Blockchain security firm, CertiK has confirmed an exploit on Maximal Extractable Value (MEV) bots by a rogue validator. As revealed via a tweet today, the firm explained how the validator outpowered the bots while they were executing a sandwich trade. The exploit led to the loss of $25 million worth of virtual assets.
Further breakdown about the exploit unveiled how the validator hijacked some sandwich transactions from the MEV bots. In total, the exploit claimed $13.5 million WETH, $5.2 million USDC, $3 million USDT, $1.8 million WBTC, and $1.7 million DAI. At the moment, the validator has moved the larger part of the stolen funds to three different wallets.
Meanwhile, a web3 security auditing firm, Hacken claimed that the validator had planned for the exploit before it surfaced. Backing this claim, the firm explained that the validator was funded 18 days ago via Aztec, an anonymous protocol. Hacken explained that the validator strategically placed their transaction next to the MEV bots’ to carry out the attack.
Accordingly, the strategic placement left the MEV bots with worthless tokens. This incident surfaced after the validator stopped the bots from completing the transaction in the same block. Initially, the validator could have allowed the Mev bots to swap the tokens back to the original ones.
Side notes about MEV bots
Formerly known as Miner Extractable Value, MEV uses a host of bots carrying out arbitrage on crypto exchanges. They maximize profit at the expense of blockchain users by exploiting the principles of blockchain. To maximize profit, the bots target imbalance between the price of a token on various exchanges, then trade the token between them.
Meanwhile, with the latest attack, MEV bots have lost about $27 million to exploits since September 2022. The recent attack represents a larger part of these exploits. Likewise, the development will pose a warning sign for MEV searchers. According to Certik, these searchers will be careful of carrying out non-atomical strategies like sandwich trading.
Despite being an effective tool to maximizing profits, the MEV bots are vulnerable to hacks. Late last year, a MEV bot lost $1 million worth of virtual assets to a hacker after gaining them from a trader who attempted to sell $1.8 million cUSDC via Uniswap v2.