On October 9, the Ethereum Foundation swapped 1,700 ETH for $2.74 million. Unfortunately, it fell victim to a sandwich attack on the Uniswap DEX, resulting in a loss of about $9,000. Let’s unpack this case in more detail.
What happened with the Ethereum Foundation’s swap
An address owned by EF and identified on etherscan as "Grant Provider", conducted a swap 1,700 ETH ($2.74 million) via Uniswap, receiving around 2.74 million USDC at an exchange rate of $1.611. After this transaction, the address still held 194 ETH ($300,000).
Learn more about why the Ethereum Foundation sold its ETH holdings and if it is worth panicking.
According to the analytics platform EigenPhi, this Ethereum Foundation fell prey to a so-called "sandwich attack". As a result, EF sold ETH at a less favourable rate, losing approximately $9,000. On the other hand, the attacker that performed the trick managed to earn $4,000.
EF’s swap was “sandwiched” between two transactions. The transactions were placed within the block as follows:
🍞 First, the attacker swapped ETH to USDC, causing the price of ETH to drop.
🧀 Then, EF also executed a swap of ETH for USDC. This led to ETH being sold at reduced price, further driving down the rate.
🍞The exploiter conducted another swap, this time converting USDC back to ETH. By doing so, the attacker immediately bought back at a reduced price and made money on the rate difference.
In this sandwich attack, the exploiter paid the validators about $5,000 in transaction fees, earning about $9,000 (as EF loss), and securing a net profit of $4,000.
What is a sandwich attack and why it occurs
A sandwich attack belongs to a broader phenomenon called miner extractable value (MEV). MEV refers to the profit that miners (or validators, in the case of proof-of-stake) can make by including, excluding, or reordering transactions in blocks. Read more about it here.
Such attacks happen due to the peculiarity of the blockchain architecture and the way DEXs work. In fact, trading on DEX is a "swap" of a token you have to a token you need from the pool. Each swap is a transaction on the blockchain.
Validators can determine the order of transactions within the block, impacting the execution rate for each transaction sender. It is also important to remember that there is a mempool — a public "place" where transactions waiting for validation (inclusion by validators in the block) are placed.
Thus, validators or bots (often for a separate additional payment to validators), tracking activity in the mempool, can benefit from placing transactions within the block in a special way.
The Ethereum Foundation wanted to exchange ETH for USDC. Their transaction increased the value of USDC in the pool. The attacker placed his swap before theirs, then there was the EF’s swap, and then the exploiter immediately sold the tokens he just bought.
EF ended up buying USDC at a less favourable rate, and the exploiter made money on the rate difference. EF’s transaction is sandwiched between the exploiter's transactions, like the filling in a sandwich between two slices of bread.
You might also like:
Ethereum Foundation sold ETH worth $2.74M: is it worth panicking
