MEVbots backdoor drains users’ Ethereum funds via arbitrage trading bot
MEV gain, an Ethereum (ETH) arbitrage trading bot built by MEVbots, which claims to provide stress-free passive income, has been actively draining its users’ funds via a fund-stealing backdoor.
Arbitrage bots are programs that automate trading for profits based on historical market information. An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users' wallets.
Our analysis confirms what the @mevbots promotes for the so-called "MEV gain" has a fund-stealing backdoor. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4
— PeckShield Inc. (@peckshield) September 23, 2022The scam was first pointed out by Crypto Twitter’s @monkwithchaos and later confirmed by blockchain investigator Peckshield.
Suspect account @chemzyeth promoting MEV services. Source: Google cacheFollowing the revelation, primary promoter of MEV @chemzyeth disappeared from the internet.
@chemzyeth's Twitter account deleted after community callout. Source: TwitterPeckshield further confirmed that at least six users had fallen victim to the backdoor attack.
Transaction of stolen funds from MEV gain's fund-stealing backdoor. Source: PeckshieldHowever, considering that the contract is still active, at least 13,000 unwary followers of MEVbots on Twitter remain at risk of losing their funds.
Related: ETHW confirms contract vulnerability exploit, dismisses replay attack claims
Carrying forward the success of scalability-focused layer-2 solutions, Ethereum co-founder Vitalik Buterin shared his vision for layer-3 protocols. He stated:
“A three-layer scaling architecture that consists of stacking the same scaling scheme on top of itself generally does not work well. Rollups on top of rollups, where the two layers of rollups use the same technology, certainly do not.”One of the use cases for layer-3 protocols, according to Buterin, is “customized functionality” — aimed at privacy-based applications which would utilize zk proofs to submit privacy-preserving transactions to layer 2.