A maximal extractable value (MEV) bot encountered a significant loss of approximately $180,000 in Ether after an attacker took advantage of a vulnerability in its access control mechanisms.
On April 8, a blockchain security firm reported that the MEV bot lost 116.7 Ether (ETH) due to insufficient access controls. A threat researcher, known as Officer’s Notes on social media, indicated that the attacker exploited a weakness in the bot, which allowed it to swap its ETH for a fraudulent token.
The researcher explained that the exploit occurred through a malicious pool the attacker created within the same transaction. He emphasized that stronger access controls could have averted this situation for the MEV owner.
Shortly after the incident, only 25 minutes into the exploit, the MEV owner offered a bounty to the attacker and subsequently launched a new bot featuring enhanced access control validations.
The researcher drew parallels to another incident in 2023, during which MEV bots faced losses totaling $25 million due to a similar exploit. On April 23, 2023, bots participating in sandwich trades lost their assets to a rogue validator.
Related: ‘Unlucky’ MEV bot takes out huge $12M loan just to make $20 in profit
Increase in Fake MEV Bot Guides
An MEV bot on Ethereum functions as a trading bot that capitalizes on maximal extractable value, which refers to the highest profit obtainable from block production. This involves reordering, inserting, or censoring transactions within a block.
The bot monitors Ethereum’s pool of pending transactions in search of potential profits, executing front-run, back-run, or sandwich trades. This practice has generated controversy as these bots can extract value from regular users during times of market volatility or congestion.
Despite the debates surrounding MEV bots, many individuals continue to utilize them. However, inexperienced users aiming to profit may inadvertently fall victim to traps set by scammers.
The researcher noted a surge in fraudulent MEV bot tutorials available online. He indicated that these tutorials purport to teach users how to earn money with MEV bots, often providing deceptive installation instructions. “In many cases, this will simply give hackers the opportunity to take your money,” he cautioned.
He urged users to thoroughly vet their resources and remain vigilant to avoid falling prey to scammers.
Magazine: How crypto bots are ruining crypto — including auto memecoin rug pulls