MEV Gain, an Ethereum (ETH), arbitrage trading bot created by MEVbots, has been actively draining its user’s funds via a fund-stealing Backdoor.
Arbitrage bots automate trading to make profits using historical market data. A look at MEVbots’ contract revealed that there is a backdoor that allows its creators to take Ether from its users’ accounts.
Our analysis shows that the “MEV Gain” promoted by @mevbots has a backdoor to fund-stealing. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4
— PeckShield Inc., (@peckshield), September 23, 2022
This scam was first discovered by Crypto Twitter’s @monkwithchaos, and then confirmed by Peckshield, a blockchain investigator.
@chemzyeth suspect account promoting MEV services. Source: Google cache
After the revelation, the primary promoter of MEV @chemzyeth vanished from the internet.
After a community callout, @chemzyeth’s twitter account was deleted. Source: Twitter
Peckshield confirmed that at most six people had been affected by the backdoor attack.
Transaction of stolen funds through MEV gain’s backdoor fund-stealing scheme. Source: Peckshield
Nevertheless, the contract is still in effect, so at least 13,000 Twitter followers of MEVbots are at risk of losing their funds.
Related: ETHW dismisses replay attack claims, confirms contract vulnerability exploit
Vitalik Buterin, Ethereum cofounder, shared his vision for layer-3 protocols to continue the success of layer-2 solutions that are scalable-focused. He said:
A three-layer scaling structure that involves stacking the same scaling schemes on top of each other is not recommended. Rollups on top rollups are not a good idea, especially if the two layers of rollups have the same technology.
Buterin says that layer-3 protocols can be used for “customized functionality”, which is privacy-based applications that use zk proofs in order to submit privacy-preserving transactions at layer 2.