QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$2 000 000 USD
JUNE 2025
GLOBAL
NONE
DESCRIPTION OF EVENTS
A MEV bot (Miner Extractable Value or Maximal Extractable Value bot) is a program that operates on blockchain networks like Ethereum to profit from the way transactions are ordered within blocks. These bots exploit inefficiencies in the blockchain's transaction execution process by front-running, back-running, or sandwiching other users' transactions. MEV bots scan pending transactions and insert their own in a way that can extract value, often at the expense of regular users. This can include arbitrage between decentralized exchanges or manipulating DeFi protocols.
This particular exploited MEV Bot was created on May 10th, 2025. The MEV bot creator doesn't appear to be published.
Unfortunately a vulnerability existed in the smart contract code.
The exploit involves an arbitrary call vulnerability in the fallback function of contract 0xb5cb...4a87, which allows it to execute unauthorized external calls. The attacker used this vulnerability to call the 0x0243f5a2() function on the victim contract 0xb5cb...e1b0, a function that normally requires strict access control. However, due to a prior transaction that mistakenly granted 0xb5cb...4a87 permission, the attacker was able to bypass access restrictions and exploit the victim contract.
TenArmor reports "an approximately loss of $1.1M" initially, and due to "[a]nother two attack t[ransactio]ns", later revised this to a "total loss [of] about $2M". SlowMist reported "losses of approximately $2 million".
The attack was noticed by both TenArmor and SlowMist. It is unclear what reaction the MEV Bot creator may have had.
It is unclear if anything was done to trace or recover the funds.
There is limited information about whether any investigation is underway.
A MEV bot, created on May 10, 2025, to exploit transaction ordering on Ethereum, was itself exploited due to a vulnerability in its smart contract. The flaw—an arbitrary call vulnerability in the fallback function of contract 0xb5cb...4a87—allowed an attacker to execute unauthorized calls, specifically to the protected 0x0243f5a2() function on victim contract 0xb5cb...e1b0. This was possible because a prior transaction had mistakenly granted the vulnerable contract access. TenArmor initially reported a $1.1 million loss, later updating it to around $2 million after identifying additional attack transactions. SlowMist also reported a $2 million loss. The MEV bot creator remains unidentified, and there is little public information about any recovery efforts or investigations.
Attack Transaction 1 - BSCScan (Jul 21)
Exploiter BSC Address - BSCScan (Jul 21)
Attack Transaction 2 - BSCScan (Jul 21)
Attack Transaction 3 - BSCScan (Jul 21)
Smart Contract Permissions Granted - BSCScan (Jul 21)
TenArmor - "Our system has detected a suspicious attack involving #MEV bot 0xb5cb on #BSC, resulting in an approximately loss of $1.1M." - Twitter/X (Jul 21)
MEV Bot Contract - BSCScan (Jul 21)
MEV Bot Contract Creation - BSCScan (Jul 21)
Ethereum Foundation’s explanation of MEV (Jul 21)
Flashbots (a major MEV research group) Documentation (Jul 21)
What Is MEV and Why It Matters - CoinDesk (Jul 21)
