A notorious maximal extractible value (MEV) sandwich bot known as “arsc” has successfully pocketed approximately $30 million from Solana users over the past two months through sophisticated MEV attacks. This bot employs a cunning strategy known as an MEV sandwich attack, where it strategically places its transactions before and after a victim’s transaction to manipulate prices and secure a profit.
In such attacks, the bot buys the victim’s tokens at a price lower than the market value and sells them at a higher price within the same block. This method allows the attacker to make a profit by exploiting the price differences created by the victim’s transaction.
The Mechanisms and Methods Behind MEV “arsc”
Ben Coverston, the founder of cryptocurrency firm MRGN Research, highlighted the activities of “arsc” in a June 15 post on X (formerly Twitter). According to Coverston, the bot has gone to great lengths to avoid drawing attention while reaping significant profits from users on the Solana network. Coverston’s investigation revealed that one of the largest wallet addresses associated with the bot is “9973h…zyWp6,” which appears to be primarily used for cold storage.
“It is quite inactive and, judging by its behavior, is almost certainly a locked-down, cold wallet,” Coverston stated.
According to data from Solana explorer site SolanaFM, this wallet holds over $19 million in total funds, including $17 million worth of Solana (SOL) tokens and $1.1 million in Circle’s USD Coin (USDC) stablecoin. Additionally, it contains smaller amounts of wrapped-SOL (wSOL), Cringe Coin (CRINGE), and Kabosu (KAB).
Another prominent wallet, identified by the address “Ai4zq…VXKKT,” is considerably more active in decentralized finance (DeFi) activities, Coverston noted. This wallet is involved in gradually converting SOL into USDC via the JUP DCA protocol and maintains substantial positions in Kamino and various liquid staking tokens (LSTs). According to SolanaFM, it holds over $9.9 million in total funds, predominantly comprised of non-SOL tokens.
The Wallets and Tactics of “arsc”
Coverston also identified a third wallet address, “BCbrp…vi58q,” which he believes acts as arsc’s “main SOL bank.” This wallet employs dozens of different signers and tippers to execute the sandwich attacks. Collectively, these three wallets hold a combined total of $29.8 million at current prices.
The operator behind “arsc” appears to be making significant efforts to maintain a low profile. Coverston noted, “It seems they don’t enjoy the attention, as they’ve recently gone to great lengths to hide their activities and profits.”
The substantial amounts held in these wallets underscore the lucrative nature of MEV attacks on the Solana network. Despite the negative impact on individual users, the stealthy and strategic operations of “arsc” illustrate the sophisticated level of blockchain exploitation currently taking place.
The revelation of these activities calls attention to the need for enhanced security measures and user awareness within the cryptocurrency space. As MEV attacks become more prevalent, understanding and mitigating these risks will be crucial for the continued growth and trust in decentralized finance ecosystems.
