MEV bot loses $180K in ETH from access control exploit
A maximal extractable value (MEV) bot lost about $180,000 in Ether after an attacker exploited a vulnerability in its access control systems. On April 8, blockchain security firm SlowMist reported that the MEV bot lost 1...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
A maximal extractable value (MEV) bot lost about $180,000 in Ether after an attacker exploited a vulnerability in its access control systems.
On April 8, blockchain security firm SlowMist reported that the MEV bot lost 116.7 Ether (ETH) because of the lack of access control. Threat researcher Vladimir Sobolev, also known as Officer’s Notes on X, told Cointelegraph that an attacker exploited a vulnerability in the bot, causing it to swap its ETH to a dummy token.
Sobolev said this was done through a malicious pool created by the attacker within the same transaction. The threat researcher added that this could have been prevented if the MEV owner implemented stricter access controls.
Just 25 minutes into the exploit, the MEV’s owner proposed a bounty to the attacker. The owner then deployed a new MEV bot with stricter access control validation.
Sobolev compared the exploit to a similar incident in 2023, where MEV bots lost $25 million after being exploited. On April 23, 2023, bots who performed sandwich trades lost their crypto to a validator that went rogue.
Related: ‘Unlucky’ MEV bot takes out huge $12M loan just to make $20 in profit
Rise in fake MEV bot guidesAn MEV bot on Ethereum is a trading bot that exploits maximal extractable value. This is the maximum profit that can be extracted from block production. This is done by reordering, inserting or censoring transactions within a block.
The bot observes Ethereum’s pool of pending transactions and looks for potential profits. These bots can do front-run, back-run, or sandwich transactions. This makes the bots very controversial as they steal value from regular users during high periods of volatility or congestion.
Despite the controversies surrounding MEV bots, many continue to use them. However, beginners looking to profit from these bots can often fall into a different trap crafted by scammers.
Sobolev told Cointelegraph that there has been a rise in fraudulent MEV bot tutorials online. The researcher said the tutorials offer ways to earn money using MEV bots and publish fake installation instructions. “Very often, this will simply allow hackers to steal your money,” Sobolev said.
He urged users to check their resources and ensure they are not falling prey to scammers.
Magazine: How crypto bots are ruining crypto — including auto memecoin rug pulls
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
Dutch crypto exchange collapses exposing customer balances’ true value amid multi-million-euro hole
Dutch crypto exchange Knaken's operating company and its affiliated payments foundation entered court-controlled bankruptcy on Jul...
DeFiTuna lending pools exploited for $580K, creating deficit in USDC pool
The exploit raises concerns about DeFi security, potentially undermining trust and prompting calls for more rigorous auditing prac...
Steak ‘n Shake credits Bitcoin for company growth – But is PR value now worth more than people actually using BTC?
Steak' n Shake says US same-store sales jumped about 16% in July and wants Bitcoin to share the credit. However, one figure remain...
AI agents employ $24M market to act smarter as agentic crypto payments spread online
Lincoln Murr asked his AI agent to send some Twitter articles to his Kindle, copying a trick he'd seen suggested online. The agent...
Injective files for SEC transfer agent registration to bring securities ownership records onchain
The company said the filing would create a regulated pathway for maintaining ownership records for tokenized securities onchain.
ConsenSys inadvertently hired North Korean operative who accessed MetaMask’s core code
ConsenSys inadvertently hired a North Korean operative as a developer consultant who accessed MetaMask's core code before being de...