Solana’s MEV Sandwich Bot ‘arsc’ Quietly Earns $30M in 60 Days

• A Solana’s MEV sandwich bot is reported to have amassed approximately $30 million in just two months with three wallet addresses exposed by MRGN Research’s Ben Coverston.

• The first wallet address is reported to contain cryptos worth $19 million with the second address containing $9.9 million. 

The villainous maximal extractible value (MEV) sandwich bot (arsc) is reported to have accumulated a whooping sum of $30 million in the last two months. According to the founder of crypto firm MRGN Research Ben Coverston, one of the largest bot wallet addresses used for cold storage is “9973h…zyWp6.”

Fascinatingly, it managed to go through a great length to accumulate these funds without any hint. 

It is quite inactive and, judging by its behaviour, is almost certainly a locked-down, cold wallet.

More Discovery by a Solana Explorer Platform

A Solana explorer site SolanaFM discloses that the exposed wallet addresses hold $19 million with Solana tokens alone making up $17 million of the total and Circle’s USD Coin making up of $1.1 million. In addition to these, a small amount of wrapped-SOL (wSOL), Cringe Coin (CRINGE), and Kabosu (KAB) are also held in the wallet. 

Another wallet address – “Ai4zq…VXKKT,” said to have been actively used in this scheme reportedly holds $9.9 million in non-Solana tokens. According to Coverston, the attackers gradually convert SOL into USDC using Jupiter’s Dollar Cost Average (JUP DCA) while holding a significant position in Kamino and various Liquid Staking Tokens (LSTs).

The third wallet address identified by Coverston is “BCbrp…vi58q”. Per his observation, this is arsc’s “main SOL bank” since it uses dozens of different signers and tippers to stage the sandwich attack. In total, the three wallets hold $29.8 million.

It seems they don’t enjoy the attention, as they’ve recently gone to great lengths to hide their activities and profits.

According to our research, Sandwich attacks have been actively employed in the crypto industry for years with MEVBlocker data disclosing that more than $1.38 billion was wiped from Ethereum users on or before April 2023. In July 2023, a blackhat risked 50 ETH (about $96,000 at that time) to make a profit of 472 ETH ($890,000). 

Our Research on How Attackers Use MEV

Miner Extractable Value or Maximal Extractable Value (MEV) enables a miner to exclude, include, and order a transaction in the blockchain before the block gets mined. Interestingly, attackers have managed to exploit this using a sandwich attack by frontrunning and backrunning the victim’s swap transaction. 

According to our investigation, attackers monitor the mempool or list of pending transactions they want to exploit, then submit two transactions once they identify the target. Specifically, one is submitted before and one after, surrounding the target “like bread in a sandwich.” The two transactions are submitted with lower and higher gas fees than that of the victim to execute the attack. Alternatively, attackers may also submit a transaction bundle using specialized RPC providers to guarantee the ordering of transactions for a fee. 

Amid the backdrop of this, Solana (SOL) makes a 0.93% surge in the last 24 hours, trading at $145. However, the asset has declined by 8% in the last seven days according to Crypto News Flash data.