Skip to content

Tether Blacklists Validator Address after $25 Million MEV Bot Hack

In early April, a significant hack targeted MEV bots, resulting in the withdrawal of $25 million through an exploited vulnerability. Tether later took action by blocking the address of the validator responsible for the withdrawal.

Tether logo and MEV bot.

$25m Stolen by Exploiting MEV Bots

On April 3rd, a significant hack took place involving MEV bots resulting in the theft of $25 million worth of various crypto assets such as WBTC, USDC, USDT, DAI, and WETH. The attackers took advantage of a vulnerability in a technique known as the "sandwich attack". To better understand the situation, it's crucial to have an understanding of what "MEV" and the "sandwich attack" refer to.

MEV is short for Maximal Extractable Value (formerly Miner Extractable Value). What does this mean? This is an indicator that shows the profit of a miner (or validator) from including, excluding or changing the order of transactions in the block being created.
"Sandwich attack" refers to a fraudulent tactic that involves placing two orders (before and after a target transaction) to manipulate the price of assets in favor of the attacker. By executing both "advancing" and "rolling back" transactions, the target transaction becomes sandwiched between them.

Certik Alert, which researches blockchain security, reported that a fraudulent validator, with the help of several MEV bots, performed sandwich trades. The strategy involved initiating the exchange of large amounts of tokens for a relatively small number of tokens, followed by the immediate reversal of the transactions by the validator.

It is worth noting it is not the first time that MEV bots are hacked. We wrote about it last year, when MEV bots were used to hack one million dollars.

Tether Blocked the Hacker

The recent events surrounding the MEV bot attack have piqued our interest for several reasons. Of particular note, it was revealed on April 11 that Tether had taken action by blocking the validator's address responsible for the hack, which resulted in the hacker receiving 3 million USDT. The significance of this move by Tether was not lost on the crypto community, causing a ripple of reactions and discussions.

Many users believe that such actions by Tether contradict the principles of decentralization. For example, Jaynti Kanani, the co-founder of Polygon, described the situation as a "bad precedent" on Twitter.

ZachXBT, a network researcher, suggested that the blocking is due to the fact that Tether has a task on this matter from law enforcement agencies. However, Artur, an engineer at Kraken, stressed that in this case, the attacker had time to withdraw assets because the blocking did not happen immediately.

It seems that this is a very important point because there have been instances where people turned to USDT due to violations of the principles of decentralization by other stablecoin issuers. For example, blocking addresses associated with the Tornado Cash mixer, which Circle implemented, led to distrust on the part of users, and they began to exchange their USDC in a hurry. However, it is worth remembering that Tether has never declared its decentralization. Will the same happen to USDT? We will continue to Observe and keep you informed of any news on the matter!