Hunting the Hunters; How to Exploit MEV Bots

In the past, we have extensively discussed MEV and what that means to stateful blockchains. For retrospection, Maximal Extractable Value (MEV) describes the maximum amount of gas fees (including external exploitative factors from “bad” actors) that accrue to validators per block produced.

Most layer 1 networks are “state chains,” implying that pending transactions on the network are repeatedly rearranged based on fee priority. He who pays the most gets the privilege of having their transaction attached first in a newly-minted block and subsequently to the blockchain’s ledger before less-paying ones.

That opens Pandora’s box for several opportunities as searchers look to exploit other network users by influencing the sequence of these transaction arrangements. One can call it front-running, but it is more complicated than that. Examples of these MEV opportunities include; DEX arbitrage, liquidation executions, NFT MEV mintings, and Sandwich trading. In this piece, we will focus on the MEV opportunities that arise from Sandwich trades; then, we will show you how a rogue validator on Flashbot exploited several MEV bots to net a healthy profit of over $25 million. You might want to fasten your seat belts for this one, but first, let us understand how a normal sandwich attack works.

Sandwich Trading

Sandwich trading is the most common and equally exploitative type of MEV extraction. That is because exploiters here target mostly unaware traders on decentralized exchanges (DEXs) who want to sell or buy their cryptos. The strategy is simple. Find a large transaction on the mempool, buy before the buyer (or sell before the seller), and execute the reverse transaction immediately.

Quick Illustration;

Uniswap, a DEX that uses the automated market maker model, uses a price curve that prices assets based on the real-time symmetry of their relative demand and supply. Two assets, A and B, are in a trading pair (pool); if people buy lots of asset A, the price of asset A goes up against that of asset B. If people sell lots of asset A, the price decreases against asset B. For instance, let us say a user is trying to buy $1 million worth of USDC at its current price of 1 USDT. A sandwich attacker will first buy most of the USDC in Uniswap to raise the price of 1 USDC from 1 USDT to 1.3 USDT, creating a 30% imbalance. The attacker’s average buy price will be between 1 USDT and 1.3 USDT per USDC, depending on the liquidity in the pool. Then this attacker will let the victim’s transaction execute, so the victim has to pay a price of 1.3+ USDT instead of the expected 1 USDT. 

Thereby getting less USDC (about $769,000) than the expected $1 million and, in this process, increasing the price further from 1.3 USDT to perhaps 1.6 USDT. Finally, the attacker completes the sandwich by selling the USDC back from the price of 1.6 USDT per USDC back to the normal 1 USDT. They will profit almost $200,000 (almost equivalent to what the user lost in the last step) as their average sell price will be higher than their average buy price. Interestingly, the sandwich bot takes a loss in the first transaction but makes it back (plus some profit) in the reverse transaction. That describes the typical exploitation process of an MEV bot which has mostly proved invincible (except for a few cases of Salmonella attacks). That is why when a validator found a way to hunt the hunted, it captured the eyes of many.

The Hunter Validator

If decentralized finance is the wild west, expect to see participants evolve to move higher up the food chain. Remember how we mentioned that the MEV bot takes a loss in the first transaction? That is what the malicious validator is exploiting. The malicious validator bot replaces the victim’s transaction with its own, where instead of buying more USDC at 1.3 USDT+, it sells USDC to Uniswap at 1.3 USDT, thereby making money in trade. It is easy to see here that the profit made by the validator truly comes from the loss that the MEV bot made in the first transaction. Since the price is already back to 1 USDT, the MEV bot’s final sandwich transaction fails, and it is now left bag-holding USDC that it bought for as high as 1.3 USDT. The validator takes a sandwich bundle from the MEV bot and replaces the victim transaction with its own, saving the victim and exploiting the MEV bot instead. 

Usually, Flashbot validators are not allowed to tamper with bundles and are slashed if they do so. However, the slash amount was less than the profit amount in this attack, which obviously gave the validator a reason to pull it off anyway. One can even imagine that this validator had baited the MEV bot, sending the “victim” transaction, watching the MEV bot sandwich it then rearranging the order of transactions by including a newer transaction to take advantage of the MEV bot. Something similar to this assumption;

The validator first targets a pool with low liquidity to see if an MEV bot will front-run the transaction. It will probably do this with a low transaction amount of, for instance, 500 USDC to draw a hungry MEV searcher bot. If the MEV bot monitors the pool, it will use some of its funds for this arbitrage. Since the block, which confirms the MEV bot transactions, had come from the attacker’s validator (a kind of privilege for Flashbot validators), this informs the attacker that the MEV bot will mostly continue to use their validator. It then signals to the MEV bot, verifying it in advance with a right to view its bundles and baiting it to perform more sandwich transactions while facilitated by the validator. You can call it a conspiracy, but one which eventually culminates in a gruesome betrayal. 

In this case, our attacker validator spiced things up slightly to maximize its profit. They utilized a pool with very low liquidity, the WETH-T pool on Uniswap V2. T is the token of the Threshold Network – a decentralized bridge for getting Bitcoin on the Ethereum blockchain. The transaction can be found here

It first baits the MEV bot with a 0.04 WETH transaction which the MEV profits from, then it uses a large amount of tokens exchanged in Uniswap V3 (with more liquidity) to swap in the low liquidity Uniswap V2 pool to seduce the MEV bot to use all its WETH to front-run and subsequently buy the T tokens. A large amount of these T tokens are then used to swap for all the bot’s WETH, leaving it stuck with the expected forward loss but with a non-existent path to reverse trade its way back to profit. The bot’s attempts to swap these T tokens back for WETH at a highly inflated exchange rate are reverted, leaving it with a significant loss. This MEV bot ripper exchanged 223 BIT tokens worth around $100 for 2239 $ETH worth around $4 million. At the time of writing, the validator had netted approximately $25 million in profit. That is a design flaw in flashbots and was bound to happen. In the end, the MEV bot is left with worthless tokens due to this validator attack. All of this looks like a well-planned attack as this rogue player had just become a validator 18 days ago, preparing the tokens used in all of these 16 days ago.

The Role of Flashbots in This

Ordinarily, Flashbot disincentives this kind of behavior from validators by slashing the rogue validator’s staked ETH. On Ethereum’s execution layer, there are proposers and builders. Builders build execution block bodies (essentially an ordered list of transactions that becomes the main “payload” of the block) and submit bids. The proposer’s job is only to accept the execution block body with the highest bid. That makes it highly possible for a builder to be malicious without economic disadvantages. Also, there can be loopholes to avoid slashing, like using a secondary proposer to get the bundle and then using the primary to propose the block, thereby avoiding double signing. Regardless, even in the best/worst case, the initial slashing penalty is 1 ETH ($1800). $25 million profit for $1800 penalty? Sure, anyone will take that trade. The economic incentives are broken here, and it was only working due to a gentlemen’s agreement not to do bad (let a victim be sandwiched). Everything happened in a single block, block 16964664.


As a result of a series of transactions, the validator hacker had managed to steal a whopping $25 million from the unlucky MEV bots. Stolen funds which include 7.461 WETH ($13.4 million), 5.3 million USDC ($5.2 million), 3 million USDT ($3 million), 65 WBTC ($1.8 million), and 1.7 million DAI ($1.7 million), are held in these Ethereum addresses;

  1. 0x3c98d617db017f51c6a73a13e80e1fe14cd1d8eb ($19.9 million)
  2. 0x5B04db6Dd290F680Ae15D1107FCC06A4763905b6 ($2.3 million)
  3. 0x27bf8f099Ad1eBb2307DF1A7973026565f9C8f69 ($2.9 million)

Several conversations have sprung up about the fate of MEV bots going forward, the potential implications on Flashbots’ penalties for rogue investors, and the hierarchy order of these intricate food chain of crypto’s wild west. Whatever the case, it was fun to see the hunter, hunted and killed. 

Leave a Reply