A sophisticated attack on a group of blockchain bots has resulted in a loss of over $25 million. These bots operate similarly to high-frequency traders, using speed and the technicalities of blockchain to capture arbitrage opportunities. However, they often have to put large amounts of money at risk to manipulate prices to sufficient levels.
On April 3, an attacker compromised some of these maximal extractable value (MEV) bots by substituting their regular transactions with malicious ones, leading to the theft of their funds.
Joseph Plaza, a decentralized finance trader at Wintermute, explained that the attacker likely set “bait” transactions to lure the MEV bots, replacing them with new malicious ones to steal funds. The perpetrator deposited 32 ETH to become a validator 18 days before the incident, probably waiting until it was their turn to propose a block as a validator, which coincided with the attack.
Smart contract developer “3155.eth” initially revealed the incident on Twitter, and PeckShield traced the stolen assets to three Ethereum addresses consolidated from eight other addresses. Flashbots, the developer of the primary MEV software used on Ethereum, has responded with a fix to prevent such incidents from happening again.
Flashbots has introduced a feature that instructs relayers, a trusted mediator party between block builders and validators, to publish a signed block before transmitting its contents to a proposer.
This step aims to decrease the likelihood of a malicious proposer within MEV-Boost proposing a block that deviates from what they received from a relay.
MEV bots have become an essential part of the DeFi ecosystem, and the recent attack underscores the need for better security measures. Flashbots’ quick response and fix to prevent future attacks are commendable, but it’s crucial to keep improving and evolving security measures to safeguard the integrity of blockchain technology.