Ethereum dark forest monsters are no joke. These frontrunning bots can analyze smart contract calls and functions they have never used before in smart contracts they’ve never seen to extract potential profits.

To better understand these bots, we set out on a safari tour to shed more light on the situation and see how prevalent they are. We managed to “trap” some generalized frontrunning bots and analyze their behavior. We studied how efficient they are and how likely a transaction is to get hunted down. We also tested different ways to evade them.

What is frontrunning?

In general, frontrunning is the act of…


TL;DR; DeFi lending protocols power many of today’s yield farming ventures and are considered a relatively safe and tested way to make extra income on crypto-assets. With interest in these protocols on the rise, we thought it’s an excellent time to provide a more detailed write up to help people choose the right lending protocol. This introductory guide compares popular lending platforms on Ethereum based on APR, fees, and security and explains some important fee considerations.

DeFi lending protocols allow anyone to become a lender and make a profit without going through KYC, and unlike a centralized exchange, no custodian…


In a recent tweet that gained some popularity, we described the curious tale of Jhon Doe [sic]. Jhon went to sleep with a false sense of security after withdrawing all their funds from a questionable farming scheme believing no harm could be done as long as the funds were in their wallet.

Much to their surprise, Jhon woke up to discover half of their $UNI tokens were removed from the wallet, without them ever authorizing or signing a transaction.

Jhon’s private keys were never compromised, and there was no bug in the wallet. What made this hack possible is a…


Dune Analytics is a powerful tool for blockchain research. It can be used to query, extract, and visualize vast amounts of data on the Ethereum blockchain. This post goes over some basic examples of how to search and write basic queries as well as visualize them with graphs. The opportunities for exploration are limitless.

Dex Volume percentage (source)

In public blockchains such as Ethereum, all the information is inherently public. All you need is to look for it. So far, answering questions such as how many users does a project has, or what is the daily volume of a DEX, would most likely require…


TL;DR: As it turns out, “general front-running arbitrage bots” that can steal earning opportunities on the Ethereum blockchain, which were only thought to be theoretically possible, are indeed very real. The existence of such bots proves once more that arbitrage trading is a game for professionals, not amateurs.

By Alex Manuskin and Tal Be’ery

A few weeks ago, a DeFi thought leader named Dan Robinson published a great story on how his team lost a potentially profitable DeFi arbitrage to what he called “a monster.”

The monster he was describing was a generalized bot that can identify profitable DeFi transactions…


Decentralized finances create an interesting dynamic of auctions. Arbitrage and liquidation opportunities are examples of auctions where the first player to make the bid can make a healthy profit. This creates a race where multiple bots spam the transaction pool, competing for a good spot in the block. It is interesting to witness these shootouts between bots and traders, and even more interesting to understand how it works. This dynamic of backrunning, while interesting, also creates a burden on the network, which has to process all transactions broadcasted by the bots.

A good example took place during the token launch…


Optimization is fun. When it comes to laptops, one of those things you can never have too much of is battery life. Although modern Linux distributions are doing a great job improving on this aspect, using some well known and some less known tools, battery life and performance can be greatly improved. This guide will go over some tools to tweak a system for optimal results.

Although it is unlikely that any harm will be done, do note that some tools require changing configuration files, and are more involved than others. …


As part of our ongoing research on blockchains, we were able to spot some highly abnormal Ethereum transactions (Tx) early on. We’re referring to two recent transactions that led to millions of dollars in network fees being paid unnecessarily, instead of standard fees, that are usually less than $1. As a result, the sender lost this money as fees were paid to the block miner.

Our initial findings, posted on Twitter, were quickly noticed by the press.

In this article, we will briefly summarize the issue at hand. …


The tBTC platform set out on a quest for one of crypto’s most coveted prizes: connecting Bitcoin with Ethereum’s DeFi, building a bridge between crypto’s main continents, currently largely separated. however, its first iteration was very short-lived.

In this article we take a deeper look into tBTC, shedding light on the motivation behind it, dive into its inner workings, understand the root cause of current failure and finally speculate about its future.

Bitcoin and Ethereum: A game of mix and match

Bitcoin is the big tuna of the crypto world. It has the largest market cap, most users and the most liquidity ($170B currently), however not much of utility…


Last week, several DeFi projects related to Tokenlon’s imBTC token were hacked, resulting in cryptocoins worth tens of millions of USD getting stolen.

At ZenGo, we hold the security of our customers to be our highest priority. Therefore, whenever a major hack occurs, we investigate it to make sure our customers are safe and to learn valuable lessons from the experience of others. In this blog, we will explain this attack and share our findings.

We’ll take a more in-depth look at Ethereum DeFi (Decentralized Finance) and token standards, and shed more light on reentrancy attacks, DeFi’s most notorious attack…

Alex Manuskin

Open source | Blockchain | Research @ZenGo | Making cool things work

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store