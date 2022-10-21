- The validator kept these costs for themselves after approving the trade.
A user of Ethereum seems to have fallen prey to an unusual attack. In a report published, blockchain security firm PeckShield claimed that an Ethereum user had been duped into paying gas costs equal to 121.56 ETH (about $155,443 as of this writing). The validator kept these costs for themselves after approving the trade.
It is presently unknown what exactly happened or how the vulnerability was used. PeckShield seems to think that MEV, the process of squeezing value out of transactions by switching their order while a block is being constructed, is involved in this assault. Through the use of Ethereum’s MEV-Boost relays, MEV strategists may profit from arbitraging these kinds of on-chain chances.
Unsolved Mystery
The transaction was handled by a Flashbots MEV-Boost relay. The most influential group in the MEV community, and a block-builder from builder0x69. However, the validator who delegated block production to the relay is connected to the Lido liquid staking protocol. However, it remains unknown as of this writing who of the parties involved is responsible. For driving up the gas charge to such an exorbitant level.
PeckShield’s tweets seem to indicate that they still consider the vulnerability active. The group quickly followed up its first post about the find with a statement claiming 24 unique addresses were “gaming for this type of rewards.” Fascinatingly, PeckShield went on to say that none of them were connected to Lido, indicating that the attackers could be using a different validator than they did in the first place. Ethereum has recently concluded the Merge, transitioning from Proof-of-work to Proof-of-stake.
