‘Sandwich the Ripper’ MEV Exploiter Joins Tether’s Graveyard of Blacklisted Addresses

Frontrun MEV bots and you'll get banned.

Tether has blacklisted an address—nicknamed "Sandwich the Ripper"—which holds $3 million in USDT after it was linked to an MEV exploit on April 3.

Blacklisted addresses are frozen from moving Tether funds from their wallet meaning the $3 million USDT is now essentially void.

Don't feel too sorry for the exploiter though as the address still holds $14.3 million in Wrapped Ethereum (WETH) and over $3.6 million in other assets.

This was part of a wider MEV exploit from last week that saw roughly $25 million in total funds stolen mainly located in three addresses. The blacklisted address held the majority of these funds with approximately $20 million.

ETH

+3.06%$1,852.45

---

24H7D1M1YMAX

Price data by

ETH price

MEV, which stands for maximal extractible value, refers to the maximum value that can be extracted from block production by including, excluding, or changing the order of transactions within a block.

An example of this is so-called sandwich trading where an MEV extractor will attempt to make profit on a pending transaction—that will affect the price of the traded pair—by buying and selling the pair before and after the pending transaction.

What was the MEV exploit?

During last week’s multi-million-dollar exploit, several bots were attempting to take advantage of a sandwich trade. They were searching the mempool for pending transactions that would affect the price of trading pairs, attempting to make a profit from the transaction.

Mempool—otherwise known as memory pool—is a list of pending transactions waiting for validation.

The bots then buy coins before the pending transaction is validated and then sell those coins after the transaction is processed, selling them for the higher price caused by the previously pending transaction.

How Ethereum Miners Could Exploit the Network and How to Fix It

Miners are the oft-unacknowledged heroes of the Ethereum blockchain. They process user transactions, add blocks to the chain, and help keep the whole enterprise running by competing to solve cryptographic puzzles. While they're rewarded with 2 ETH (about $4,000 at current prices) plus transaction fees for any block they're able to mine, they can often bag more. The catch: To do so, they have to tinker with your transactions. What Will Happen to Ethereum Miners After ETH 2.0? Welcome to the world...

In this case, however, someone sent a transaction to bait the bots to attempt a sandwich trade, thinking there was profit to be made.

"However, the attacker had found a bug in mev-boost-relay and the attacker exploited this bug by being the validator of this block," a spokesperson from PeckShield told Decrypt via Telegram. "The attacker replaced the sandwich bot's second transaction with his/her own transaction to make a profit."

The attacker successfully executed the exploit to the tune of roughly $20 million. The mev-boost-relay bug has since been patched.

Still, roughly $3 million of that haul has been lost for as long as Tether's ban remains.

Tether adds another address to its list

This is just the latest in a long line of stablecoin blacklistings, with Tether—the largest stablecoin provider—banning a huge 865 addresses holding a total of 456 million USDT.

Similarly, Circle has banned 159 wallets from trading its USDC stablecoin, locking 8.6 million USDC.

This issue has only worsened in the last three years, with Tether having only blacklisted 39 addresses as of July 2020—that's an average of 275 banned addresses per year.

"This means that, from a purely code standpoint, the owner of the USDT contract can blacklist any address, effectively freezing that account’s funds," a smart contract engineer at Immunefi Gonçalo told Decrypt via email. "Historically, this function has been used to freeze USDT assets in accounts involved with exploit events."