A validator on Ethereum has been slashed by the network after draining funds from Maximal Extractable Value (MEV) bots.
On Monday, blockchain data shows that a rogue validator extracted $25 million from MEV “sandwich bots” on Flashbots. A sandwich attack refers to a type of front-running, where the MEV bot places a trade right before and after a large pending trade, benefitting from an artificial change in price.
Something crazy happened in MEV land…
If you asked me who made money in 2023, I would’ve said the top searchers. But now, not sure anymore 😅
TLDR seems that atomic sandwich bundles are not longer atomic. A malicious actor 'stole' $20M and counting from sandwich bots.. pic.twitter.com/gM57UwbKep
— 0xBeans (@0x_Beans) April 3, 2023
According to blockchain audit firm OtterSec, the validator in question likely planned ahead for the attack, funding a wallet through a confidential transfer through privacy-first zk-rollup Aztec more than 18 days ago.
The entire attack was orchestrated in a single block, into which the validator forced a series of transactions and was able to front-run the MEV bots.
The validator has now been slashed from the network after collecting a significant profit, which currently sits in three wallets according to blockchain security firm Peckshield.
Slashed by proposer equivocation. Proposer equivocation is when an eligible proposer makes two or more conflicting proposals.
— terence (@terencechain) April 3, 2023
Although the validator was penalized by being slashed from the network, to some users, it seemed like a small price to pay compared to the profit earned from the attack.
“25,000,000 profit for 1,800 penalty? Sure, i’ll take that trade. The economic incentives are broken here and it was only working due to a gentlemen’s agreement to not do bad,” said Polygon’s chief information security officer Mudit Gupta.
It is worth noting that MEV bots themselves, that extract value through these sandwich attacks, aren’t exactly playing a fair game, which is perhaps why some blockchain users applauded the attacker’s actions.
yeah, that's how nature work
— zEniTH 0wl 𓂀 (@zenith_owl) April 3, 2023
Developers later disclosed that the attack was possible due to a relayer bug and a patch to fix the vulnerability is being rolled out to all MEV-relays.