QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$210 000 USD
APRIL 2025
GLOBAL
NONE
DESCRIPTION OF EVENTS
"An MEV bot on Ethereum is a trading bot that exploits maximal extractable value. This is the maximum profit that can be extracted from block production. This is done by reordering, inserting or censoring transactions within a block.
The bot observes Ethereum’s pool of pending transactions and looks for potential profits. These bots can do front-run, back-run, or sandwich transactions. This makes the bots very controversial as they steal value from regular users during high periods of volatility or congestion. "
The MEV bot had a vulnerability which allowed a fake/dummy token to be swapped for all of the ethereum in the bot.
"address: 0x49e27d11379f5208cbb2a4963b903fd65c95de09"
"a lack of access control."
"Attacker was able to make vulnerable MEV to call Uni PoolManager.unlock, which triggered unlockCallback from the MEV bot, which got maliciously instructed to swap all the ETH MEV bot had for dummy token via a Pool which was created by attacker in the same tx. (1/3)"
"It appears that the function 0x051e65ae() lacks proper parameter validation and was tricked into performing a two-hop swap using a pool created by the attacker. Worse still, the malicious token was somehow set as the recipient in the second swap, resulting in a loss of 117 ETH!"
"Threat researcher Vladimir Sobolev, also known as Officer’s Notes on X, told Cointelegraph that an attacker exploited a vulnerability in the bot, causing it to swap its ETH to a dummy token.
Sobolev said this was done through a malicious pool created by the attacker within the same transaction. The threat researcher added that this could have been prevented if the MEV owner implemented stricter access controls."
"attack tx was executed via private mempool, tactic which is employed by black hats more and more frequently."
"approximately 116.7 ETH"
Blockchain: 116.782684444757422875 ETH
"Just 25 minutes into the exploit, the MEV’s owner proposed a bounty to the attacker. The owner then deployed a new MEV bot with stricter access control validation."
The hacker was offered a bounty and the MEV bot was redeployed with stricter security within an hour.
It does not appear that the attacker has responded in any way.
It does not appear there is any likelihood of recovering the funds.
An MEV (Maximal Extractable Value) bot on Ethereum, which profits by manipulating transaction order within blocks, was exploited due to a critical vulnerability stemming from poor access control. The attacker created a malicious token and a fake liquidity pool within the same transaction, tricking the bot into swapping all its ETH—about 116.78 ETH—for the worthless token. This was achieved by exploiting a poorly validated function and using a private mempool to avoid detection. Despite the bot’s owner quickly offering a bounty and redeploying a more secure version, the attacker has not responded, and the stolen funds are unlikely to be recovered.
SlowMist - "We have detected that a MEV bot 0x49e27d11379f5208cbb2a4963b903fd65c95de09 has lost 116.7 ETH due to the lack of access control." - Twitter/X (May 16)
Vladimir S - "A MEV bot 0x49e27d11379f5208cbb2a4963b903fd65c95de09 has lost 116.7 ETH due to the lack of access control - (May 16)
@SlowMist_Team" - Twitter/X (May 16)
MEV / Sandwich / Front-run & Back-run - Graph.org (May 16)
MEV bot loses $180K in ETH from access control exploit - CoinTelegraph (May 16)
"Ugh, that one hurts. Can we talk? Happy to offer a bounty ..." - MEV Bot To Exploiter (May 16)
Exploit Transaction Takes 116.782684444757422875 ETH - Etherscan (May 16)
First Malicious Smart Contract Deployed - Etherscan (May 16)
Second Malicious Smart Contract Deployed - Etherscan (May 16)
Ye (muststopye) - "Attacker was able to make vulnerable MEV to call Uni PoolManager.unlock, which triggered unlockCallback from the MEV bot, which got maliciously instructed to swap all the ETH MEV bot had for dummy token via a Pool which was created by attacker in the same tx." - Twitter/X (May 16)
Ten Armor - "Our system has detected that a MEV bot on #ETH was exploited, resulting in an approximately loss of $180K." - Twitter/X (May 16)
