MEV-Forensics: An On-Chain Attribution Framework for Sandwich Attack Variants and Validator-Layer Exploits with Behavioral Intent Scoring
DOI:
https://doi.org/10.62019/2wm4h249Keywords:
Maximal extractable value; blockchain forensics; sandwich attack; on-chain attribution; digital evidence; intent scoring; Ethereum; validator-layer exploit; graph analysis; machine learning forensics.Abstract
A jury deadlocked in November 2025 over a 25 million USD blockchain exploit because prosecutors could not translate an immutable transaction record into proof of deliberate deception. That outcome exposes a methodological gap in current blockchain forensic practice. This paper introduces MEV-Forensics, a four-stage on-chain attribution pipeline that addresses three structurally distinct maximal extractable value attack types: classic mempool sandwich attacks, validator-layer exploits targeting MEV-Boost relay infrastructure, and private-channel sandwich attacks. An eight-indicator behavioral intent scoring rubric is used to derive a composite score from on-chain features grounded in specific elements of wire fraud doctrine. Application to a ground-truth dataset of 2,400 documented attacks spanning January 2021 through December 2024 produces precision of 0.891 with 95 percent bootstrap confidence interval of 0.873 to 0.908, recall of 0.847, false-positive rate of 3.2 percent, and area under the ROC curve of 0.934. Five-fold cross-validation confirms mean precision of 0.886 with standard deviation of 0.012. Inter-rater agreement across three independent practitioners, measured using Cohen's weighted kappa with quadratic weights, reaches 0.74. Cross-jurisdictional admissibility analysis maps rubric output to evidentiary standards under United States, United Kingdom, and European Union law.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
