How MEV bots make multimillion-dollar profits from attacks

MEV bots generate profits through advanced transaction strategies such as front-running or sandwich attacks on crypto exchanges. How do these bots work, and why are they useful despite stealing millions of dollars?

The popularity of smart contract apps opens up loopholes for generating additional income, relying on market inefficiencies and specific features of Ethereum and other blockchain systems architecture. 

One such loophole is the Miner Extractable Value (MEV). With this technology, miners can make this profit by including, excluding, or reordering transactions as they see fit in the blocks they create.

However, over time, attackers have increasingly used this technology to attack various protocols and steal cryptocurrency. How do they do it?

What are MEV bots, and how do they work?

MEV is a strategy by which validators on the Ethereum blockchain increase their profits by influencing the order of transactions when creating a block, causing other users to bear losses.

In the blockchain world, transaction priority and gas fees are important factors affecting the network’s efficiency. Ethereum and Solana, two leading blockchain platforms, use validator pools to confirm transactions, and users can speed up their transactions by paying higher fees.

How MEV bots make multimillion-dollar profits from attacks - 1
Source: Chainlink

However, this approach has led to the rise of MEV bots, which attempt to extract maximum profit from user transactions. These bots have become significant in the gas fee debate, especially on Ethereum and Solana.

The persistent threat of MEV bots and the difficulty of mitigating them have become a topic of debate in the Ethereum and Solana communities. Ethereum developers are working on solutions at the protocol level, but they still need to solve this problem entirely.

How MEV bots make a profit

MEVs work as blockchain scanners, engaging in arbitrage, frontrunning, and transaction fee manipulation.

In the case of arbitrage, MEV bots can exploit differences in the prices of an asset while simultaneously executing buy and sell transactions on different exchanges. Arbitration is one of the most common methods for extracting MEVs.

When frontrunning, MEV bots can monitor the mempool to determine which transactions will soon be included in the block. They then activate their transactions, placing them before or after the identified transactions to give themselves an advantage over other traders. Sometimes, these transactions are combined, which is called a sandwich attack.

How MEV bots make multimillion-dollar profits from attacks - 2
Source: Milkroad

For a better understanding, imagine a situation where a MEV bot notices that a transaction to buy many tokens is about to be made. The bot immediately inserts its transaction to sell these tokens before the upcoming purchase, which allows it to profit from the subsequent increase in the price of the tokens.

Speaking about liquidations, MEV bots monitor defi borrowing and lending platforms like Aave for potential liquidations. By detecting underfunded loans in advance, these bots submit bids to profit from subsequent price movements.

Bots also manipulate transaction fees to gain a higher position, potentially at the expense of other traders. As a result, they earned over $313.7 million in 2021-2023, according to the Dune data.

How MEV bots make multimillion-dollar profits from attacks - 3
Source: Dune 

MEV bots and blockchain protocols ravage

In September 2022, an arbitrage bot hack resulted in the loss of 1,100 ETH. The funds stolen in an attack on a bot called 0xbad belonged to many of its users. 

In October 2023, a MEV bot on the BNB Chain made a profit of $1.575 million through a Flash Lending attack on the BH/USDT trading pair on PancakeSwap. The cost of arbitration, with the most significant profit from such operations in the BNB Chain’s history, was only $4.16.

In November 2023, an arbitration bot was hacked and lost about $2 million in one of the pools on the Curve Finance platform.

According to Beosin, the attacker took advantage of the fact that the 0xf6ebebbb() function was available without authorization to force a swap between pools. The hacker issued an instant loan for 27,255 WETH (more than $51 million at that time), changed the balance of prices in the WETH/WBTC pool, and carried out an arbitrage transaction through a bot.

In April, the MEV bot group lost more than $25.38 million in an attack on the Ethereum blockchain. The hacker compromised several bots and replaced their transactions with malicious ones.

The hacker set up “decoy” transactions to lure MEV bots. Then, he replaced the original transactions with new, malicious ones, which allowed him to steal funds. The attacker topped up the account with 32 ETH to carry out the attack.

How to deal with MEV bots

Various approaches can help users reduce the potential impact of MEV bots on their transactions. One of them is to check the fees before submitting the request and use defi platforms with built-in MEV protection or dedicated protection tools. 

Platforms such as UniSwapX, 1inch, and PancakeSwap, use mechanisms to reduce the influence of bots. These platforms allow users, for example, to set slippage tolerance by defining a minimum acceptable number of tokens received when the price changes.

Why it’s still worth considering MEV bots 

Unlike traditional finance, MEV trading occurs primarily in an unregulated environment. Frontrunning and other MEV strategies, while they may be unethical, are not illegal to the same extent as in traditional stock markets due to the public availability of information about pending orders on the blockchain.

MEV bots can be very profitable for operators but can also be used for market manipulation. This raises concerns about the security and fairness of the defi ecosystem.

Source link

About The Author

Scroll to Top