Ordinals, this year’s incarnation of NFTs on Bitcoin, have enjoyed a slight resurgence in recent weeks. A bubbly launch peaked on May 7 of this year and quickly subsided, but now Bitcoin’s rally in November has renewed interest in Ordinals.
Sniffing an opportunity for profit and prepared with months of practice since May, quant traders lurked. Their opportunity arrived this week at Magic Eden on Bitcoin, an NFT marketplace. They sniped millions.
The most highly anticipated Ordinals project of the season, Ordibots, had announced its minting ceremony on the most prestigious Ordinals exchange, Magic Eden. A timeline for its launch was widely publicized. Requirements for whitelisting were extensive. Ordibots’ community discussions were vibrant. The minting ceremony had a tantalizing countdown, with buyers setting alarms to attend – ready to inscribe their NFT on-time. Collectors anticipated the mark-to-market capitalization of the collection to reach untold millions of dollars.
Ordibots, however, became the first major Ordinals collection to fall victim to a sophisticated front-running attack. Its founders, and the NFT marketplace Magic Eden, have apologized.
Here’s how it happened.
A significant moment in Ordinals history has occurred, with Ordibots becoming the first collection impacted by a front-running attack.
As the next step for Ordibots, we have already gathered the addresses affected by mempool sniping. Over the next few days, we will be… https://t.co/u60X06NzWJ pic.twitter.com/I0jHl1pkd6
— OrdiBots (@OrdiBots) November 29, 2023
Read more: Ordinals won’t be solving Bitcoin’s security budget anytime soon
Sniping Ordinals for profit
Whitelisted fans of Ordibots submitted their minting transactions to inscribe their Ordibots NFTs onto Bitcoin satoshis, the smallest denomination of one coin.
After they broadcast their Bitcoin transactions, however, they wait in Bitcoin’s mempools for around 10 minutes. Like any other Bitcoin transaction, they must wait for miners to select their transactions for inclusion in a valid block — and then mine that block, which usually takes 10 minutes.
All of that delay is plenty of time for a sophisticated quant trader to snipe their mint with a front-running attack.
Ordinals sniping is a front-running attack
Ordinals sniping involves scanning Bitcoin’s mempools for a valuable Ordinal transaction, like an Ordibots minting inscription, copying the transaction, changing the wallet address, and outbidding the transaction fee slightly. By default, mining pool operators will usually select a transaction with a higher transaction fee — rewarding the quant sniper, and leaving the whitelisted Ordibots fanboy with nothing but an unconfirmed transaction.
Like all front-running attacks, Ordinals sniping steals valuable Ordinals NFTs for only the cost of surveillance and a slightly higher transaction fee.
The sniper can then quickly resell their stolen merchandise on an NFT marketplace for tidy profit. Although flipping Ordinals might be difficult for illiquid collections, snipers thought one of the biggest collections of the year was worth the trade.
Ordibots organizers apologize
Magic Eden on Bitcoin (the Bitcoin Ordinals division of the NFT marketplace that started on Solana) had even created a custom portal for the Ordibots minting ceremony. Unfortunately, neither Magic Eden’s portal nor Ordibots’ official website were able to protect users from the mempool snipers.
After the front-running attacks, Ordibots tweeted that it was trying to collect information on addresses affected by the attack. It apologized and promised to airdrop custom Ordibots to those addresses. Then, Ordibots said it would burn the Ordibots “parent” used to generate those NFTs in order to ensure immutability.
Obviously, many users complained about the experience. Some were confused for a while, not quickly aware of the front-running. Others figured out what happened pretty quickly.
One grateful fan complimented Ordibots’ quick response to the situation and said it would be cool to see a derivative collection of Ordibots images containing sniper rifles.
My Ordibot was sniped today. Here’s a good explanation and a must read if you mint ordinals. https://t.co/C7UG45swx0
— DannyBoy 🧙♂️💎💥 (@Dannyboy161616) November 28, 2023
Read more: Bitcoin ordinals creator causes outcry for wanting to enforce renumbering
Magic Eden on Bitcoin also apologized to buyers who attempted to use its Launchpad to buy an Ordibot but failed due to the front-running. It says it is deploying a solution to mitigate future front-running attempts.
Front-running “sniping” attacks
Mempool sniping is a form of front-running. Front-running traders normally profit from privileged information, then outpacing their victims. For example, if they know that somebody placed a large trade order, they try to sneak their own order in before the victim’s order is executed. Front-running bots can execute the same strategies by detecting large transactions that might indicate a front-running profit opportunity.
If front-running or sniping sounds familiar, it is. Indeed, it is a form of MEV (maximum extractable value). It is also a common quant trading tactic in traditional finance.
Although developers have attempted to mitigate MEV, even Ethereum founder Vitalik Buterin admits that MEV will never end. All Turing-complete blockchains with on-chain assets suffer from MEV.
In response to the Ordibots sniping attack, The Ordinals Show host Leonidus warned that the Ordinals community will have to “get much more sophisticated very quickly.” He added that the Ordibots situation could just be “the tip of the iceberg.”
Later, Leonidus clarified that snipers cannot steal existing Ordinals inscriptions. Front-running attacks only affect trades (not assets), such as mints or PSBT swaps.
In short, the quant trading tactics of traditional finance are now affecting Bitcoin. Ordinals sniping has occurred with on-chain Bitcoin assets, Ordinals. Ordibots became the first known collection to be targeted by mempool “sniping,” a sophisticated attack from the realm of quant trading.