Louisa Crawford
April 8, 2025 10:30
Ether Lee’s MEV (maximum extractable value) bot lost 116.7 ETH (~ $ 180,000) after the attacker used an important access control vulnerability.
According to a report by SlowMist, a blockchain security company on April 8, the maximum extractable value (MEV) of Etherum Blockchain lost about 116.7 ETH (about $ 180,000) after an attacker attacked critical access control vulnerabilities.
Use the details
Badness occurred when an attacker used weak access controls in MEV BOT’s smart contracts. According to VLADIMIR SOBOLEV, a threat researcher, known as an officer notes of social media platform X, the attacker made a malicious liquidity pool and exchanged the bot with a dummy token, effectively draining the funds in a single transaction, and executing an expense.
Sobolev explained that the vulnerability allows unauthorized interactions without limiting the bot’s critical function. He noted that this kind of exploit can be easily prevented by a more stringent access control mechanism.
Response and aftermath
25 minutes after the attack, the owner of the bot publicly proposed a bounty to the attacker to recover the stolen funds. The owner later distributed a new version of the bot with improved access control protection.
Sobolev compared this incident in April 2023 with a larger MEV Exploite, where the MEV bot, which ran out of the sandwich after the Rogue Validator manipulated the transaction, lost more than $ 25 million.
MEV bot and risk increase
The MEV bot is designed to extract profits from transactions, insertion or censorship in Etherrium blocks. Technologies such as front execution, back and sandwich attacks are generally used at the sacrifice of general users during network congestion or volatility periods. Although there is a controversial room, the MEV bot is widely used in the defect ecosystem.
However, as interest in MEV strategies increases, the risk of fraud increases for beginner users. Sobolev warned of the surge in fake MEV bot tutorials that circulate online, which includes malicious code or instructions that users seduce to profit promises, but attackers can access the victim’s wallet.
Security recommendation
Experts continue to emphasize the following importance.
Powerful smart contract access control implementation
MEV strategy audit before distribution
Avoid unidentified MEV bot tutorials and tools
As the defect environment develops, both developers and users must prioritize security and due diligence to avoid victims of more and more sophisticated threats.
Image Source: Shutter Stock