A subtle yet unexpected disruptor has emerged in the Ordinals space, making its presence known widely this past Wednesday, coinciding with one of the most anticipated mints in recent months.
First and foremost, it’s crucial to clarify that wallets, funds, and assets remain secure. However, this exploit, more of an inconvenience than a financial threat, has impacted users’ opportunities. Regardless, it’s a serious issue that needs fixing, and these teething problems are to be expected during the infancy stage of Ordinals development.
What Is Mempool Sniping?
Mempool sniping, a form of front-running, capitalizes on the delay in Bitcoin transactions awaiting confirmation in the mempool. Notably, platforms like Magic Eden and Unisat, previously smooth and secure for Ordinals minting and purchasing, are now facing potential threats.
We're finally starting to see mempool sniping of Ordinal trades (aka front-running). Here's how it works 👇
Most Ordinals marketplaces use PSBTs to do an Ordinal trade. The seller signs an open and partially signed Bitcoin transaction. The buyer than completes it. And the…
— danny huuep (@huuep) November 28, 2023
As described by OCM founder, @huuep, mempool sniping exploits Partially Signed Bitcoin Transactions (PSBTs), commonly used by most Ordinals marketplaces. The vulnerability arises when a seller’s partially signed transaction can be intercepted by any buyer, allowing them to substitute the buyer’s details with their own. By employing a higher fee, the new buyer’s transaction gains priority, resulting in successful sniping.
OrdiBots Mint Gets Exploited
Ordibots has stood out as one of the most eagerly anticipated mints on Bitcoin in recent months. However, the initial excitement turned to disappointment as users encountered mempool sniping issues during the launch.
This led to Magic Eden being forced to release the following statement on the issues encountered, along with Ordibots pledging to airdrop assets to wallets to compensate for the problem occuring.
Consequences and next steps
There is some slight good news to this; affected minters do not lose their funds if they are a victim of a mempool snipe. However, their purchased Ordinals never successfully broadcast, leaving them without the desired inscription.
We'd like to congratulate the @OrdiBots team on such strong demand on their mint today, but also acknowledge users disappointed in our Launchpad experience.
There were instances of Mempool sniping noted on a portion of user mint attempts.
What's that mean & what's next?👇
— Magic Eden on Bitcoin 🟧 (@MEonBTC) November 28, 2023
Magic Eden and Ordibots are actively working on updates to prevent future mempool sniping incidents. Mint transactions will now be signed on demand, bolstering security and minimizing the risk of sniping. Furthermore, @huuep left some remarks in the reply to his thread insinuating he may be on the case also, saying “Marketplaces have to fix it, there are ways if you understand Bitcoin.”
Final Thoughts
Mempool sniping is a pressing issue demanding attention and collaboration amongst those building on Ordinals. As the space continues to grow, robust security measures become increasingly crucial to ensure the growth of the protocol and to keep up with rival chains.
That said, it has to be mentioned that in the relatively short span of Ordinals’ existence, development has unfolded at an astonishing pace, leaving many optimistic that the current challenge of mempool sniping will soon be a thing of the past. The true measure of progress on this front will likely be evident in the next major mint hosted on Magic Eden.
Opinions expressed here are opinions of the Author. Influencive does not endorse or review brands mentioned; does not and cannot investigate relationships with brands, products, and people mentioned and is up to the Author to disclose. Accounts and articles may be professional fee-based.