The LUNA governance token of the Terra’s UST algorithmic stable coin, lost its entire value within a month, triggering a significant turmoil in the crypto ecosystem, but more importantly, people's savings, homes, and even lives.
Giving confidence back is crucial, and adding more security can protect your assets and your entire organization and, in some cases, save your life.
The chart below shows the different types of attacks classified by the blockchain layer's vulnerabilities that hackers exploit.
There are more than 3000 VASPs (Virtual Assets Service Providers) by the definition of the FATF (Financial Action Task Force), organized into various categories: Crypto exchanges (CEX, DEX), Wallet providers, Decentralized Apps (Dapps), to name a few, and the miners.
The DeFi apps have suffered numerous attacks, and although they are implementing services from many blockchain security companies, these criminal activities are still happening.
Today, CyVers proposes you address one of the reasons criminals are still stealing your assets and the risk crypto companies and, more precisely, the risk miners pose to the crypto ecosystem.
As you may know, miners can make more profits through their ability to arbitrarily include, exclude, or reorder transactions from the blocks they produce.
The higher the fee is, the faster a transaction will be mined or validated-sequenced in an Ethereum-based blockchain.
In their search for more profits, miners take advantage of MEV’s attacks.
What is an MEV attack, and how can you protect your organization against them?
Miner extractable value (MEV) is a measure devised to study consensus security by modelling the profit a miner (or validator, sequencer, or another privileged protocol actor) can make.
MEV includes both 'conventional' profits from transaction fees and block rewards and 'unconventional' profits from transaction reordering, transaction insertion, and transaction censorship within the block a miner is producing.
One of the first forms of MEV that users suffered from was front running done by bots that merely replicated users' transactions with a higher gas price so that miners would pick their more expensive transactions over others.
Bots engage in priority gas auctions (PGAs), competitively bidding up transaction fees to obtain priority orders for their transactions, i.e., early block position and execution.
Front running occurs when miners profit by placing their specific transaction right before the users, causing the latter to fail while the miner's transaction is successful and profitable.
Alongside front running, the most common MEV attacks also include back running, which refers to miners making a profit by taking advantage of how the execution of the user's transactions will change the market conditions and placing their specific transaction right after the users. Finally, a sandwich attack is the combination of the above two to specifically make a profit and take advantage of the users' submitted transaction. All of these forms of MEV can only be executed by miners, as they are the only ones who have the power to organize transactions within a block. Other types of attacks include displacement, insertion, and suppression. With a displacement attack, the malicious actor displaces a genuine transaction with their own. As a result, although the original transaction may still run, it won't have the positive effect as intended. On the other hand, an insertion attack sandwiches a genuine transaction between two transactions intending to make a profit without holding an asset. Finally, the suppression attack delays others from running a transaction. CyVers can stop Front running attacks or any other types of MEV attacks.