PeckShield’s tweet reads, “Our analysis confirms what the @mevbots promotes for the so-called "MEV gain" has a fund-stealing backdoor. Do *NOT* fall prey to it.“
An investigation into MEVbots’ arbitrage trading bot uncovered the existence of a backdoor that allows random addresses to siphon Ethereum funds.
Arbitrage trading bots are programs that compare crypto prices between exchanges and execute orders to profit from the price differences. Due to differences in investor demand, the prices of crypto can vary between exchanges. These automated bots can place buy and sell orders to capitalize on price variations.
Last month, MEVbots released its arbitrage trading bot, MEV gain. The bot is compatible with Uniswap's pools and runs on Ethereum pairs. It promises an ROI of 7-9% daily and requires users to connect their MetaMask wallets.
Twitter user @monkwithchaos revealed the bot’s contract contains a backdoor using which its creators can steal Ethereum assets from users’ wallets.
On-chain sleuth ZachXBT claimed they called out to MEVbots in July. According to them, MEVbots was earlier called MEVtech, with Nuri as its profile name.
After charging 1 ETH for the bot, Nuri would drain users’ funds after they run it on their systems. The firm would then launder the stolen funds via Tornado Cash. ZachXBT reported two victims lost ETH tokens worth $44M in July.
As a result, blockchain security firm PeckShield investigated MEV gain's contract. The firm's analysis confirmed @monkwithchaos' findings.
PeckShield’s investigation also revealed that at least 5.37 ETH were stolen from six wallets within the last few hours.