An Ethereum arbitrage bot managed to hit the jackpot and surprisingly lost everything in decentralized finance (DeFi) on the same day.
Robert Miller, who works at the research firm Flashbots, said in a Twitter thread It has been shared. How the Maximum Expenditure Value (MEV) bot with the prefix 0xbadc0de managed to earn around $1 million with 800 Ether (ETH) arbitrage trades.
According to Miller, the bot took advantage of a huge arbitrage opportunity that came when a trader tried to sell $1.8 million in cUSDC on decentralized exchange (DEX) Uniswap v2. The bot got this opportunity and immediately went into action and made huge profits.
However, just one hour later, a hacker used a vulnerability in the 0xbadc0de “bad code” to trick him into allowing a transaction that depleted his balance of 1,101 ETH, which at the time of writing was worth $1.41 million.
#MEV A highly profitable MEV bot internally named 0xbad was somehow duped/hacked for a loss of 1,101 ETH (~$1.45M) via the following tx: https://t.co/FxXSY8AyhX
– PeckShield Inc. (@peckshield) September 27, 2022
According to blockchain security firm PeckShield, the error can be traced back to the bot’s callback function, and it was. Exploited To approve an arbitrary address by the hacker for spending.
Related: As Token2049 launches, Pantera’s CEO is bullish on DeFi, Web3 and NFTs.
On September 18, a vulnerability in Profanti, Ethereum’s vanity address generator was used, destroying $3.3 million in funds from various wallets. Decentralized exchange (DEX) aggregator 1inch Network’s investigations have shown that there is ambiguity in the creation of wallets. DEX warns users that their wallets are at risk and urges them to transfer their assets.
More than a week later, another vanity wallet address was exploited and nearly $1 million in ETH was leaked. After stealing the money, the hackers immediately sent it to the controversial crypto mixer Tornado Cash.