Finance
Share this article

Ethereum Bot Gets Attacked for $20M as Validator Strikes Back

The incident raises questions about whether validators can be trusted, one former member of the Ethereum Foundation said.

By Oliver Knight
Updated May 9, 2023, 4:11 a.m. Published Apr 3, 2023, 10:56 a.m.
jwp-player-placeholder

One of the major Ethereum MEV bots has been targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.

MEV is an acronym for "maximal extractable value," which is a method validators use to try to maximize their profits when they validate transactions by including, excluding or changing the order of transactions in a block.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The attack happened all within one Ethereum block, with blockchain auditor OtterSec saying a validator appeared to force a series of transactions into the block to steal funds the bot had planned to gain by front-running. A validator is responsible for processing transactions and creating new blocks on the blockchain.

The attack has the potential to transform the MEV ecosystem because MEV extractors will be wonder "which Ethereum validators are malicious," former Ethereum Foundation member Hudson Jameson said in a tweet.

MEV flashbots use a technique called "sandwich attacks" to steal value from users by sending transactions just before and after a victim sends his or her own. This is a malicious way of manipulating the underlying price of the asset so that the bot can steal the price difference from the user.

In this case, OtterSec added that the validator responsible for causing the attack had funded his wallet more than two weeks ago from privacy layer Aztec Network, suggesting that it was a planned attack.

Blockchain sleuth Peckshield revealed that the $20 million in stolen funds are spread across three wallets, with eight linked addresses being originally funded from Indian crypto exchange KuCoin.

Ethereum NewsMEVDeFiBotsAttacks

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Stripe Acqui-Hires Crypto Payments Startup Valora, Venturing Further Into Stablecoins

By Krisztian Sandor|Edited by Cheyenne Ligon
1 hour ago
Stripe co-founder Patrick and John Collison (Stripe)

The team behind the Celo-based app is joining Stripe, while the intellectual property is returned to cLabs.

What to know:

  • The team behind Valora, a crypto payments app, is joining Stripe to advance its blockchain and stablecoin integration.
  • Stripe recently acquired crypto firms Bridge and Privy, and is developing with Paradigm the Tempo blockchain for stablecoin payments.
  • Valora, built on the Celo network, became a standalone company in 2021 after raising $20 million.
Read full story