Ethereum Bot Gets Attacked for $20M as Validator Strikes Back

The incident raises questions about whether validators can be trusted, one former member of the Ethereum Foundation said.

AccessTimeIconApr 3, 2023 at 10:56 a.m. UTC
Updated May 9, 2023 at 4:11 a.m. UTC

One of the major Ethereum MEV bots has been targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.

MEV is an acronym for "maximal extractable value," which is a method validators use to try to maximize their profits when they validate transactions by including, excluding or changing the order of transactions in a block.

The attack happened all within one Ethereum block, with blockchain auditor OtterSec saying a validator appeared to force a series of transactions into the block to steal funds the bot had planned to gain by front-running. A validator is responsible for processing transactions and creating new blocks on the blockchain.

The attack has the potential to transform the MEV ecosystem because MEV extractors will be wonder "which Ethereum validators are malicious," former Ethereum Foundation member Hudson Jameson said in a tweet.

MEV flashbots use a technique called "sandwich attacks" to steal value from users by sending transactions just before and after a victim sends his or her own. This is a malicious way of manipulating the underlying price of the asset so that the bot can steal the price difference from the user.

In this case, OtterSec added that the validator responsible for causing the attack had funded his wallet more than two weeks ago from privacy layer Aztec Network, suggesting that it was a planned attack.

Blockchain sleuth Peckshield revealed that the $20 million in stolen funds are spread across three wallets, with eight linked addresses being originally funded from Indian crypto exchange KuCoin.

Edited by Sheldon Reback and Mark Nacinovich.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Oliver Knight

Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.