transactions were then replaced by a validator. pic.twitter.com/6v051qg9U8
— CertiK Alert (@CertiKAlert) April 3, 2023
As the bots began to swap millions, the reverse transactions were replaced by a validator according to CertiK. This eventually lead to a loss of $1.8 million in Wrapped Bitcoin (WBTC), $5.2 million in USD Coin (USDC), $3 million in Tether (USDT), $1.7 million in DAI (DAI) and $13.5 million in Wrapped Ether (WETH). A majority of the funds were then transferred to three different wallets at the time of writing.
The CertiK team told Cointelegraph that this event is one of the largest exploits on MEV bots that they have recorded since September 2022. They explained that:
“We’ve recorded a total of approximately $27 million since MEV bot exploits since September 2022, with this incident accounting for the vast majority.”
In addition, the CertiK team also highlighted that this could potentially affect other MEV searchers that are conducting strategies like sandwich trading. “There is a possibility that MEV searchers will be wary of conducting non-atomical strategies, such as sandwich trading, since this exploit only really affects this particular strategy,” the team said.
While MEV bots have the potential to earn huge amounts of digital assets, they are also prone to hacks and exploits. On Sept. 28, an MEV bot was able to earn 800 Ether (ETH), worth $1 million at the time, through arbitrage trades. An hour later, the bot lost everything to a hacker who exploited a vulnerability in the bot’s code.