A rogue validator took advantage of a flaw in MEV (Maximal Extractable Value) bots, leading to a loss of $25 million worth of cryptocurrencies. Blockchain security company CertiK noted in a tweet that the bots were trying to carry out sandwich transactions.
According to the report, the stolen assets included $1.8 million in Wrapped Bitcoin (WBTC), $5.2 million in USD Coin (USDC), $3 million in Tether (USDT), $1.7 million in DAI, and $13.5 million in Wrapped Ether (WETH).
According to CertiK, this is one of the biggest hacks on MEV bots since September 2022. Since September 2022, MEV bot flaws have cost various firms a total of ~$27 million. In addition, today’s event is responsible for most of the money lost via an MEV exploit.
MEV bots have the ability to gain enormous sums of cryptocurrencies, but they are also vulnerable to hackers and attacks. On Sept. 28, an MEV bot was able to make 800 Ether through arbitrage trading. The Ether was worth about $1 million. An hour later, a hacker who took advantage of a flaw in the bot’s code, took off with rewards.
What is a sandwich exploit in the cryptocurrency sector?
Validators or generalized front-runners (bots) run through all the transactions that need to be verified and choose the profitable deals from the mempool. Since the blockchain’s code is public, bots can identify user transactions with high gas costs. Bots copy these transactions and assist validators in identifying the profitable ones. The transaction orders are set in a manner to add them to blocks in a preferred sequence. This process is known as front running.
A sandwich assault is a type of front-running that mainly targets decentralized finance protocols and services. In these assaults, fraudulent traders search for a pending transaction on the network of their choice. A sandwich attack occurs by placing an order immediately before the transaction and another immediately after it. In essence, the attacker will attempt a front-run and a back-run at the same time, sandwiching the initial pending transaction in the middle. These two orders are placed simultaneously with other pending transactions in an effort to manipulate asset values.
The offender will first purchase the asset the user is exchanging to, for example, using Chainlink (LINK) to exchange to Ethereum (ETH), knowing that the price of ETH is rising. In order to enable the victim to purchase Ethereum at a higher value, the offender will purchase it at a lower price. The attacker will then sell ETH for more money.