A rogue Ethereum validator successfully stole over $25 million worth of cryptocurrencies from a bot conducting sandwich trades. PeckShieldAlert discovered the theft and revealed that the hacker had deposited the stolen funds into three addresses.
Most of the loot, over $20 million, was stored in 0x3c98. The rest of the stolen funds were divided between two other addresses, with 0x5b04 containing around $2.3 million worth of crypto and 0x27bf holding just over $3 million.
- Funds were Stolen and Stored in Three Different Addresses
- The Stolen Tokens Held by the Hacker
- MEV Bot Strategies: Sandwich Trades
- Rogue Validator Replaces Reverse Transaction during Sandwich Trade Execution
- Becoming a Validator and Funding the Wallet: Was the Attack Planned?
- Conclusion: Highlighting the Risks in Cryptocurrency Trading and the Need for Better Regulation
Funds were Stolen and Stored in Three Different Addresses
PeckShieldAlert revealed that the rogue validator stole over $25 million from the Ethereum Maximal Extractable Value (MEV) bots and stored the amount in three different addresses. The hacker kept a significant amount in 0x3c98, worth over $20 million. A relatively small chunk worth roughly $2.3 million and $3 million is located in 0x5b04 and 0x27bf, respectively.
The Stolen Tokens Held by the Hacker
The hacker currently possesses $13.4 million worth of Wrapped Ethereum (WETH), $3 million worth of USDT, $1.8 million worth of Wrapped Bitcoin (WBTC), and $1.6 million worth of DAI stablecoin. A chart published by Etherscan shows the stolen tokens held by the hacker.
MEV Bot Strategies: Sandwich Trades
The MEV bots utilize a variety of trading strategies, including sandwich attacks. Forbes explains that “MEV bot spots someone else’s intent to buy a coin and sets itself up to profit from the small price appreciation that the other person’s bid will likely cause. The bot jumps the line to purchase the coin at a fraction less, front-running the trade. Then, after the purchase by the mark in the middle goes through, the bot tops off the sandwich by automatically selling the token at a profit.”
Rogue Validator Replaces Reverse Transaction during Sandwich Trade Execution
During the execution of the sandwich trade, the rogue Ethereum validator replaced the reverse transaction when they tried to close the trade. CertikAlert explains that this situation caused the MEV bot to lose the trade and the hacker to steal the funds.
Becoming a Validator and Funding the Wallet: Was the Attack Planned?
The rogue Ethereum validator deposited 32 ETH just 18 days before stealing the funds, becoming a validator. Additionally, they funded the wallet through a privacy tool, Aztec Network. Hence some allege that it was a planned attack.
Conclusion: Highlighting the Risks in Cryptocurrency Trading and the Need for Better Regulation
The theft of $25 million worth of cryptocurrencies from an Ethereum MEV bot highlights the risks inherent in the cryptocurrency market. While using bots to execute trades can be lucrative, it also leaves traders vulnerable to theft. This incident underscores the importance of keeping private keys secure. The need for better regulation in the cryptocurrency market is also evident, as it can help deter such attacks and protect investors from harm.
