On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later.
Here’s how the situation played out on-chain:
- The event began with a third-party trader mistakenly losing nearly $2 million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return.
- According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH.
- “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH.
- However, that ETH was entirely stolen just an hour later. Miller claims the bot didn’t properly protect the function it’s used to execute dydx flashloans, leaving it vulnerable.
“When you get a flashloan the protocol you’re borrowing from will call a standardized function on your contract,” he said. “0xbaDc0dE’s code unfortunately allowed for arbitrary execution.”
- Using this vulnerability, an attacker approved all of the bot’s WETH for spending on the contract, then transferred it to his own address. That was 1,106 WETH in total, worth over $1.4 million at writing time.
- Numerous vanity addresses generated by Profanity have also been drained of roughly $1 million in ETH this month.
SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.
- AA News
- Bitcoin
- blockchain
- blockchain compliance
- blockchain conference
- coinbase
- coingenius
- Consensus
- crypto conference
- crypto mining
- Crypto News
- cryptocurrency
- CryptoPotato
- decentralized
- DeFi
- Digital Assets
- ethbtc
- ethereum
- ETHUSD
- hacking
- machine learning
- non fungible token
- plato
- plato ai
- Plato Data Intelligence
- Platoblockchain
- PlatoData
- platogaming
- Polygon
- proof of stake
- Social
- W3
- zephyrnet
More from CryptoPotato
Visa Steps into NFT: Purchased a CryptoPunk for $160,000
Source Node: 1040553
Time Stamp: Aug 23, 2021
Binance CEO Clears the Air on Involvement With Frozen Exchange WazirX
Source Node: 1610420
Time Stamp: Aug 5, 2022
US SEC Charges Two Firms for Alleged Crypto Pump and Dump Scheme
Source Node: 1716290
Time Stamp: Oct 2, 2022
From Mobile Applications to Exchange-Traded Products: New Crypto Developments in Europe
Source Node: 893372
Time Stamp: Jun 1, 2021
2 Possible Reasons Why Ripple (XRP) Price Skyrocketed 50% in a Week
Source Node: 1682689
Time Stamp: Sep 23, 2022
Standard Chartered Launches Blockchain-based Trade Finance Platform
Source Node: 1049774
Time Stamp: Aug 30, 2021
Attacks on Ethereum 2.0 Possible, But Developer Outlined a Fix Before the Merge
Source Node: 1104933
Time Stamp: Nov 5, 2021
NFT Creator Animoca Launches $30M Program to Boost Play-to-Earn Guild Ecosystem
Source Node: 1608903
Time Stamp: Feb 14, 2022
OpenSea Compensates Affected Users with Over $1.8 Million Following Exploit
Source Node: 1161295
Time Stamp: Jan 30, 2022
Bitget Betting Big on AI With $10M Investment in Fetch.ai Ecosystem
Source Node: 2078013
Time Stamp: Apr 30, 2023
What’s the Best Altcoin to Buy in 2024? Here’s What Experts Say
Source Node: 2469230
Time Stamp: Feb 5, 2024