MEV Bot Steals $100K of Airdrops

‍

A MEV bot, 0x80B, has stolen more than $100K worth of PROMPT airdrop tokens from the recent Wayfinder AI token airdrop. Users who attempted to claim their PROMPT token allocation via the official smart contract lost their tokens to the MEV bot, which replaced their claim transactions with its own, placing its own address as the claimer. The bot then subsequently swapped the PROMPT tokens for ETH via Uniswap. The contract has since been paused to prevent further loss, with the team promising to fully compensate all affected users with their allocated PROMPT airdrop.

This type of exploit is a classic example of "generalized front-running." MEV (Maximal Extractable Value) bots monitor the "mempool," which is the waiting area for pending transactions. When the bot detects a profitable transaction—like a user claiming free tokens—it automatically copies the transaction's data but broadcasts it with a significantly higher gas fee. Miners, incentivized by the higher fee, prioritize the bot's transaction, processing it before the legitimate user's request. This effectively allows the bot to "cut the line" and claim the tokens first.

‍

‍

According to the bot’s past transaction history, the bot primarily uses Coinbase as its centralized exchange of choice, which could prove to be a useful clue in deducing its owner’s identity.

‍

‍

The link to Coinbase highlights the often-overlooked difference between anonymity and pseudonymity in crypto. While a blockchain address is just a string of characters, centralized exchanges (CEXs) are regulated entities required to enforce Know Your Customer (KYC) laws. By interacting with a CEX, the attacker creates an off-chain link between their wallet and their real-world identity. If legal pressure is applied, this digital trail can easily de-anonymize the perpetrator, turning a successful code exploit into a traceable crime.