Analytics

How MEV bots make multimillion-dollar profits from attacks

MEV bots generate profits through advanced transaction strategies such as front-running or sandwich attacks on crypto exchanges. How do these bots work, and why are they useful despite stealing millions of dollars?

Table of Contents

  • What are MEV bots, and how do they work?
  • How MEV bots make a profit
  • MEV bots and blockchain protocols ravage
  • How to deal with MEV bots
  • Why it’s still worth considering MEV bots

The popularity of smart contract apps opens up loopholes for generating additional income, relying on market inefficiencies and specific features of Ethereum and other blockchain systems architecture.

One such loophole is the Miner Extractable Value (MEV). With this technology, miners can make this profit by including, excluding, or reordering transactions as they see fit in the blocks they create.

However, over time, attackers have increasingly used this technology to attack various protocols and steal cryptocurrency. How do they do it?

What are MEV bots, and how do they work?

MEV is a strategy by which validators on the Ethereum blockchain increase their profits by influencing the order of transactions when creating a block, causing other users to bear losses.

In the blockchain world, transaction priority and gas fees are important factors affecting the network’s efficiency. Ethereum and Solana, two leading blockchain platforms, use validator pools to confirm transactions, and users can speed up their transactions by paying higher fees.

Source: Chainlink

However, this approach has led to the rise of MEV bots, which attempt to extract maximum profit from user transactions. These bots have become significant in the gas fee debate, especially on Ethereum and Solana.

The persistent threat of MEV bots and the difficulty of mitigating them have become a topic of debate in the Ethereum and Solana communities. Ethereum developers are working on solutions at the protocol level, but they still need to solve this problem entirely.

You might also like: Ethereum MEV bots make $1m profit amid sandwich attacks

How MEV bots make a profit

MEVs work as blockchain scanners, engaging in arbitrage, frontrunning, and transaction fee manipulation.

In the case of arbitrage, MEV bots can exploit differences in the prices of an asset while simultaneously executing buy and sell transactions on different exchanges. Arbitration is one of the most common methods for extracting MEVs.

When frontrunning, MEV bots can monitor the mempool to determine which transactions will soon be included in the block. They then activate their transactions, placing them before or after the identified transactions to give themselves an advantage over other traders. Sometimes, these transactions are combined, which is called a sandwich attack.

Source: Milkroad

For a better understanding, imagine a situation where a MEV bot notices that a transaction to buy many tokens is about to be made. The bot immediately inserts its transaction to sell these tokens before the upcoming purchase, which allows it to profit from the subsequent increase in the price of the tokens.

Speaking about liquidations, MEV bots monitor defi borrowing and lending platforms like Aave for potential liquidations. By detecting underfunded loans in advance, these bots submit bids to profit from subsequent price movements.

Bots also manipulate transaction fees to gain a higher position, potentially at the expense of other traders. As a result, they earned over $313.7 million in 2021-2023, according to the Dune data.

Source: Dune

MEV bots and blockchain protocols ravage

In September 2022, an arbitrage bot hack resulted in the loss of 1,100 ETH. The funds stolen in an attack on a bot called 0xbad belonged to many of its users.

#MEV A very profitable MEV bot, internally named as 0xbad, was somehow tricked/hacked with 1,101 ETH loss (~$1.45M) in the following tx: https://t.co/FxXSY8AyhX

— PeckShield Inc. (@peckshield) September 27, 2022

In October 2023, a MEV bot on the BNB Chain made a profit of $1.575 million through a Flash Lending attack on the BH/USDT trading pair on PancakeSwap. The cost of arbitration, with the most significant profit from such operations in the BNB Chain’s history, was only $4.16.

According to EigenPhi, on October 11, MEV Bot: 0x21…480C on BNB Chain made a profit of US$1.575 million through a flash loan attack on the Pancakeswap BH/USDT trading pair for only $4.16, becoming the largest single arbitrage profit in the history of BNB Chain. According to…

— Wu Blockchain (@WuBlockchain) October 12, 2023

In November 2023, an arbitration bot was hacked and lost about $2 million in one of the pools on the Curve Finance platform.

According to Beosin, the attacker took advantage of the fact that the 0xf6ebebbb() function was available without authorization to force a swap between pools. The hacker issued an instant loan for 27,255 WETH (more than $51 million at that time), changed the balance of prices in the WETH/WBTC pool, and carried out an arbitrage transaction through a bot.

🚨An unknown MEV bot was hacked for ~$2M. https://t.co/HC2QYEfGZ7

The root cause was that the arbitrage function 0xf6ebebbb() did not have authentication, allowing the attacker to call 0xf6ebebbb() to force swaps across multiple https://t.co/m0tYfbwWqY pools, resulting in high… pic.twitter.com/2Xah6j57ed

— Beosin Alert (@BeosinAlert) November 8, 2023

In April, the MEV bot group lost more than $25.38 million in an attack on the Ethereum blockchain. The hacker compromised several bots and replaced their transactions with malicious ones.

#CertiKSkynetAlert 🚨

It appears that several MEV bots were exploited in Ethereum block https://t.co/6GwTvIKfPA

The MEV bots were executing sandwich trades which start by swapping millions for a small amount of tokens. The reverse transactions were then replaced by a validator. pic.twitter.com/6v051qg9U8

— CertiK Alert (@CertiKAlert) April 3, 2023

The hacker set up “decoy” transactions to lure MEV bots. Then, he replaced the original transactions with new, malicious ones, which allowed him to steal funds. The attacker topped up the account with 32 ETH to carry out the attack.

You might also like: MEV bot consumes 7% of ETH gas while sandwiching traders

How to deal with MEV bots

Various approaches can help users reduce the potential impact of MEV bots on their transactions. One of them is to check the fees before submitting the request and use defi platforms with built-in MEV protection or dedicated protection tools.

Platforms such as UniSwapX, 1inch, and PancakeSwap, use mechanisms to reduce the influence of bots. These platforms allow users, for example, to set slippage tolerance by defining a minimum acceptable number of tokens received when the price changes.

Why it’s still worth considering MEV bots

Unlike traditional finance, MEV trading occurs primarily in an unregulated environment. Frontrunning and other MEV strategies, while they may be unethical, are not illegal to the same extent as in traditional stock markets due to the public availability of information about pending orders on the blockchain.

MEV bots can be very profitable for operators but can also be used for market manipulation. This raises concerns about the security and fairness of the defi ecosystem.

You might also like: Here’s how MEV bots on SushiSwap caused a $3.3m loss

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *