What’s the Role of Validators in Handling Illicit Crypto Transactions? (Part 2- MEV)

In November 2023 I penned a piece for Twinstake around the potential tactics an illicit actor may use within the staking space to steal funds from other stakers, cause them disruption or to launder their illicit funds through permissionless staking providers: https://www.twinstake.io/reports/illicit-threats-in-crypto-asset-staking-choosing-an-institutional-provider-to-mitigate-the-risks

In these examples I was considering a malicious actor as the staker, however it’s also possible that a perfectly legitimate staker or validator may be impacted by illicit actors’ activities on the blockchain and the question is therefore — what level of responsibility does or should a validator have for processing illicit-linked transactions?

There are a few scenarios in which this may be the case, and in I explored what this means for illicit transactions involving OFAC SDN listed addresses. In part 2, I will explore what responsibility validators may have for receiving MEV linked to illicit activity or actors.

MEV earned from illicit activity

As is the case regarding regulation and guidance surrounding the processing of illicit transactions, there is also no specific guidance on what validators should or must do if the MEV they receive is linked to an exploit or hack. This is because there also isn’t currently any guidance to MEV itself and whether certain MEV practices fall under existing market abuse regulations.

I previously wrote an in depth piece about MEV which is worth reading for a deeper understanding in the different types of MEV

In the TradFi world, activities of front running and sandwich attacks would be deemed as market manipulation and would therefore be illicit practices. However in the MEV world it’s unclear whether this is toxic behaviour, illicit activity or simply just a clever trading strategy.

In the TradFi world, a bank, business or individual receiving funds from a heist or from a criminal activity would be in receipt of the proceeds of crime and be liable to report it and take the necessary actions. However in the crypto world, MEV which is earned from a DEX exploit or hack doesn’t currently classify under the same regulation or even established mirror regulation. In fact, there’s currently different treatments over whether such an attack is even a criminal endeavour or not. In 2023 Defi platform Platypus was hacked not once, not even twice but THREE times! $8.5m worth of assets were syphoned from the platform and despite the two perpetrators being arrested and put in front of a judge in France, they walked scottfree as the judge claimed that the French legal system didn’t recognise defi protocol hacking as a crime and so no criminal activity has actually occurred!

It’s perhaps no surprise then that there’s no global clarity on MEV linked to the proceeds of crime if defi hacking itself isn’t even recognised as a crime in some jurisdictions.

One example of an entity receiving MEV linked to illicit activity was Coinbase’s 570ETH reward after the Curve finance exploit. The exploit itself saw $73m vanish after an attacker performed a re-entrancy attack which enabled them to steal funds from a number of liquidity pools. This was followed by a number of copycat efforts, some by white hat hackers looking to try to move funds into safe harbours and others by opportunist black hat hackers who could see that the same attack vector could be used in other pools. The competition to ‘get in first’ saw traders pay excessively large priority fees to validators in order to secure a space in the next block and led to mismatched pricing across DEXs which enabled MEV bots to grab arbitrage opportunities. As a result, MEV activity around the time of the Curve hack was some of the largest in Ethereum’s history!

However the MEV being earned was directly tied to an exploit. It was stolen money. Taken from victims who had deposited money in liquidity pools and who were now sitting on losses.

The validators earning their priority fees from MEV bots and traders to speed these transactions through, were therefore profiting off criminal activity. Perhaps unknowingly at the time, but still true nonetheless.

Time will tell whether regulators start to crack down on exploitative MEV practices (of which not all MEV activity may be defined as such) and whether validators, MEV bots and traders whose MEV profits derive from criminal activity, such as an exploit or a hack, will be compelled to return funds to victims. My money is on regulation coming in (potentially a MiCA upgrade) which requires validators to, at a minimum, raise a SAR for illicit MEV being earned and possibly even to have to send the money back and make victims as whole as can be technically achieved. That’s not to say it’s a simple job but I’m sure we’ll start to see relayers who can help provide this protection by using blockchain analytics (a free startup idea for anyone reading this!).

In the case of Coinbase’s 570 ETH reward for validating the block with Curve exploit related transactions in, so far the exchange has taken the position that since there’s no legal obligation for them to return the funds they’re not going to.

Originally published at https://www.linkedin.com.