Ethereum MEV bots lost over $25M in a sophisticated hack attack

Article Reading Time:
2 minutes.

As a result of the attack on the Ethereum blockchain, the attacker replaced the usual MEV transactions of bots with malicious ones and stole more than $25 million.

Based on data from blockchain explorer Etherscan, Joseph Plaza, a representative of the Wintermute market maker, suggested that the hackercreated decoy transactions to lure MEV bots. 

The attacker then replaced the original lure transactions with new, malicious ones, allowing the funds to be stolen.To prepare for the attack, the criminal deposited 32 ETH into the Ethereum staking pool 18 days before the incident and became a validator.

Plaza added that it is likely that the attacker waited for his turn to offer a block as a validator, which was the beginning of the attack.Subsequently, he reorganized the contents of the block and created a new block containing malicious transactions to steal assets.

As a result, the "validator-hacker" was able to steal 7,461 WETH ($13.4 million), 5.3 million USDC, 3 million USDT, and 65 WBTC ($1.8 million)

The incident was first reported on Twitter by a smart contract developer under the pseudonym 3155.eth.Subsequently, PeckShield experts were able to
trace stolen assets to three Ethereum addresses combined with eight other addresses.

The development team of the main software of the Ethereum blockchain, MEV-Boost , announced the introduction of emergency fixes to prevent similar incidents in the future.

In particular, a function has been added to MEV-Boost that instructs relays to publish a signed block before transmitting content.This will reduce the likelihood that an attacker will offer a block in MEV-Boost that is different fromthat he received a repeater.

Previously published on the Bits.media portal
a detailed analysis of the causes and consequences of PoS blockchain solutions that accompany hacker attacks.