The attacker fooled the MEV bots and beat the market by several transactions.
Tether, the issuer of the leading stablecoin Tether (USDT), has blacklisted the wallet address of a hacker who stole $25 million worth of cryptocurrency using MEV bots in early April.
A cybercriminal dubbed "Sandwich the Ripper" hacked 8 Maximum Extractable Value (MEV) bots and used them to conduct a sandwich deal. MEV bots identify a request for a large purchase of an asset and get ahead of it. As a result of the transaction, the price of the asset rises, and the bot sells coins at a profit. MEV bots have become popular due to the fact that they efficiently select the most profitable transactions.
The hacker replaced the bot addresses in transactions with his own, as a result of which he received WBTC and WETH, as well as USDC, USDT and DAI for a total of about $25.4 million. According to Etherscan, at the time of blacklisting, the USDT address contained about 3 million USDT and other ERC-20 tokens for a total of $21M.