On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later. Here’s how the situation played out on-chain: The event began with a third-party trader mistakenly losing nearly million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return. According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH. “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH. However, that ETH was entirely stolen just an hour later. Miller
Topics:
Andrew Throuvalas considers the following as important: AA News, defi, ETHBTC, ethusd, Hacking, social
This could be interesting, too:
Bitcoin Schweiz News writes Manuel Stagars: Eine neue Dokumentation über das Crypto Valley in Entwicklung
Bitcoin Schweiz News writes Tokenisierung live erleben: Von der Regulierung zur Praxis am 10. April in Zug
Bitcoin Schweiz News writes Ethereum Foundation fördert DeFiScan: Ein Meilenstein für Transparenz im DeFi-Sektor
Bitcoin Schweiz News writes Are US Gold Reserves Soon to Be Crypto Tokens? The Blockchain Revolution for National Gold
On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later.
Here’s how the situation played out on-chain:
- The event began with a third-party trader mistakenly losing nearly $2 million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only received 518 USDC in return.
- According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH.
- “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH.
- However, that ETH was entirely stolen just an hour later. Miller claims the bot didn’t properly protect the function it’s used to execute dydx flashloans, leaving it vulnerable.
“When you get a flashloan the protocol you’re borrowing from will call a standardized function on your contract,” he said. “0xbaDc0dE’s code unfortunately allowed for arbitrary execution.”
- Using this vulnerability, an attacker approved all of the bot’s WETH for spending on the contract, then transferred it to his own address. That was 1,106 WETH in total, worth over $1.4 million at writing time.
- Numerous vanity addresses generated by Profanity have also been drained of roughly $1 million in ETH this month.