Ethereum Validator Breach: $20 Million Stolen from MEV Bot
A major Ethereum bot designed to extract the maximal value from the blockchain has suffered an attack that resulted in the loss of around $20 million.
It appears that one of the validators of the blockchain was behind the attack, which took place within a single Ethereum block. Validators are responsible for handling transactions and generating new blocks on the blockchain.
A large MEV bot was recently hacked for almost 20M. It all happened in one block.
Here's what we know 🧵 pic.twitter.com/e0holhINDo
— OtterSec (@osec_io) April 3, 2023
The attack involved a series of transactions that were forced into the block, allowing the perpetrator to steal funds that the bot had intended to obtain through front-running.
This technique, known as a “sandwich attack,” involves manipulating the underlying asset’s price to steal the price difference from the user.
The concept of maximal extractable value is established by the Ethereum Foundation to be the highest amount of value that can be obtained from block production beyond the conventional block rewards and gas fees by adjusting the transaction order or including and excluding them in a block.
As per OtterSec, the wallet of the validator responsible for the attack was funded over two weeks ago using the Aztec Network, which provides a privacy layer.
This suggests that the attack was planned. Peckshield, a blockchain investigator, has disclosed that the stolen funds are now in three wallets, with eight linked addresses initially funded from Kucoin.
Hudson Jameson, a former Ethereum Foundation member, has commented that the attack could have far-reaching implications for the MEV ecosystem, with extractors now questioning the trustworthiness of Ethereum validators.
At the time of writing ETH is trading at $1800 after an almost 1% price drop in the past 24 hours.