skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,759.46 0.99%
ethereum
Ethereum (ETH) $ 3,340.10 4.03%
tether
Tether (USDT) $ 1.00 0.05%
solana
Solana (SOL) $ 259.52 6.73%
bnb
BNB (BNB) $ 624.28 1.72%
xrp
XRP (XRP) $ 1.48 33.04%
dogecoin
Dogecoin (DOGE) $ 0.393673 2.27%
usd-coin
USDC (USDC) $ 0.999256 0.04%
staked-ether
Lido Staked Ether (STETH) $ 3,338.00 3.44%
cardano
Cardano (ADA) $ 0.909717 15.23%

MEV bot earns $1M but loses everything to a hacker an hour later

An MEV bot gained massive profits worth $1 million by seizing an arbitrage opportunity. However, it was tricked into authorizing a malicious transaction that drained the funds.

433 Total views

36 Total shares

MEV bot earns $1M but loses everything to a hacker an hour later

An Ethereum arbitrage trading bot managed to hit the jackpot and lose it all on the same day in an ironic turn of events in decentralized finance (DeFi). 

In a Twitter thread, Robert Miller, who works at the research firm Flashbots, shared how a Maximal Extractable Value (MEV) bot with the prefix 0xbadc0de was able to earn 800 Ether (ETH), around $1 million, through arbitrage trades.

According to Miller, the bot took advantage of a huge arbitrage opportunity that came when a trader attempted to sell $1.8 million in cUSDC through the decentralized exchange (DEX) Uniswap v2 and only got $500 worth of assets in return. The bot detected this chance and immediately sprung to action and gained massive profits.

However, only an hour later, a hacker exploited a vulnerability in 0xbadc0de’s “bad code” and tricked it into authorizing a transaction that drained its balance of 1,101 ETH, which was around $1.41 million at the time of writing.

#MEV A very profitable MEV bot, internally named as 0xbad, was somehow tricked/hacked with 1,101 ETH loss (~$1.45M) in the following tx: https://t.co/FxXSY8AyhX

— PeckShield Inc. (@peckshield) September 27, 2022

According to the blockchain security firm PeckShield, the bug can be traced back to the bot’s callback routine, and this was exploited by the hacker to approve an arbitrary address for spending. 

Related: Pantera CEO bullish on DeFi, Web3 and NFTs as Token2049 gets underway

On Sept. 18, a vulnerability in Profanity, an Ethereum vanity address generator, was exploited, draining $3.3 million in funds from various wallets. Investigations done by the decentralized exchange (DEX) aggregator 1inch Network highlighted that there was ambiguity in terms of the creation of the wallets. The DEX warned users that their wallets were at risk and urged them to transfer their assets.

More than a week later, another vanity wallet address was exploited and drained of almost $1 million worth of ETH. After stealing the funds, the hackers immediately sent them to the controversial crypto mixer Tornado Cash. 

Loading data ...
Comparison
View chart compare
View table compare
Back To Top