Ethereum Bot Gets Attacked for $20M as Validator Strikes Back

One of the major Ethereum MEV bots has been targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.

MEV is an acronym for "maximal extractable value," which is a method validators use to try to maximize their profits when they validate transactions by including, excluding or changing the order of transactions in a block.

The attack happened all within one Ethereum block, with blockchain auditor OtterSec saying a validator appeared to force a series of transactions into the block to steal funds the bot had planned to gain by front-running. A validator is responsible for processing transactions and creating new blocks on the blockchain.

The attack has the potential to transform the MEV ecosystem because MEV extractors will be wonder "which Ethereum validators are malicious," former Ethereum Foundation member Hudson Jameson said in a tweet.

MEV flashbots use a technique called "sandwich attacks" to steal value from users by sending transactions just before and after a victim sends his or her own. This is a malicious way of manipulating the underlying price of the asset so that the bot can steal the price difference from the user.

In this case, OtterSec added that the validator responsible for causing the attack had funded his wallet more than two weeks ago from privacy layer Aztec Network, suggesting that it was a planned attack.

Blockchain sleuth Peckshield revealed that the $20 million in stolen funds are spread across three wallets, with eight linked addresses being originally funded from Indian crypto exchange KuCoin.