‘Cryptographic performance art’ drains contract one block after launch

Lurking in Ethereum’s dark forest, hair-triggered MEV bots patiently lie in wait, each primed to pounce on all manner of prey before their competitors get a chance.

Be it a juicy high-slippage swap to put in a sandwich or plundering an improperly secured contract, generalized searchers are on the hunt for one thing only—profit.

Yesterday, just 12 seconds passed between the launch of a vulnerable token contract and the draining of the 5 ETH (approximately $12,000) contained within. 

Do not make mistakes when you deploy contracts! Backrun bots today can automatically hack any easy-to-hack contracts.

Someone just lost 5ETH because of an access control issue – a backrun bot hacked it in less than 12s after deployment. pic.twitter.com/aypkZvRIRK

— Chaofan Shou (@shoucccc) September 11, 2024

Read more: Aave hacked via periphery contract — $56K stolen from ‘tip jar’ 

The incident was spotted by Chaofan Shou, cofounder of crypto security analysis tool Fuzzland, who described the INUMI contract’s vulnerability as an “access control issue.”

The MEV bot, which goes by the ENS name bigbrainchad.eth, managed to include their attack transaction in the very next block following the target contract’s creation.

The Dark Forest

Bots hunt for MEV (maximal extractable value) by analyzing transactions submitted by other users and looking for ways to profit from them.

Frequently, this is by scanning Ethereum’s ‘mempool’ of pending transactions and frontrunning profitable moves by duplicating them using a higher gas payment (to ensure that the bot’s transaction will be included first).

This approach can be coupled with a ‘backrun’ transaction to create a sandwich attack on high-slippage swaps, often leaving the original user heavily out of pocket.

Backrunning can also be used less maliciously, cleaning up smaller arbitrage opportunities opened up by the price imbalances that follow swaps on decentralized exchanges (DEX).

More generalized bots, such as bigbrainchad.eth, however, are not limited to simple DEX trades and are now primed to take advantage of even more abstract opportunities, even if it means carrying out a hack to secure the bag.

Read more: Ethervista ‘unconsciously hacked’ hundreds of times by bot

But MEV bots can also, on occasion, find themselves the unlikely heroes of the darker days in DeFi. During last year’s chaotic hack of Curve Finance, a bot known as 0xc0ffebabe frontran an attack transaction for over $5M in ETH before returning the proceeds.

‘Cryptographic performance art’

Members of the MEV community were impressed by the sophistication of bigbrainchad.eth’s activities, though not for the reasons one might expect.

Despite noting that bots capable of draining a vulnerable contract have been around for some time, Flashbots’ Bert Miller was indeed wowed by the bot’s transaction hashes, which all begin with 0xbeef.

Every tx from this searcher has a hash starting with 0xbeef. Never seen anything like that before. https://t.co/PEI3sap9Sq pic.twitter.com/O72FghriqP

— @bertcmiller ⚡️🤖 (@bertcmiller) September 11, 2024

Read more: Bots are front-running bots front-running Base meme coins

‘Mining’ these vanity hashes for no other reason than to show off on Etherscan is an extra step and cost in what is already a knife-edge race against other searchers.

The ostentatious on-chain operator is clearly confident in their abilities, leading one observer to describe the flex as “cryptographic performance art.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel. Quotes in bold are our emphasis.