- MEV, the practice of rearranging transactions for profit, has become a more visible concern in recent months.
- Analysis of over 270,000 MEV bot attacks suggests smaller retail investors are disproportionately affected.
Shadowy coders who rearrange transactions on Ethereum have raked in more than $77 million in the last month alone, and it’s smaller retail investors who are getting hit the most.
That’s according to a recent data analysis by lekos, a pseudonymous data analyst looking into the victims of MEV — or maximal extractable value — attacks. Lekos analysed over 270,000 attack transactions since the start of the year and found that transactions of $2,000 or less were disproportionately affected.
”Traders are consistently being beaten up in the public mempool on Ethereum,” Caleb Sheridan, a developer at Eden Network, a platform devoted to minimising the negative effects of MEV, told DL News. The mempool is like a waiting room for transactions before they are confirmed.
He explained what’s driving the rise in such sandwich attacks: “There has been a rise in sandwich attacks recently because the latest trend for new token launches often includes comically small liquidity depth,” he said.
“This data shows that even small trades are at risk of abuse.”
In an effort to deeply understand who the main targets of mev attacks are and how they behave, I studied ~270,000 sandwich transaction carried out YTD and I want to show you some results. This is the attacker vs victim volumes chart. pic.twitter.com/17Apb9rwuz
— lekos (@ponzinomics21) May 23, 2023
MEV, the practice of rearranging transactions for profit, has become a more visible concern in recent months. In April, a MEV bot known as jaredfromsubway.eth syphoned millions from DeFi users trading the Pepe memecoin as it soared to a market capitalisation of over $1.5 billion.
“It’s interesting to see that those smaller, probably more average, less sophisticated actors seem to be affected disproportionately and more frequently by sandwich attacks,” Luis Bezzenberger, a product manager at Project Shutter, an anti-MEV solution, told DL News.
Sandwich attacks
Sandwich attacks are one of the most common types of MEV. Trading bots conducted them by scanning the Ethereum network for users buying a token and then jumping the queue and placing a large order ahead of them, bumping up the price.
After the victim’s trade is processed, increasing the price further, the bot sells the tokens for a new higher price.
When liquidity is low, traders must set their slippage — the difference between the expected price of a trade and the price it executes at — higher than normal to make sure their transactions go through. When a trader sets high slippage, it makes it much easier for an MEV bot to target them.
NOW READ: Bitcoiner Jimmy Song just won a $1.9m bet on Ethereum — or did he?
While MEV often extracts value from unassuming traders, it also serves the wider Ethereum DeFi ecosystem by ensuring that price inefficiencies are corrected quickly. For example, MEV bots competing to be the first to profit from arbitrage opportunities between decentralised exchanges results in speedy price corrections.
Unexpected results
But it’s not just users trading low liquidity memecoins like Pepe who are targeted by MEV bots. According to lekos, attacks on stablecoins and Ether liquid staking tokens represent over 5% of overall attacks.
“This is unexpected because it means that even if liquidity on these coins is really high, a lot of people naively swap enormous amounts of money in single swaps and get huge slippage — and losses,” he said.
Another unexpected result is that the MEV bots themselves often lose money by trying to attack transactions.
“Part of the attacks have ‘negative losses’ as in, the attacker paid a worse price than the victim,” lekos said. “This is unexpected too, as this means that the attack has gone wrong because either some other entity entered the trade or some other shenanigan.”
NOW READ: How a Harmony grant programme became a ‘money-grab’ for Blu3 DAO members
Often, several MEV bots run by different parties compete against each other to attack a single trade. When this happens, it often becomes a winner takes all situation where only one bot profits at the expense of the others — and the victim sending the transaction in the first place.
Bezzenberger also said that he didn’t expect that such a high number of MEV bots attacks lost money. “[It] highlights the inherent risk for the attackers themselves, showing that these attacks can backfire,” he said.