Sunday , December 22 2024
Home / Crypto news / How a Bot Gained and Lost Over $1 Million of ETH in One Night

How a Bot Gained and Lost Over $1 Million of ETH in One Night

Summary:
On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later. Here’s how the situation played out on-chain: The event began with a third-party trader mistakenly losing nearly million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return.  According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH. “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH.  However, that ETH was entirely stolen just an hour later. Miller

Topics:
Andrew Throuvalas considers the following as important: , , , , ,

This could be interesting, too:

Wayne Jones writes Argentina’s Mining Sector Pioneers Lithium Tokenization by Tapping Cardano

Wayne Jones writes Chinese Auto Dealer Dives Into Bitcoin Mining With 6M Investment

Wayne Jones writes Nigeria Arrests 792 in Landmark Crypto-Romance Scam Raid

CryptoVizArt writes Ethereum Price Analysis: Following a 15% Weekly Crash, What’s Next for ETH?

On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later.

Here’s how the situation played out on-chain:

  • The event began with a third-party trader mistakenly losing nearly $2 million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return. 
  • According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH.
  • “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH. 
  • However, that ETH was entirely stolen just an hour later. Miller claims the bot didn’t properly protect the function it’s used to execute dydx flashloans, leaving it vulnerable.

“When you get a flashloan the protocol you’re borrowing from will call a standardized function on your contract,” he said. “0xbaDc0dE’s code unfortunately allowed for arbitrary execution.”

  • Using this vulnerability, an attacker approved all of the bot’s WETH for spending on the contract, then transferred it to his own address. That was 1,106 WETH in total, worth over $1.4 million at writing time. 
  • Numerous vanity addresses generated by Profanity have also been drained of roughly $1 million in ETH this month. 

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *