Wednesday , November 30 2022
Home / Crypto news / How a Bot Gained and Lost Over $1 Million of ETH in One Night

How a Bot Gained and Lost Over $1 Million of ETH in One Night

Summary:
On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later. Here’s how the situation played out on-chain: The event began with a third-party trader mistakenly losing nearly million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return.  According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH. “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH.  However, that ETH was entirely stolen just an hour later. Miller

Topics:
Andrew Throuvalas considers the following as important: , , , , ,

This could be interesting, too:

Dimitar Dzhondzhorov writes Two Criminals Jailed for Stealing From Bitcoin Investors in Dubai (Report)

Andrew Throuvalas writes Sam Bankman Fried Still Thinks FTT Was “More Legit” Than Most Tokens

Arun Srivastav writes Crypto Ransom Demanded to Restore Compromised Servers of Indian Hospital: Report 

Bitcoin Schweiz News writes AngelBlock announces Community Phase Sale & Startup Grant Program winners

On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later.

Here’s how the situation played out on-chain:

  • The event began with a third-party trader mistakenly losing nearly $2 million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return. 
  • According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH.
  • “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH. 
  • However, that ETH was entirely stolen just an hour later. Miller claims the bot didn’t properly protect the function it’s used to execute dydx flashloans, leaving it vulnerable.

“When you get a flashloan the protocol you’re borrowing from will call a standardized function on your contract,” he said. “0xbaDc0dE’s code unfortunately allowed for arbitrary execution.”

  • Using this vulnerability, an attacker approved all of the bot’s WETH for spending on the contract, then transferred it to his own address. That was 1,106 WETH in total, worth over $1.4 million at writing time. 
  • Numerous vanity addresses generated by Profanity have also been drained of roughly $1 million in ETH this month. 

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *