Friday, December 1, 2023

Hackers Stealing More Than $280 Million Per Month From Crypto Transactions

Due to new traders and an unbelievable increase in value, recently, the decentralized crypto market witnessed extensive penetration. Here the main reason behind this huge influx is the recent unexpected price hikes of bitcoin and Ether.

Moreover, the report of May 2021 has shown that in total more than $58 billion of cryptocurrencies were exchanged across decentralized exchanges (DEXes).

Unlike Coinbase or Binance, the DEXes are fully decentralized, in short, the decentralized exchanges are not operated by any individual entity, here, you can get full control of your funds, transactions, and account.


In decentralized exchanges (DEXes) all the cryptocurrency transactions that are made, remain open to all, since the decentralized exchanges (DEXes) are not operated by any individual entity, and this is known as “mempools.”

Now here comes the role of front-runners; to loot others’ profit, the front-runners lure or target the naive traders and make them pay extra for their transactions.

Before the completion of others’ transactions on the blockchain, the front-runners can exploit the pending transactions data to jump in with their own; and to do so, they use several techniques since they have access to the mempools.

In general, all the incoming transactions remain locked into a smart contract in decentralized exchanges, but, due to public blockchain technologies the front-runners get access to the mempools and as a result, they can see all the incoming transactions that are locked into a smart contract.

Front-runners or Hackers Steal More than $280 million

The front-runners borrow a higher transaction fee from the innocent traders for placing the order as soon as they see an opening, by skipping the queue with the help of their bots.

In short, here the normal trader becomes the victim of these front-runners, and ultimately they bear hefty losses, as reported by CyberNews.

By utilizing the MEV Explore and MEV Inspect tools of Flashbots the security researchers at CyberNews have claimed that they have managed to discovered the magnitude of the losses induced by the front-runners.

They selected the time frame of 30 days, which is from April 24 to May 24, between this time frame, they have extracted drained value and all the key details.

In their investigation, they found that each day from the overall transactions the front-runners have hacked illicit profit of $12 million. In short, the hackers have hacked $280 million, a hefty amount of monthly revenue from traders, resulting in billions of dollars on a yearly basis. 

Most affected decentralized exchanges

The researchers have listed the most affected decentralized exchanges from where the hackers have extracted millions:-

  • Uniswap: Hackers drained 43%
  • SushiSwap: Hackers drained 23%
  • Balancer: Hackers drained 11%
  • Curve: Hackers drained 8.8%
  • dYdX: Hackers drained 7.7%
  • Other exchanges: Hackers drained 6.5%

Front-running – A big threat to DEXes

Since there’s a lack of mitigating tools or mechanisms, the front-running could be a big unaddressed threat to the DEXes. Eventually, this situation is steadily slow posing the entire ecosystem of decentralized finance.

However, for now, the security experts at CyberNews have strongly recommended the traders to avoid placing the high-value trades on any decentralized exchanges to avoid big losses.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...

Zyxel Command Injection Flaws Let Attackers Run OS Commands

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products,...

North Korean Hackers Attacking macOS Using Weaponized Documents

Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution...

Most Popular Websites Still Allow Users To Have Weak Passwords

The latest analysis shows that tens of millions of people are creating weak passwords...

Chrome Zero-Day Vulnerability That Exploited In The Wild

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles