Author: Frank, PANews
The world is suffering from MEV for a long time. Despite the complaints, MEV robots have not been restricted. Instead, they continue to accumulate wealth through the “sandwich attack”.
On June 16th, a researcher named Ben exposed on social media an MEV robot with an address starting with arsc, which earned over 30 million USD in just 2 months. PANews conducted a thorough analysis of the behavior and operations of this MEV robot to understand how it achieved millions in wealth.
Building a fortune through indiscriminate attacks
The “sandwich attack” is a market manipulation strategy where attackers insert their own transactions in blockchain trades to profit from the price changes caused by victim transactions.
Due to the limitations of the Solana browser, we could only capture the transactions of arsc from April 21st, 15:38 to 16:00, totaling about 20 minutes. During this time, the robot made 494 transactions, increasing its initial balance of 449 SOL to 465 SOL. In just 20 minutes, arsc earned 16 SOL through the sandwich attack, translating to approximately 1152 SOL per day or 17.28 million USD at the time’s price of around 150 USD.
PANews analyzed the last 100 transactions of arsc and found that on average, it invested about 6990 USD per transaction, earning an average of 38 USD with a return rate of approximately 3.44%. Orders ranged from 43 USD to 160,000 USD, with higher-value orders resulting in higher profits. For a 160,000 USD order, the profit per transaction reached 1200 USD.
With increasing capital, arsc’s profit speed steadily increased. On April 22nd, it made 492 attacks within half an hour, earning 63 SOL, doubling its daily profit to around 3000 SOL. In a documented 2-month period, arsc accumulated 209,500 SOL, averaging 3800 SOL per day or approximately 570,000 USD daily, surpassing the recent success of the MEME coin issuance platform Pump.fun.
Attacker as a major staker of super validators
After earning through sandwich attacks, the address transferred 209,500 SOL, valued at approximately 31.425 million USD, to another address. Subsequently, this address transferred 124,000 SOL to Ai4z, which converted the SOL tokens to USDC through a decentralized exchange.
Additionally, Ai4z staked its SOL with several Solana validators, including Laine, Jito, Pumpkin’s, Jupiter, Marinade, and Blazestake. Laine had the largest stake of 190,000 SOL, with Ai4z being the top individual staker, holding 5.73%, second only to a major exchange’s largest holding address. Laine’s tokens grant staking rights issued by validators, offering users voting privileges and DeFi earnings. While there is no evidence of a direct relationship between Laine and the attacker, their interests are somewhat aligned. Laine is a significant Solana validator and was a key supporter of allocating 100% priority fees to validators.
The persistent sandwich attacks on Solana
MEV on Solana is relatively new. Before the introduction of the MEV reward protocol Jito, MEV data on Solana was negligible. Presently, over 66% of validators run the Jito-Solana client, allowing users to pay additional tips to prioritize bundled transactions. Jito also operates a mempool for sandwich attackers to monitor user transactions. While Jito temporarily closed the mempool in March to reduce sandwich attacks, MEV robots could still monitor transactions through an RPC node.
MEV has its advantages in preventing spam attacks and maintaining blockchain health. However, Solana’s current system of user transaction monitoring and fee payers’ ability to bundle transactions leaves loopholes for sandwich attacks.
Solana Foundation previously announced the removal of over 30 validators involved in sandwich attacks on June 10th. However, this governance measure seems ineffective. Investigation of arsc’s transactions revealed that it frequently chose large validators like Laine, Jito, and Jupiter for sandwich attacks. The attacker’s activities continued until June 14th, seemingly unaffected by Solana Foundation’s punitive measures.
Legal repercussions of sandwich attacks
Are sandwich attacks risk-free arbitrage? The answer is no, as previous cases suggest legal risks associated with such exploitation.
In May, the US Department of Justice arrested the Pepaire-Bueno brothers for allegedly using a complex arbitrage robot on Ethereum to steal 25 million USD in cryptocurrency.
Perhaps considering the legal risks, arsc has seemingly halted sandwich attacks and is attempting to conceal past attacks by refreshing Solana browser records with thousands of small transactions. However, the assets associated with the address remain on-chain and have not been transferred to any centralized exchange.
Currently, arsc’s predatory behavior has sparked public outrage, with hundreds of tweets on Twitter urging to track down the individuals behind the address. In the near future, the moment this mysterious attacker is exposed could also be the moment they face severe legal consequences.
