MEV Has Spread to Bitcoin, in Subtler Forms Than on Ethereum

Arbitrage opportunities exist in traditional finance and in crypto, but in the latter they are more pronounced due to the visibility of pending transactions and slow settlement times.

Although less prominent than on Ethereum, MEV on Bitcoin is emerging through practices like “sniping” Ordinal inscriptions, mining empty blocks, and miner cartelization.

MEV emerging on Bitcoin could lead to pressure from the market for mempools to “go private” which would undermine the cryptocurrency’s founding tenets.

One of the supposed “killer apps” for cryptocurrencies and blockchains is the ability to trade all kinds of assets (if you can call them that) without a centralized financial intermediary. Never mind that the majority of these assets do nothing or purportedly do something by doing nothing at all. People have made immense returns trading them. Like the time in 2020 when everyone got rich off of SHIB and then again in 2023 trading WIF and trading PEPE.

When the early capital piled into these tokens, they were first purchased on decentralized exchanges with Automated Market Makers (AMM) well before they were available on centralized crypto exchanges. AMMs are decentralized applications which match buyers and sellers of crypto tokens without all the data sharing rigmarole associated with a regulated exchange. No passport pictures or snaps of your driver’s license or treble selfies or need to wait for anything or anyone in particular. All you have to do is connect your crypto wallet, tell the AMM you want to buy a certain amount of a certain asset, click buy, and you’re on your way.

What’s immediately interesting about these AMMs (aside from the convenience and privacy of avoiding identity checks) is that while crypto opinion leaders promote crypto and blockchains as the “next iteration” of the stock market (imagine the stock market, but it never closes… and if you make a mistake there is no recourse … which isn’t great unless you somehow profit off of a mistake or glitch, like say if you were on the right side of the trade when Berkshire Hathaway stock appeared to trade at around $180 instead of around $600,000), in a way equities markets are more real-time than AMMs are.

Crude example: Person A wants to buy Stock XYZ at $100 and Person B is selling Stock XYZ at $99. Because today’s financial markets are so hyperconnected, Person C somehow knows this (there are legal and illegal ways to find and act on this information) and buys Stock XYZ from Person B for $99 and instantly sells it to Person A for $100. Everyone is happy: Person A gets Stock XYZ, Person B gets $99, and Person C gets $1 arbitraging the trade.

That money making trade is now over, done and dusted, and with it gone and gobbled up by the arbitrageur Person C is the inefficiency in the market for Stock XYZ (the $1 difference between Person A’s buying price and Person B’s selling price). And this all happened in real time, by which we mean linearly, Person C had to get in between Person A and B at exactly the right time to execute that trade and it had to happen in that order (A to C to B).

We can, of course, see the same type of arbitrage with AMMs, albeit in a slightly different form. Suppose you heard about SHIB early and you wanted to buy some before it was available on a centralized exchange. Because it’s not on an exchange you called on an Ethereum-based AMM (SHIB was created on Ethereum as an ERC-20 token), and you clicked the buttons to make your purchase of SHIB tokens. When you make that order, it gets thrown into a big batch of proposed Ethereum transactions. Some of those transactions could be people buying stuff online with USDC, but many of them are trades for tokens like SHIB or WIF or PEPE.

All these transactions are viewable by everyone before they’re finalized and carried out because they hang out in a digital waiting room called the mempool. If the AMM you used for your trade mispriced SHIB because of a market inefficiency (like in our Stock XYZ example) someone on the network could construct an Ethereum transaction that purchases the SHIB before you using a different AMM to then sell it to you for a profit (because, remember, these transactions are viewable before they’re finalized).

To take this example even further, let’s assume your purchase of SHIB is rather large. In this situation everyone can see your very large, market-moving transaction is pending and can place trades around yours to take advantage of both market inefficiencies and the market-moving nature of your order.

Trades like this can be grouped together under the rubric of sandwich trades. Some opt for the term sandwich attacks because the AMM is not matching the buyer to the intended seller or sellers and because it could lead to the original buyer losing out in a big way before their trade even goes through (imagine if you wanted to buy 1 billion SHIB tokens and you only got 800 million because of an AMM inefficiency getting sandwich-traded).

Sandwich trades and other types of “inefficiency finding” are more broadly called Maximal (or Miner) Extractable Value. (Miners don’t exist in Ethereum anymore, hence the rebrand). This is what crypto technobabblers mean when they use the initialism MEV in conversation as if that’s common parlance (a la high finance’s EV or IRR). All MEV means is that in crypto those who verify transactions choose to order them in a way which is most profitable for themselves rather than for the transactors. Because block times (the time it takes for transactions to be verified) are not real time (in Ethereum transactions are verified every 12 seconds or so), there’s plenty of real-world time to make arbitrage trades. Especially if you are a bot instead of an actual human.

With this in mind, it shouldn’t take much to imagine that MEV has expanded beyond AMMs. A fair conclusion to the preceding technobabble is this: The more complicated the thing you’re trying to do is, the more likely MEV will occur (just like in regular ol’ finance).

The discussion around MEV is expansive. Is it good? Is it bad? Is it illegal?

Depends whom you ask.

On the plus side, MEV is the free market figuring out the actual costs of things on blockchains by snuffing out inefficiencies which will be taken advantage of until the inefficiency approaches zero. On the minus side, MEV makes it possible for unknowing laypeople and newer users to get absolutely demolished by the experts and the power users (sound familiar?).

So far, we’ve only mentioned Ethereum because, for all its first mover advantage, MEV has historically not existed on Bitcoin. It existed in theory, but in practice it’s not economically viable (except in very specific situations).

You’re probably wondering: “No MEV? If there’s MEV for Ethereum-based AMMs then surely there’s one for the Bitcoin-based AMMs?”

And you’d be right except that there aren’t any (meaningfully sized) Bitcoin-based AMMs. That’s because Ethereum is more expressive than Bitcoin, meaning you can “do more stuff with it,” like create coins with dog mascots or other memes to trade on AMMs and become rich.

And because Bitcoin isn’t as expressive, there isn’t a thriving market or AMM for new tokens on Bitcoin. And without new, fresh non-bitcoin assets on Bitcoin how could an AMM-related MEV opportunity present itself? What exactly would you be doing? Trading bitcoin for other bitcoin?

Well, yes. This is exactly where MEV on Bitcoin has begun to present itself.

MEV is nowhere close to as robust on Bitcoin as it is on Ethereum and when the topic is discussed among experts it’s always larded with caveats.

“It’s more like games you can play than MEV,” said Colin Harper, head of research and content at bitcoin mining firm Luxor Technology (no relation to the hotel in Vegas).

Three years ago, Bitcoin went through an update called Taproot, which made the network more expressive. This expressivity also accidentally made the Bitcoin equivalent of NFTs possible through Casey Rodarmor’s Ordinals protocol. This is what I mean by “trading bitcoin for other bitcoin”: “NFTs” can work on Bitcoin because the Ordinal protocol is able to see which satoshis (the smallest unit of bitcoin, a hundred millionth) are inscribed with arbitrary data which can be a picture or text or something else. These collectibles are called inscriptions so as to not be confused with NFTs (which are separate tokens). If you were buying an inscription, instead of buying an entirely new token as you would on Ethereum, you’re just buying some bitcoin that’s only special when seen through the lens of the Ordinals protocol.

This is, literally, buying bitcoin with bitcoin (buying less with more, of course). And like buying SHIB for ETH or USDC for USDT, buying bitcoin with bitcoin is an activity that can be front-run.

“When you sell inscriptions on Magic Eden or another marketplace like it, you’re using a PSBT [Partially Signed Bitcoin Transaction],” Harper explained. “The seller signs their half, and when the buyer purchases it they complete the transaction with their signature and the buyer pays the fee for the transaction. So if an NFT trader sees the transaction in the mempool, they can snipe it by broadcasting their own transaction that replaces the original buyer’s payment and address with their own. To do so, they broadcast an RBF [Replace-By-Fee] transaction with a higher fee to ensure that their transaction is confirmed before the original one.”

Although this isn’t quite like the pure-play MEV as discussed in the first section of this article, it still looks like MEV: The intended buyer and seller weren’t matched because a third party came in and offered more compensation for miners in exchange for the inscription and miners maximized their own value in the transaction by accepting the third party transaction.

Bitcoin still has miners (read here what that means compared to Ethereum’s validators) and in the business of mining there are some things happening somewhat regularly which look like MEV.

One common example is the mining of empty blocks. Periodically, a bitcoin block is mined with nothing in it. The block is useless to anyone save the miner who won the block, as no transactions which are waiting to be confirmed are verified except for the coinbase (small “c,” not the company) transaction which rewards the miner with the block reward. There’s a technical reason this happens, and really it’s an accident that empty blocks even occur, but it’s hard to argue that this is a) not MEV and b) good for Bitcoin (although it is also hard to argue that it’s bad).

There’s also the cartelization of miners. Many bitcoin miners now use mining pools to smooth out their revenue by mining in aggregate and being paid their proportional share. This could present an issue, especially as mining pools get bigger and bigger. As Walt Smith of VC firm Cyber Fund wrote in an extensive “MEV on Bitcoin” piece:

“… [P]ooled mining enables savvy multi-block MEV by raising the odds of winning consecutive blocks, creating systemic risk. Pools and other mining cartels have enforced common block templates by abusing pooling economics, blacklisting smaller miners practicing nonstandard block building. Consistent surplus fees plus economies of scale induces consolidation, birthing a pathological loop.”

Right now, some mining pools control a massive share of total network hashrate and two or three of them could club up to control over half of the computational power. If this cartel of pools won enough blocks in a row, it could exercise its monopoly power to maximize profits.

There’s one more real example of bitcoin miner behavior which might be MEV: out-of-band payments. These are instances where bitcoin miners are paid (either off-chain, or in a separate and seemingly unrelated bitcoin transfer) to accept transactions which are considered non-standard. Again, this isn’t pure-play MEV, because the extracted value does not occur on the blockchain as the result of savvy programmatic decisions. Instead, value is extracted by miners being paid more than they would have been paid otherwise to do something.

Some researchers worry that out-of-band payments are the first step on a slippery slope and could obscure incentives. But miners are jumping at the opportunity. Publicly traded mining giant Marathon (NASDAQ: MARA) has launched a service called Slipstream offering to accept non-standard transactions.

The concern is that this under-the-table practice could lead to private mempools, which would be troubling on any blockchain. As CoinDesk’s Sam Kessler writes: “Most pressingly, there’s the worry that private mempools might cement new middlemen at key areas in Ethereum’s transaction pipeline.”

If private mempools become where most transactions are submitted for confirmation, that would make it so only the selected few, the somehow ordained few, can affect Bitcoin transactions. This would centralize authority on the blockchain, an obviously unsavory situation for anyone who values censorship resistance.

There are other examples of MEV on Bitcoin and more will inevitably crop up. Since it’s here in some form, network participants need to pay attention.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.

Edited by Marc Hochstein.