Wednesday, May 22, 2024

Hackers Stealing More Than $280 Million Per Month From Crypto Transactions

Due to new traders and an unbelievable increase in value, recently, the decentralized crypto market witnessed extensive penetration. Here the main reason behind this huge influx is the recent unexpected price hikes of bitcoin and Ether.

Moreover, the report of May 2021 has shown that in total more than $58 billion of cryptocurrencies were exchanged across decentralized exchanges (DEXes).

Unlike Coinbase or Binance, the DEXes are fully decentralized, in short, the decentralized exchanges are not operated by any individual entity, here, you can get full control of your funds, transactions, and account.


In decentralized exchanges (DEXes) all the cryptocurrency transactions that are made, remain open to all, since the decentralized exchanges (DEXes) are not operated by any individual entity, and this is known as “mempools.”

Now here comes the role of front-runners; to loot others’ profit, the front-runners lure or target the naive traders and make them pay extra for their transactions.

Before the completion of others’ transactions on the blockchain, the front-runners can exploit the pending transactions data to jump in with their own; and to do so, they use several techniques since they have access to the mempools.

In general, all the incoming transactions remain locked into a smart contract in decentralized exchanges, but, due to public blockchain technologies the front-runners get access to the mempools and as a result, they can see all the incoming transactions that are locked into a smart contract.

Front-runners or Hackers Steal More than $280 million

The front-runners borrow a higher transaction fee from the innocent traders for placing the order as soon as they see an opening, by skipping the queue with the help of their bots.

In short, here the normal trader becomes the victim of these front-runners, and ultimately they bear hefty losses, as reported by CyberNews.

By utilizing the MEV Explore and MEV Inspect tools of Flashbots the security researchers at CyberNews have claimed that they have managed to discovered the magnitude of the losses induced by the front-runners.

They selected the time frame of 30 days, which is from April 24 to May 24, between this time frame, they have extracted drained value and all the key details.

In their investigation, they found that each day from the overall transactions the front-runners have hacked illicit profit of $12 million. In short, the hackers have hacked $280 million, a hefty amount of monthly revenue from traders, resulting in billions of dollars on a yearly basis. 

Most affected decentralized exchanges

The researchers have listed the most affected decentralized exchanges from where the hackers have extracted millions:-

  • Uniswap: Hackers drained 43%
  • SushiSwap: Hackers drained 23%
  • Balancer: Hackers drained 11%
  • Curve: Hackers drained 8.8%
  • dYdX: Hackers drained 7.7%
  • Other exchanges: Hackers drained 6.5%

Front-running – A big threat to DEXes

Since there’s a lack of mitigating tools or mechanisms, the front-running could be a big unaddressed threat to the DEXes. Eventually, this situation is steadily slow posing the entire ecosystem of decentralized finance.

However, for now, the security experts at CyberNews have strongly recommended the traders to avoid placing the high-value trades on any decentralized exchanges to avoid big losses.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles