Tether has blacklisted an address—nicknamed "Sandwich the Ripper"—which holds $3 million in USDT after it was linked to an MEV exploit on April 3.
Blacklisted addresses are frozen from moving Tether funds from their wallet meaning the $3 million USDT is now essentially void.
Don't feel too sorry for the exploiter though as the address still holds $14.3 million in Wrapped Ethereum (WETH) and over $3.6 million in other assets.
This was part of a wider MEV exploit from last week that saw roughly $25 million in total funds stolen mainly located in three addresses. The blacklisted address held the majority of these funds with approximately $20 million.
MEV, which stands for maximal extractible value, refers to the maximum value that can be extracted from block production by including, excluding, or changing the order of transactions within a block.
An example of this is so-called sandwich trading where an MEV extractor will attempt to make profit on a pending transaction—that will affect the price of the traded pair—by buying and selling the pair before and after the pending transaction.
What was the MEV exploit?
During last week’s multi-million-dollar exploit, several bots were attempting to take advantage of a sandwich trade. They were searching the mempool for pending transactions that would affect the price of trading pairs, attempting to make a profit from the transaction.
Mempool—otherwise known as memory pool—is a list of pending transactions waiting for validation.
The bots then buy coins before the pending transaction is validated and then sell those coins after the transaction is processed, selling them for the higher price caused by the previously pending transaction.
Miners are the oft-unacknowledged heroes of the Ethereum blockchain. They process user transactions, add blocks to the chain, and help keep the whole enterprise running by competing to solve cryptographic puzzles.
While they're rewarded with 2 ETH (about $4,000 at current prices) plus transaction fees for any block they're able to mine, they can often bag more.
The catch: To do so, they have to tinker with your transactions.
What Will Happen to Ethereum Miners After ETH 2.0?
Welcome to the world...
In this case, however, someone sent a transaction to bait the bots to attempt a sandwich trade, thinking there was profit to be made.
"However, the attacker had found a bug in mev-boost-relay and the attacker exploited this bug by being the validator of this block," a spokesperson from PeckShield told Decrypt via Telegram. "The attacker replaced the sandwich bot's second transaction with his/her own transaction to make a profit."
The attacker successfully executed the exploit to the tune of roughly $20 million. The mev-boost-relay bug has since been patched.
Still, roughly $3 million of that haul has been lost for as long as Tether's ban remains.
Tether adds another address to its list
This is just the latest in a long line of stablecoin blacklistings, with Tether—the largest stablecoin provider—banning a huge 865 addresses holding a total of 456 million USDT.
"Tether routinely works with law enforcement agencies around the world as part of our commitment to cooperation, transparency, and accountability," a Tether representative told Decrypt. "We respect official requests to temporarily freeze funds and are proud of our role as industry leaders in promoting cooperation between industry and government authorities."
Similarly, Circle has banned 159 wallets from trading its USDC stablecoin, locking 8.6 million USDC.
This issue has only worsened in the last three years, with Tether having only blacklisted 39 addresses as of July 2020—that's an average of 275 banned addresses per year.
"This means that, from a purely code standpoint, the owner of the USDT contract can blacklist any address, effectively freezing that account’s funds," a smart contract engineer at Immunefi Gonçalo told Decrypt via email. "Historically, this function has been used to freeze USDT assets in accounts involved with exploit events."
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Curve Finance founder Michael Egorov told Decrypt that "for-hire" hackers are coordinating cross-platform attacks, making it increasingly difficult to secure DeFi projects.
One example is the DNS attack on Curve Finance last month. The decentralized finance protocol's front-end website was compromised, allowing attackers to redirect users to a malicious site.
"Different hackers could coordinate efforts across platforms, compromising them at the same time for greater impact and profit," Egorov to...
HYPE, the native token of Hyperliquid, was a standout performer among altcoins in May, as traders flocked to the decentralized exchange’s perpetual futures offering, according to a report published by asset manager Grayscale on Monday.
HYPE was recently changing hands around $37.72, a 14% increase over the past day, according to crypto data provider CoinGecko. Over the past 30 days, the token’s price has soared 80%. HYPE reached an all-time high of $39.68 just over a week ago.
“Hyperliquid has s...
Publicly traded real estate tech company DeFi Development Corporation further intensified its rapidly growing commitment to Solana with the creation of a liquid staking token alongside a collaboration with Kamino Finance, a leading DeFI protocol in Solana’s ecosystem.
The liquid staking token or LST, called dfdvSOL—which was created with LST platform Sanctum—allows users staking Solana (SOL) via the DeFi Development Corp. validator group to maintain liquidity while their native Solana tokens ar...
