Connect with us

Crypto

Researchers uncover vulnerabilities leading to predatory trading in popular Ethereum cryptocurrency rollups

Published

on

Researchers uncover vulnerabilities leading to predatory trading in popular Ethereum cryptocurrency rollups
Ben Weintraub and his co-authors conducted a large-scale analysis of exploitative trading activities on Ethereum and across popular rollups. Credit: Matthew Modoono/Northeastern University

Ethereum, a decentralized online platform that allows users to conduct financial transactions in Ether cryptocurrency, prides itself on the system’s high security.

But new findings from Northeastern University’s computer scientists and researchers at ETH Zurich, a public research university in Switzerland, show that it might not be so bulletproof, and its users might be susceptible to some market participants’ predatory practices.

“There are direct monetary incentives,” says Ben Weintraub, a Northeastern doctoral student in the Khoury College of Computer Sciences. “So in my view, it’s better if researchers find and publicize it first before people mistakenly lose money.”

Weintraub presented the paper on the findings at the Association for Computing Machinery’s annual Conference on Computer and Communications Security (ACM CCS 2024) held Oct. 14–18 in Salt Lake City. The study is available on the arXiv preprint server.

Advertisement

He and his co-authors conducted a large-scale analysis of exploitative trading activities on Ethereum itself and across so-called rollups, or off-the-platform services that allow faster processing of higher volumes of transactions.

The researchers found evidence that certain actors can manipulate the market on rollups, which was previously thought to be impossible.

“It was known to be possible on regular Ethereum, but it was thought to be impossible on rollups and we showed that it is not impossible,” Weintraub says.

The paper presents three novel types of attacks in which predatory traders could have made about $2 million in profits in the last three years by manipulating transactions within Ethereum trading networks.

Advertisement

Ethereum is a network of independent computers across the world that follows the Ethereum protocol—a set of rules on how the computers in the global network can interact with each other. It uses blockchain technology, pioneered by Bitcoin.

A blockchain is a database of transactions that is shared across computers in a network. Once a new block, or a new set of transactions, is added to the blockchain, that data can no longer be removed by anybody, primarily due to cryptographic techniques that highlight any attempts at tampering.

Anyone can create an Ethereum account from anywhere, at any time. No central authority such as a government or a company has control over Ethereum, which means no individual can change the rules or restrict users’ access. Any Ethereum protocol changes require approval from more than half of the network.

Unlike Bitcoin, which is solely a payment system with a name-sake cryptocurrency, Ethereum allows users to build applications, communities and organizations on its platform.

The Ethereum network, however, has a scalability problem—as the number of people using it has grown, the blockchain has reached certain throughput limitations that further inflated the costs for conducting transactions on the platform.

Advertisement

One solution are the rollups, such as Arbitrum, Optimism and zkSync—which were analyzed by Weintraub—that aim to improve Ethereum’s speed by taking batches of transactions and calculations off Ethereum. This reduced the processing cost of a transaction to roughly 1 cent, Weintraub says.

Some actors make profits trading cryptocurrencies by trying to achieve maximal extractable value, he says, by manipulating the order of transactions that are pending inclusion on the blockchain. The research provides exclusive insights into the volume of maximal extractable value transactions on rollups, costs associated with them, profits made by such exploitative traders, competition between them and response time to such activities across Ethereum and the rollups.

Some methods that malicious actors use are common to financial markets, like arbitrage, when a user buys something on one exchange and quickly sells it for profit on another exchange.

“It’s generally thought to be a good thing because it keeps different exchanges balanced in terms of price,” Weintraub says. “But there are also types [of maximal extractable value] that are not good. One that’s fairly well-known in research is called sandwiching.”

In sandwiching, when a speculator sees someone is about to buy an asset, they buy it first, driving up the price. The speculator then quickly sells it at the higher price.

Advertisement

Sandwiching is considered a “bad,” manipulative trading strategy affecting the price that other traders get. On Ethereum, block producers—people or groups who get paid when their hardware is randomly selected to verify a block’s transactions—can try to maximize the amount of profit they make by manipulating how transactions are ordered or included in a block before it is added to the blockchain.

“The reason we call this an attack is because it is purely damaging to that victim, who now has to pay a little bit more for their transaction,” Weintraub says. “The system broadly does not benefit at all. There’s just the one who profits—the ‘sandwicher.’”

While the researchers didn’t find traditional sandwich attacks on popular rollups, they identified three potential strategies for them when transactions move between Ethereum and rollups with a time delay.

“This just came from analyzing the protocol and looking at the exact flow of transactions—when they get sent, when the rollup seems to respond to them or when they end up on the blockchain,” Weintraub says.

Advertisement

“We tested our attacks on [Ethereum’s] test-net, a network of ‘fake’ money that is used by developers to test their applications,” he says. “And, essentially, we stole all of the money from only ourselves.”

Weintraub is currently in contact with major rollups’ developers to see what can be done about the possibility of the attacks. Two types of these novel attacks can be prevented, Weintraub says, while it is unclear how to protect users from the third type.

“Our view is that it’s better to just get this information out there so people, at least, are aware of the risks,” he says.

More information:
Christof Ferreira Torres et al, Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups, arXiv (2024). DOI: 10.48550/arxiv.2405.00138

Journal information:
arXiv
Advertisement

Provided by
Northeastern University

This story is republished courtesy of Northeastern Global News news.northeastern.edu.

Advertisement

Citation:
Researchers uncover vulnerabilities leading to predatory trading in popular Ethereum cryptocurrency rollups (2024, November 11)
retrieved 11 November 2024
from https://techxplore.com/news/2024-11-uncover-vulnerabilities-predatory-popular-ethereum.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Advertisement

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Crypto

Interactive Brokers Unleashes Stablecoin Rails, Slashes Crypto Trading Costs

Published

on

Interactive Brokers Unleashes Stablecoin Rails, Slashes Crypto Trading Costs

Key Takeaways

Interactive Brokers (Nasdaq: IBKR), the automated global broker that manages approximately $930.3 billion in client equity as of mid-2026, integrated these capabilities directly into its core electronic trading architecture. Clients can now execute automatic conversions to withdraw U.S. dollars from their brokerage accounts directly into external destinations, including personal non-custodial cryptocurrency wallets, using Circle’s USDC, Paypal’s PYUSD, or Ripple’s RLUSD.

This infrastructure upgrade bridges traditional finance (TradFi) markets and digital currency networks without requiring investors to switch between separate applications. By allowing near-instantaneous transfers 24 hours a day, including weekends and holidays, the firm ensures that market participants can move capital onto the platform and begin trading across 170 global markets within minutes.

Redefining Brokerage Cost Structures

“We believe digital assets should be integrated into a client’s broader financial experience, not treated separately,” explained Milan Galik, Chief Executive Officer of Interactive Brokers. Galik emphasized that as stablecoins become a more widely used method of payment and transfer, the firm remains focused on providing seamless digital asset access alongside a diverse range of global products.

The institutional expansion addresses a critical friction point for high- volume traders who frequently contend with steep transactional overhead on specialized crypto exchanges. Interactive Brokers charges crypto commissions starting between 0.12% and 0.18% of total trade value, featuring a modest $1.75 minimum per order. Crucially, the broker imposes no added spreads, markups, or custody fees, undercutting conventional competitors by up to 85%.

Industry data reveals that recently launched crypto offerings from traditional brokerages charge client commissions as high as 0.75% per transaction. Alternative platforms often remain two to four times more expensive, with some retail applications charging up to 1.20% or more. By maintaining low overhead, IBKR leverages its $21 billion consolidated equity capital to aggressively capture market share from standard spot exchanges.

Token Expansion and Custodial Pipelines

Tuesday’s Interactive Brokers crypto expansion routes new asset classes through separate regulated pipelines to guarantee institutional-grade compliance and security. Through its partnership with Zero Hash, the broker added Aave, Aptos, Canton, Lido DAO, Monad, NEAR Protocol, Plasma, Pax Gold, and Uniswap. The addition of Pax Gold provides a digital token backed entirely by physical gold stored in professional vault facilities.

Advertisement

Concurrently, Paxos Trust Company will facilitate trading for three of these newly supported assets, specifically AAVE, UNI, and PAXG. These choices join an existing institutional catalog that already includes high- liquidity crypto assets such as bitcoin, ethereum, solana, bitcoin cash, litecoin, and XRP. This dual-vendor model minimizes counterparty risks for the firm’s rapidly growing base of 5.185 million client accounts.

Interactive Brokers (Nasdaq: IBKR) shares on July 14, 2026.

This strategic development coincides with a period of massive operational growth, as the firm’s Daily Average Revenue Trades recently surged 53% year-over-year to 5.269 million. Margin loan balances also climbed 67% to $108.5 billion, highlighting a highly active client base that utilizes capital leverage across unified portfolios. The addition of crypto flexibility serves as an onboarding tool for sophisticated international investors.

Regulatory Guardrails and Global Availability

While the expansion enhances utility for domestic accounts, strict geographic limitations remain firmly in place due to fragmented cross-border regulatory frameworks. Bidirectional funding via stablecoin is entirely unavailable to clients registered under Interactive Brokers U.K. Limited or Interactive Brokers Ireland Limited. Furthermore, the newly introduced crypto-assets cannot be accessed by clients of the Irish affiliate.

Corporate executives maintained a realistic, risk-managed tone regarding broader market conditions, explicitly stating that digital asset trading carries exceptional financial danger. The platform noted that these specific digital products are designed exclusively for individuals with high risk tolerance and the financial capacity to sustain total capital losses. This conservative positioning aligns with the firm’s corporate credit profile and S&P rating of A- with a stable outlook.

As digital and TradFi continue to converge through tokenization and institutional investment vehicles, Interactive Brokers positions its balance sheet as a primary clearing house. The elimination of separate wallet ecosystems reduces operational friction for hedge funds and independent money managers alike. This long-term framework underpins the broker’s overarching strategy to capture institutional wallet share as the digital currency landscape matures.

Advertisement
Continue Reading

Crypto

Why Early Legal Action Matters After a Cryptocurrency Investment Scam

Published

on

Why Early Legal Action Matters After a Cryptocurrency Investment Scam

Pig butchering scams do not start with crypto. They start with a conversation. Someone reaches out through a dating app, a text, or social media, and over weeks or months they build what feels like a genuine connection. They ask about your life and your goals.

At some point they mention a crypto platform that has been generating strong returns. They help you set up an account, walk you through the first deposit, and show you a dashboard with what looks like real profit. You put in more. The numbers climb. Then the platform locks you out or disappears, and the money is gone.

If this has happened to you, the most important thing is to move quickly. A crypto fraud lawyer can help you figure out what to do next and which legal options may still be available.

Immediate Steps After Discovering the Scam

Scammers count on the shock to buy them time. Most victims spend the first few days trying to understand what happened instead of acting, and that delay allows evidence to disappear and funds to move further out of reach.

The First 72 Hours

The first three days matter more than most people realize. Scammers do not sit still after taking money. They rotate wallet addresses, shut down platforms, and often keep pressuring the victim to send more under the guise of fees or tax payments needed to release returns that never existed.

Advertisement

Getting a lawyer involved early can cut through the confusion. They identify which wallets and platforms were involved, send notices to banks and exchanges, and start building a timeline while everything is still fresh. The window for certain recovery options is narrow, and even a week of delay can close off paths that were open on day one.

Securing Accounts and Devices

While the legal side gets underway, lock down every account you have access to. Change your passwords, enable two-factor authentication, and scan your devices for remote access software that scammers sometimes install during the setup process. Check your email for forwarding rules you did not set up, and review your exchange accounts for linked addresses or withdrawal settings that were changed without your knowledge.

Do this before making any further transfers.

Building the Record

Crypto transactions leave a trail, but the window for capturing it closes quickly. Exchanges update their interfaces, chat platforms delete messages, and fake investment sites go offline without notice.

Preserving Transaction Evidence

Everything from this point forward depends on what you can document. Wallet addresses, transaction IDs, exchange account statements, screenshots of every conversation with the scammer (including the early ones), wire transfer receipts, credit card statements, deposit instructions, and dashboard screenshots from the fake platform (if you can still access it).

Advertisement

Get it together as early as you can. Messages will disappear. Platforms will go offline. Access will be revoked without warning. The picture you can put together on day three is going to be much more complete than anything you will be able to reconstruct a month from now.

Store copies in two separate places. A secure cloud folder and a local drive is a simple setup that works. Put together a log that records dates, times, amounts, and whatever names or identifiers were displayed on each platform. Organized records make everything easier for lawyers, investigators, and financial institutions.

Coordinating With Financial Platforms

Banks, credit card companies, and crypto exchanges may be able to freeze funds, flag suspicious wallet addresses, or open internal investigations. These processes tend to work better when the request comes in early, includes specific transaction details, and is submitted in writing. Vague complaints filed weeks later are much easier for them to dismiss.

Save the name of whoever you speak to, the reference number, and a summary of what was said. Keep copies of all emails and chat logs. This creates an audit trail that becomes important if a dispute escalates.

Recognizing Follow-Up Scams

This is the part that catches people off guard. After the initial loss, a second wave often follows.

Advertisement

Someone contacts you claiming to be a recovery specialist, a government agent, or a tax official who can help get your money back. But first they need a fee, or your private keys, or a small crypto payment for verification purposes.

None of it is real. Scammers know that victims at this stage are desperate, and they use that against them. Some resort to threats. Others try to isolate the victim from family or friends who might step in and encourage reporting.

Treat any unsolicited contact about recovering your funds as a potential threat until it has been independently verified. Any request for upfront payment is a warning sign, without exception.

Legal Paths Forward

Most victims expect law enforcement to handle recovery. Criminal investigations into crypto fraud tend to move slowly and rarely focus on individual cases. Civil options often provide more direct paths, but they come with deadlines that can expire faster than people expect.

Deadlines and Leverage

Legal remedies in crypto fraud cases are not open-ended. Payment dispute windows have fixed deadlines. Statutes of limitations run on a set schedule. Certain contractual claims expire within weeks, not months. The longer someone waits, the fewer options remain.

Advertisement

An early legal review can identify which of these deadlines apply and which ones are coming up fast. Credit card chargebacks, for example, have to be filed within a defined window. Certain claims against exchanges operate under similar constraints.

Timing also affects leverage. A demand letter backed by organized records and documented losses will be taken more seriously than a vague complaint filed months later. When the other side can see the case is well-prepared, negotiations tend to move forward more quickly.

Civil Options

Filing a police report is a good idea. It creates an official record and supports the timeline of events. But criminal investigations into crypto fraud are often slow and focused on larger networks. Direct results for any single victim can take a long time to secure, if they come at all.

Civil claims work on a separate track.

Advertisement
Continue Reading

Crypto

Bitcoin Slides to $62,037 as Iran Conflict Sparks Fresh Energy Fears

Published

on

Bitcoin Slides to ,037 as Iran Conflict Sparks Fresh Energy Fears

Bitcoin Tumbles Amid U.S.-Iran Clashes

Bitcoin tumbled to the $62,000 range Monday as a weekend exchange of gunfire between U.S. and Iranian forces threatened to spark another energy crisis. Market data showed the top cryptocurrency plunged from a 24-hour peak of $64,385 late Sunday to $62,037 by 10:15 a.m. EST Monday.

While the cryptocurrency attempted to reclaim the $63,000 resistance level, another sell-off saw it retreat to $62,200, reversing earlier gains and leaving it down nearly 3%. The decline dragged its market capitalization down from $1.28 trillion to approximately $1.25 trillion as of 12:40 p.m. EST. The slide, in turn, helped trim the crypto economy’s aggregate market capitalization to $2.24 trillion.

Meanwhile, the slide triggered the liquidation of $83 million in long leveraged positions and $12 million in shorts. Overall, liquidations across the crypto economy topped $322 million, with liquidated long bets accounting for $267 million of the total.

Following earlier strikes in the week, the U.S. military upped the ante Sunday, striking more than 100 targets across Iran. The U.S. maintains the strikes were in response to Iranian attacks on shipping vessels transiting the Strait of Hormuz. In addition to the strikes, some media reports suggested the U.S. military was contemplating a blockade on Iranian ports.

Advertisement

Iran, which rejects the allegations, launched retaliatory strikes targeting U.S. bases and installations across five Gulf countries, including Qatar and Tehran’s ally Oman. Iran insists Washington is violating a memorandum of understanding (MoU).

The apparent return to full combat operations came days after U.S. President Donald Trump declared the ceasefire between the two sides over. The U.S. leader also accused Tehran of violating the terms of the MoU, which requires Iran to reopen the Strait of Hormuz.

Following the latest escalation, oil prices jumped 4.5%, with the global benchmark Brent crude breaching the $80-per-barrel mark. According to analysts, market concern is expanding beyond crude oil prices, with investors increasingly focused on disruptions to global refining capacity and fuel supply chains. Ongoing conflicts have affected refinery operations across the Middle East and, recently, key global shipping routes in the Russia-Ukraine region.

“Even if crude oil prices stabilize, gasoline and diesel prices could remain elevated due to limited refined fuel availability. This creates a risk that energy inflation may prove more persistent than markets currently anticipate,” a Bitunix analyst asserted in a recent report.

For global markets, including crypto, the central question for this week extends beyond whether U.S. inflation rises again. The bigger issue is whether global capital costs continue moving higher.

Advertisement

With AI investment absorbing significant funding, energy supply chains facing uncertainty, and Federal Reserve policy remaining unsettled, risk assets are likely to remain driven by the interaction among interest rates, liquidity conditions and corporate financing costs.

“For bitcoin, reclaiming and holding above $64,000 could improve short-term momentum. However, continued pressure from higher capital costs may keep BTC trapped within a broader consolidation range,” the analyst said.

Continue Reading
Advertisement

Trending