Share this page!

Hacken🇺🇦 Profile picture
@hackenclub
Apr 3 12 tweets 4 min read Twitter logo Read on Twitter
🚨 A Validator Attack on MEV Bots caused $25.2M loss for MEV bots

Thread below with comprehensive explanation ⬇️

🧵...
💸 MEV bots lost $25.2M today due to a planned validator action

The validator was previously funded through the anonymous #Aztec protocol, suggesting that the theft from MEV bots was premeditated

The validator's confidential top-up occurred 18 days ago
⚙️ In simple terms, the attacker takes advantage of being a validator and having control over the order of transactions in a block

The attacker strategically places their transactions around the MEV bot's transaction to manipulate the outcome
⚙️ The #MEV bot is then left with worthless tokens as the attacker prevents the final transaction from being executed in the same block, which would have allowed the MEV bot to swap back to the original tokens
📃 Example of such a transaction: In this case, the MEV ripper exchanged 223 $BIT tokens worth around $100 for 2,239 $ETH worth around $4 million

Transaction link:

etherscan.io/tx/0x2bb955b94…
💰 As a result of series of transactions, #MEV Ripper or the "validator-hacker" managed to steal from the unlucky MEV bots:

7,461 $WETH ($13.4M)
5.3M $USDC
3M $USDT
65 $WBTC ($1.8M)
1.7M $DAI
🗃️ Stolen funds are held at these addresses

0x3c98d617db017f51c6a73a13e80e1fe14cd1d8eb
($19.9M)

0x5B04db6Dd290F680Ae15D1107FCC06A4763905b6
($2,3M)

0x27bf8f099Ad1eBb2307DF1A7973026565f9C8f69
($2,9M)
📑How did Validator made #MEV bots to act on particular pools:

⬇️⬇️⬇️
1⃣ The hacker first targets a pool with low liquidity to see if the #MEV bot will front-run the tx

For example, the hacker tempts the bot with 0.04 $WETH

If the pool is indeed monitored by the #MEV bot, the bot will use all of its funds for arbitrage
2⃣ Since the MEV bot uses the attacker's validator to produce the block, and the attacker has been testing if MEV uses their validator, the #MEV bot is verified in advance to see if it will perform and can view the bundle as a validator
3⃣ The attacker then uses a large amount of tokens exchanged in Uniswap V3 to swap in the low liquidity V2 pool to seduce #MEV to use all the $WETH to front-run and buy the worthless tokens

A large amount of tokens are used to swap for all the $WETH that #MEV had just front-run
📑 In conclusion, the #MEV bot was left with worthless tokens due to the validator attack

#MEV attempts to swap these tokens back for $ETH at a highly inflated exchange rate were reverted, leaving the MEV bot at a significant loss.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Hacken🇺🇦

Hacken🇺🇦 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hackenclub

Hacken🇺🇦 Profile picture
Apr 2
🚨 All Bridge (@Allbridge_io) has experienced a security breach, leading to a loss of approximately $570K

More details in the thread below ⬇️

🧵...
⚙️ The issue seems to stem from the manipulation of the pool's swap price, with the attacker taking on dual roles as LP and swapper to control the price and drain funds from the pool
🔍 Allbridge has confirmed that they are currently investigating the situation involving the #BNB Chain pools

⛔️ In the meantime, they have taken the precautionary measure of temporarily shutting down the bridge
Read 11 tweets
Hacken🇺🇦 Profile picture
Apr 1
🧑‍💻 Creating a Smart Contract: A Beginner's Guide

Explore the essential steps in the thread below ⬇️

🧵... Image
⏲️ First of all, we need to prepare for creating the smart contract

We need to clarify what is transaction on a code level, that is #solidity, IDE & External Tools
⛓️ Transaction

An #Ethereum transaction is a message between accounts, including info about Ether/assets being transferred, recipient address & more

Transactions can also contain smart contract function calls, enabling interaction with #dApps
Read 8 tweets
Hacken🇺🇦 Profile picture
Dec 22, 2022
❗️Why Proof of Reserves audit should be performed not only for centralized exchanges, but also for stablecoins and synthetic assets issuers

🧵...
1. Proof of Reserves audit can help to demonstrate that the stablecoin is backed by a stable asset, such as a fiat currency, and that the issuer has the reserves necessary to honor all outstanding stablecoin liabilities
2. Synthetic asset issuers also need a Proof of Reserves audit to demonstrate that they have the assets necessary to cover the risks associated with their synthetic assets
Read 7 tweets
Hacken🇺🇦 Profile picture
Oct 11, 2022
🚨 Mango Markets (@mangomarkets) has been hacked for over $100M

We are closely monitoring the situation and will keep you updated as soon as we verify details of the attack

🧵...
The attacker account:

trade.mango.markets/account?pubkey…
1. The attacker opened enormous size futures position
Read 7 tweets
Hacken🇺🇦 Profile picture
Oct 11, 2022
🚨 TempleDAO (@templedao) has been attacked

The attacker has stolen 1831 ETH, which is around $2.35M

We are closely monitoring the situation and will keep you updated as soon as we verify details

🧶...
The address used for attack was funded from Binance (@binance)

Means the attacker withdrew the funds for attack from Binance Account

etherscan.io/address/0x9c9f…
2. The issue is in migrateStake contract:
Read 5 tweets
Hacken🇺🇦 Profile picture
Oct 10, 2022
The FBI received close to 30,000 complaints of Business Email Compromise (BEC) in 2021, with companies losing over $2.4 billion

So, let's clarify what is Business Email Compromise and its attack types 📧

🧵...
1. Using this way of social engineering, the attacker poses as someone the recipient should trust, usually a colleague, boss or vendor

The sender asks the recipient to make a wire transfer, divert payroll, change banking details for future payments, etc
2. These attacks are difficult to detect as they don’t use malware or malicious URLs that can be analyzed with standard cyber defenses

Instead, BEC attacks rely instead on impersonation and other social engineering techniques to trick people interacting on the attacker’s behalf
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(