Skip to content

Northeastern researchers uncover vulnerabilities leading to predatory trading in popular Ethereum cryptocurrency rollups

Research by Northeastern’s Ben Weintraub reveals vulnerabilities in Ethereum rollups, showing potential for $2M in profits from predatory trading tactics.

Ben Weintraub working on a laptop.
Ben Weintraub and his co-authors conducted a large-scale analysis of exploitative trading activities on Ethereum and across popular rollups. Photo by Matthew Modoono/Northeastern University

Ethereum, a decentralized online platform that allows users to conduct financial transactions in Ether cryptocurrency, prides itself on the system’s high security. 

But new findings from Northeastern University’s computer scientists and researchers at ETH Zurich, a public research university in Switzerland, show that it might not be so bulletproof, and its users might be susceptible to some market participants’ predatory practices.

“There are direct monetary incentives,” says Ben Weintraub, a Northeastern doctoral student in the Khoury College of Computer Sciences. “So in my view, it’s better if researchers find and publicize it first before people mistakenly lose money.”

Weintraub presented the paper on the findings at the Association for Computing Machinery’s annual Conference on Computer and Communications Security. 

He and his co-authors conducted a large-scale analysis of exploitative trading activities on Ethereum itself and across so-called rollups, or off-the-platform services that allow faster processing of higher volumes of transactions. 

The researchers found evidence that certain actors can manipulate the market on rollups, which was previously thought to be impossible.

“It was known to be possible on regular Ethereum, but it was thought to be impossible on rollups and we showed that it is not impossible,” Weintraub says. 

The paper presents three novel types of attacks in which predatory traders could have made about $2 million in profits in the last three years by manipulating transactions within Ethereum trading networks.

Ethereum is a network of independent computers across the world that follows the Ethereum protocol — a set of rules on how the computers in the global network can interact with each other. It uses blockchain technology, pioneered by Bitcoin.

A blockchain is a database of transactions that is shared across computers in a network. Once a new block, or a new set of transactions, is added to the blockchain, that data can no longer be removed by anybody, primarily due to cryptographic techniques that highlight any attempts at tampering.

Anyone can create an Ethereum account from anywhere, at any time. No central authority such as a government or a company has control over Ethereum, which means no individual can change the rules or restrict users’ access. Any Ethereum protocol changes require approval from more than half of the network.

Unlike Bitcoin, which is solely a payment system with a name-sake cryptocurrency, Ethereum allows users to build applications, communities and organizations on its platform.

The Ethereum network, however, has a scalability problem — as the number of people using it has grown, the blockchain has reached certain throughput limitations that further inflated the costs for conducting transactions on the platform.

One solution are the rollups, such as Arbitrum, Optimism and zkSync — which were analyzed by Weintraub — that aim to improve Ethereum’s speed by taking batches of transactions and calculations off Ethereum. This reduced the processing cost of a transaction to roughly 1 cent, Weintraub says.

Some actors make profits trading cryptocurrencies by trying to achieve maximal extractable value, he says, by manipulating the order of transactions that are pending inclusion on the blockchain. The research provides exclusive insights into the volume of maximal extractable value transactions on rollups, costs associated with them, profits made by such exploitative traders, competition between them and response time to such activities across Ethereum and the rollups.

Some methods that malicious actors use are common to financial markets, like arbitrage, when a user buys something on one exchange and quickly sells it for profit on another exchange.

“It’s generally thought to be a good thing because it keeps different exchanges balanced in terms of price,” Weintraub says. “But there are also types [of maximal extractable value] that are not good. One that’s fairly well-known in research is called sandwiching.”

In sandwiching, when a speculator sees someone is about to buy an asset, they buy it first, driving up the price. The speculator then quickly sells it at the higher price.

Sandwiching is considered a “bad,” manipulative trading strategy affecting the price that other traders get. On Ethereum, block producers — people or groups who get paid when their hardware is randomly selected to verify a block’s transactions — can try to maximize the amount of profit they make by manipulating how transactions are ordered or included in a block before it is added to the blockchain. 

“The reason we call this an attack is because it is purely damaging to that victim, who now has to pay a little bit more for their transaction,” Weintraub says. “The system broadly does not benefit at all. There’s just the one who profits — the ‘sandwicher.’”

While the researchers didn’t find traditional sandwich attacks on popular rollups, they identified three potential strategies for them when transactions move between Ethereum and rollups with a time delay.

“This just came from analyzing the protocol and looking at the exact flow of transactions — when they get sent, when the rollup seems to respond to them or when they end up on the blockchain,” Weintraub says. 

“We tested our attacks on [Ethereum’s] test-net, a network of ‘fake’ money that is used by developers to test their applications,” he says. “And, essentially, we stole all of the money from only ourselves.”

Weintraub is currently in contact with major rollups’ developers to see what can be done about the possibility of the attacks. Two types of these novel attacks can be prevented, Weintraub says, while it is unclear how to protect users from the third type. 

“Our view is that it’s better to just get this information out there so people, at least, are aware of the risks,” he says.