MEV bot earns $1M but loses everything to a hacker an hour later

1 month ago 7

An MEV bot gained monolithic profits worthy $1 cardinal by seizing an arbitrage opportunity. However, it was tricked into authorizing a malicious transaction that drained the funds.

240 Total views

27 Total shares

MEV bot earns $1M but loses everything to a hacker an hr  later

An Ethereum arbitrage trading bot managed to deed the jackpot and suffer it each connected the aforesaid time successful an ironic crook of events successful decentralized concern (DeFi)

In a Twitter thread, Robert Miller, who works astatine the probe steadfast Flashbots, shared however a Maximal Extractable Value (MEV) bot with the prefix 0xbadc0de was capable to gain 800 Ether (ETH), astir $1 million, done arbitrage trades.

According to Miller, the bot took vantage of a immense arbitrage accidental that came erstwhile a trader attempted to merchantability $1.8 cardinal successful cUSDC done the decentralized speech (DEX) Uniswap v2 and lone got $500 worthy of assets successful return. The bot detected this accidental and instantly sprung to enactment and gained monolithic profits.

However, lone an hr later, a hacker exploited a vulnerability successful 0xbadc0de’s “bad code” and tricked it into authorizing a transaction that drained its equilibrium of 1,101 ETH, which was astir $1.41 cardinal astatine the clip of writing.

#MEV A precise profitable MEV bot, internally named arsenic 0xbad, was someway tricked/hacked with 1,101 ETH nonaccomplishment (~$1.45M) successful the pursuing tx: https://t.co/FxXSY8AyhX

— PeckShield Inc. (@peckshield) September 27, 2022

According to the blockchain information steadfast PeckShield, the bug tin beryllium traced backmost to the bot's callback routine, and this was exploited by the hacker to o.k. an arbitrary code for spending. 

Related: Pantera CEO bullish connected DeFi, Web3 and NFTs arsenic Token2049 gets underway

On Sept. 18, a vulnerability successful Profanity, an Ethereum vanity code generator, was exploited, draining $3.3 cardinal successful funds from assorted wallets. Investigations done by the decentralized speech (DEX) aggregator 1inch Network highlighted that determination was ambiguity successful presumption of the instauration of the wallets. The DEX warned users that their wallets were astatine hazard and urged them to transportation their assets.

More than a week later, different vanity wallet code was exploited and drained of astir $1 million worthy of ETH. After stealing the funds, the hackers instantly sent them to the arguable crypto mixer Tornado Cash. 

Read Entire Article