CyberNews researchers found that front-runners are abusing decentralized cryptocurrency exchanges by draining hundreds of millions in crypto from trader transactions on the Ethereum network.
Unsuspecting traders can lose as much as $280 million to front-runners each month.
As the price of bitcoin and Ether reached unprecedented highs in the past few months, the decentralized cryptocurrency market saw a massive influx of new traders and an incredible increase in value. As of May 2021, the total value of cryptocurrency traded across decentralized exchanges (DEXes) has reached more than $58 billion.
As opposed to centralized exchanges like Coinbase or Binance, where the vast majority of cryptocurrency trading takes place, DEXes are fully decentralized. This means that they are not controlled or operated by a single entity, and traders are always in control of their own funds and transactions.
Or are they?
With unscrupulous stock traders migrating to crypto over the years, underhanded market manipulation tactics were carried over into the world of cryptocurrency.
Just like insider trading and scalping, front-running is one of many such techniques. It is an unethical and illegal market manipulation method that originated in traditional financial markets, where front-running has been prohibited since the time when stock trading was conducted via actual paper notes.
What is front-running?
Because decentralized exchanges are not governed by a single entity, all cryptocurrency transactions – both pending and completed – are publicly visible to everyone on sets called mempools. Having access to mempools allows front-runners to use various techniques to exploit the data of pending transactions in order to jump in with their own trade before they are confirmed on the blockchain, make unsuspecting traders pay more for their transactions, and pocket the profit.
Unfortunately, the very nature of decentralized exchanges and blockchain technology makes front-running possible. Since most DEXes are based on public blockchain tech such as Ethereum, front-runners can see each incoming transaction that has been locked into a smart contract.
As soon as they see an opening, bots deployed by front-runners jump the queue and insert a higher transaction fee for placing the order, while the trader who initiated the transaction is forced to pay the price that they didn’t see coming.
This can result in hefty losses for traders’ transactions. In the following example, a front-runner has extracted a whopping 0.34519701 ETH from a single transaction, which cost the trader $983:
(Image source: dextools.io)
As a result, the victim of front-running received a lot fewer Ether tokens than expected. In some cases, traders can lose tens of thousands of dollars in crypto to front-runners this way.
With recent research showing that front-running is now relatively widespread on decentralized exchanges that are built on the Ethereum blockchain, we at CyberNews decided to investigate the exact extent of the losses this market manipulation tactic is incurring on cryptocurrency traders.
The results of our investigation were eye-opening: hundreds of millions of dollars in crypto are being drained by front-runners every day, causing cryptocurrency traders massive unexpected losses. To make matters worse, all major decentralized exchange protocols can be abused this way.
$280 million drained by front-runners each month
To find out the extent of the losses caused by front-runners across major decentralized exchanges, we utilized the MEV Explore and MEV Inspect tools provided by Flashbots, a research and development organization dedicated to mitigating the negative externalities of the current value extraction techniques and avoiding the existential risks front-running can cause to state-rich blockchains like Ethereum.
We looked at the overall value extracted in 30 days, from April 24 to May 24, as well as how much value front-runners drained from trades in the last 24 hours of this monthly interval.
Our investigation found that front-runners extract more than $12 million from transactions every day, with monthly losses suffered by traders reaching nearly $280 million in cryptocurrency, which can amount to billions of dollars in yearly losses.
While there are multiple ways for miners to extract value from transactions, arbitrage and front-running appear to be involved in draining a gigantic 96% of the overall miner extractable value (MEV) across all major decentralized exchanges:
According to CyberNews researcher Martynas Vareikis, countless front-running attacks against unsuspecting traders are conducted every day.
“The numbers are staggering, and unless something is done to curtail them, this is only going to get worse. And since these exploitation opportunities are inherent to the current iteration of blockchain technology, the solutions to the front-running problem will require structural, rather than individual changes,” says Vareikis.
Front-runners extract the most value on these decentralized exchanges
Our findings show that 43% of all MEV is drained on Uniswap (V2), which is the second-largest decentralized finance platform by market share.
SushiSwap, the fifth-largest DEX in crypto, comes second with 23%, while Balancer takes third place with 11% of the overall value being extracted by front-runners on the trading platform.
Curve and dYdX close the top five, with 8.8% and 7.7% of total MEV drained, respectively.
Front-running: an unaddressed threat to decentralized finance
Despite front-running being a relatively widespread phenomenon on decentralized cryptocurrency exchanges, there’s still a noticeable lack of tools or mechanisms in place that could help curtail the tactic.
This apparent lack of security processes adversely affects the entire decentralized finance ecosystem, causing developers to enact draconian measures, including placing transaction limits on all miners, in order to stay ahead of the front-runners.
Vygandas Masilionis, CEO of Lossless, a protocol that freezes and returns stolen funds back to the owners’ accounts, reckons that user education about measures such as slippage tolerance and smaller but more frequent trades is the most effective solution against front-running tactics to date.
“Lossless however, aims to bring unprecedented flexibility against various vectors of attack, including, if desired, frontrunning. As long as token creators define front-running as the type of transactions that shouldn’t occur – Lossless transaction freezing functionality can block frontrunning bots by default,” says Masilionis.
“It’s high time for organizations involved in decentralized finance to adopt a proactive security mindset, which includes tighter oversight of the mempools and transaction backlogs, as well as widespread implementation of front-running attack detection systems,” adds Vareikis.
Before that happens, however, we highly recommend traders to refrain from placing high-value trades on decentralized exchanges.
About the Author: Edvardas Mikalauskas
(SecurityAffairs – hacking, crypto transactions)