Ordinals, this year’s incarnation of NFTs on Bitcoin, have seen a slight rebound in recent weeks. A buzzy launch peaked on May 7 this year and quickly subsided, but now Bitcoin’s rally in November has renewed interest in Ordinals.
Quantitative traders sniffed an opportunity for profit and were prepared with months of practice since May. Their opportunity came this week at Magic Eden on Bitcoin, an NFT marketplace. They sniped millions.
The most highly anticipated Ordinals project of the season, Ordibots, had announced its coining ceremony at the most prestigious Ordinals fair, Magic Eden. A timeline for its launch was widely publicized. The whitelisting requirements were extensive. Ordibots community discussions were lively. The coin ceremony featured a tantalizing countdown, with buyers setting an alarm to attend – ready to tender their NFT on time. Collectors expected the collection’s mark-to-market capitalization to reach untold millions of dollars.
Ordibots became, however the first major Ordinals collection to fall victim to a sophisticated front-run attack. The founders and NFT marketplace Magic Eden have apologized.
Here’s how it happened.
An important moment occurred in Ordinals history, with Ordibots becoming the first collection to be hit by a front-running attack.
As a next step for Ordibots, we have already collected the addresses affected by mempool sniping. In the coming days we will… https://t.co/u60X06NzWJ pic.twitter.com/I0jHl1pkd6
— OrdiBots (@OrdiBots) November 29, 2023
Read more: Ordinals won’t solve Bitcoin’s security budget anytime soon
Ordinals shoot for a win
Fans of whitelisted Ordibots submitted their coin transactions to subscribe their Ordibots NFTs to Bitcoin satoshis, the smallest denomination of a single coin.
However, after broadcasting their Bitcoin transactions, they wait in Bitcoin’s mempools for about 10 minutes. Like any other Bitcoin transaction, they must wait for miners to select their transactions for inclusion in a valid block – and then mine that block, which usually takes 10 minutes.
All that delay is enough time for an advanced quantitative trader to get their coin with a front-running attack.
Ordinals sniping is a front-running attack
Ordinals sniping involves scanning Bitcoin’s mempools for a valuable Ordinal transaction, such as an Ordibots inscription, copying the transaction, changing the wallet address, and slightly underbidding the transaction fee. By default, mining pool operators usually select a transaction with a higher transaction fee, rewarding the quantitative sniper and leaving the whitelisted Ordibots fanboy with nothing but an unconfirmed transaction.
As with all front-running attacks, Ordinals sniping steals valuable Ordinals NFTs for only the cost of surveillance and slightly higher transaction fees.
The sniper can then quickly resell his stolen goods on an NFT marketplace for a nice profit. While flipping Ordinals may be difficult for illiquid collections, snipers thought one of the biggest collections of the year was worth the trade.
The organizers of Ordibots apologize
Magic Eden on Bitcoin (the Bitcoin Ordinals division of the NFT marketplace that started on Solana) even had a custom portal created for the Ordibots coin ceremony. Unfortunately, neither Magic Eden’s portal nor Ordibots’ official website could protect users from the mempool snipers.
After the front-running attacks, Ordibots tweeted that it was trying to collect information about addresses affected by the attack. It apologized and promised to fly modified Ordibots to those addresses. Then Ordibots said it would burn the Ordibots “parent” used to generate those NFTs to ensure immutability.
Clearly, many users complained about the experience. Some were confused for a while, as they were not quickly aware of the frontrunner. Others realized what was happening quite quickly.
A grateful fan complimented Ordibots’ quick response to the situation, saying it would be cool to see a derivative collection of Ordibots images with sniper rifles.
My Ordibot was caught today. Here’s a good explanation and a must read if you’re doing ordinal numbers. https://t.co/C7UG45swx0
— DannyBoy
(@Dannyboy161616) November 28, 2023
Read more: Bitcoin Ranking Maker Causes Outrage as He Wants to Force Renumbering
Magic Eden on Bitcoin also apologized to buyers who tried to use the Launchpad to buy an Ordibot but failed due to the lead. It says it is deploying a solution to mitigate future front-running attempts.
Front-running “sniping” attacks
Mempool sniping is a form of front running. Leaders normally take advantage of privileged information and then outdo their victims. For example, if they know someone has placed a large trading order, they will try to sneak in their own order before the victim’s order is executed. Front-running bots can execute the same strategies by detecting large trades that could indicate a front-running profit opportunity.
If front running or sniping sounds familiar, it is. It is indeed a form of MEV (maximum extractable value). It is also a common quantitative trading tactic in the traditional financial world.
Although developers have tried to limit MEV, even Ethereum founder Vitalik Buterin admits that MEV will never end. All Turing-complete blockchains with on-chain assets suffer from MEV.
In response to the Ordibots sniping attack, The Ordinals Show host Leonidus warned that the Ordinals community is “going to have to become much more sophisticated very quickly.” He added that the Ordibots situation could be just “the tip of the iceberg.”
Later, Leonidus clarified that snipers cannot steal existing Ordinals inscriptions. Front-running attacks only affect transactions (not assets), such as mints or PSBT swaps.
In short, the quantitative trading tactics of traditional finance are now impacting Bitcoin. Ordinals sniping has occurred with on-chain Bitcoin assets, Ordinals. Ordibots became the first known collection to be targeted by mempool ‘sniping’, a sophisticated attack from the realm of quantitative trading.
