MevRefund

@LidoFinance Frontrunner returned their share: etherscan.io/tx/0xd8fb9df82… When can I expect to hear from you @LidoFinance? Will even let you keep a 10% bounty 🥳

Hi there @LidoFinance, it's me again. Was just hacked for 20 Eth, almost all of which got funneled to you. etherscan.io/txs?block=2183… Any chance you want to return those dirty, dirty funds?

Found the original attacker (too dumb to successfully pull it off): etherscan.io/tx/0x9788043be… Traced through TC to 0xC8fB3af887C79D8D701334F8CB02b918a8eD139d who had weeks earlier sent me this message: Guess I should've responded 🤷‍♂️

Nope. When your town square is run by an actual Nazi, it's time to find a different town. So long Twitter, I'm moving to mevrefund.bsky.social

@cryptoQuoc A contract upgrade is not equivalent to a chain fork. If you truly want to offer non-custodial ownership, make your contracts immutable. Until then, you don't get to hide behind decentralization, code is law, or whatever other excuse you prefer to avoid returning stolen funds.

We have duty to our own stakers to maintain noncustodial ownership of all funds that goes to the feepool. Upgrading and moving funds out is not an option. We voted against the Ethereum DAO fork in 2016. This is the cost of decentralization.

@bertcmiller @buffalu__ @ViktorBunin @titanbuilderxyz Are you refunding the entire surplus? What's the incentive for block builders then? Why would beaver participate?

On the exclusive orderflow bit: BuilderNet refunds value back to orderflow providers based off of an open, neutral rule - that democratizes access to what right now is only accessible by those with closed door, opaque deals. You can read the rule here: docs.flashbots.net/flashbots-auct… The goal is to neutralize the need for exclusive orderflow deals, and then to redirect competition from that to more productive dimensions. To that end, every BuilderNet node has the same access to flow and we want to enable others to permissionlessly innovate on top of this flow, e.g. by creating new features, or better merging some transactions together. See our work on putting bots into TDX for a sense of how this might work: x.com/0xangelfish/st… Hope that in the coming quarters we'll see the first instance of novel features or bundle merging from a person or team that would've never been able to deploy their work in prod in the last market structure, but who can do it because BuilderNet enables them to :)

Absolutely massive announcement: 1. Will kill censorship on Ethereum 2. Will kill exclusive orderflow deals 3. Gas and MEV refunds built in 4. Neutralized builder duopoly 5. Creates easy pathway for L2 decentralization @titanbuilderxyz when will you join BuilderNet?

New hobby: Watching this guy piss away $500 every two minutes: etherscan.io/address/0xad08… My guy, the V3 pool has $750K in liquidity ...

Should note that @CoWSwap is fine; just like last time, seems to be a bad solver contract which lets others take cowswap's fees. Solver will be on the hook for losses, not users.

Holy cow, it happened again! etherscan.io/tx/0x2fc9f2fd3…

The user specifies a contract, which reenters the MEV bot and asks for all of its weth. The MEV bot won't send an unprofitable tx, so the hacker has to send an additional bundle to activate the theft. Note the small bribe paid here which helps ensure the correct tx ordering.

Ever seen an MEV bot hacked by a private bait tx? 0x9e5 backruns bloxroute's private order flow, splitting any profits between bloxroute, the user, and themselves. Typically the user refund is a simple internal transfer to an EOA. In this case however ...

@stakefish New alpha for blackhat hackers unlocked! Just send the funds to a contract which disperses them among several addresses. You too can become a non-custodial service which sadly can't return any stolen funds!

Bruh, the funds are in your upgradeable smart contract, @stakefish You can return them, you just don't want to. Would love to see this litigated somewhere, like when Oasis was forced to rug the Jump hacker. Crypto lawyers how/where can we make this happen?

@geomadhack We did respond once in the mempool. For reasons. Don't want to go too deep in the strategy ...

@MevRefund Why is this taking place in the public mempool though? And wasn't the challenge tx a private one? How did he know he got challenged?

You're a blackhat with the keys for a compromised withdrawal address. 288 Eth suddenly become available. What do you do? If you're this knucklehead, you immediately send out a mempool tx with a 206 Eth gas fee, then, when challenged, say screw it, and dump the entire stack.

@thechandog certainly hope so, but in my experience validator returns are pretty rare

@MevRefund since it went to stakefish, isnt it highly likely if not certain it'll be returned?

Hi @LidoFinance , it's me again. Some more stolen funds headed your way. Would be amazing if you could return them, just like you did here: snapshot.org/#/lido-snapsho… etherscan.io/tx/0xb265f672e…

@stakefish @88danillo

@88danillo @MevRefund Hello! Thanks for bringing this to our attention. I'm sharing it with the team. We will investigate, discuss it internally, and reach out to you.

Hi @stakefish , I'm helping whitehat a compromised withdrawal address. Unfortunately, it seems that if the bad guys can't have it, nobody can 😢 Any chance you can return those stolen funds to the rightful owner? etherscan.io/tx/0x3718e5299…

Hi @krakenfx @krakensupport , the lunatics with the stolen private key forced me to dump 92 Eth to your validator. Please reach out to return the stolen funds. etherscan.io/tx/0x660aebf26…