MEV bot gained massive profit of total worth 1M dollars by availing an arbitrage opportunity. It was tricked into authorising a malicious transaction that almost drained the funds. An Ethereum arbitrage trading bot hit the jackpot and suddenly, in the next moment, lost all on the same day in an ironic turn of events in decentralized finance.
After the Bitcoin launch in 2009, the industry came to light, stemming from its underlying technology, concept, and asset. One niche is the decentralised finance sector which is created as an alternative to traditional financial services. It contains the protocols and power decentralised applications. Lots of initial Defi applications were on Ethereum, and most of the ecosystem’s total value remains concentrated.
MEV bot Twitter Thread
In a Twitter thread, Robert Miller, who is a worker at the research firm Flashbots, shared how prefix Oxbadcode with the Maximal Extractable Value bot was able to earn 800 Ether (ETH), around $1 million through arbitrage trades.
In the opinion of Miller, the bot took advantage of a huge arbitrage opportunity that came when a trader attempted to sell 1.8 million dollars in Cusdc. The trader did that through the decentralised exchange (DEX) Uniswap v2. That trader only got 500 dollars worth of assets in return. MEV bot immediately sprung after detecting this chance to act and gained massive profits.
Eventually, after an hour, a hacker tried exploiting a vulnerability in Oxbadc0de’s bad code and tricked it into an authorised transaction. The result was that it drained a balance of 1,101 ETH, which was 1.41 million dollars.
PeckShield Inc. tweeted, “a very profitable MEV bot, internally named Oxbad, was somehow tricked/hacked with 1,101 ETH loss ($1.45M) in the following tx.” According to the blockchain security from PeckShield, the MEV bot had faced the bug which could be traced to the MEV bot’s callback routine. This was actually breached and exploited by a hacker to approve an arbitrary address for spending.
A vulnerability in Profanity, on September 18, an Ethereum vanity address generator was exploited. It drained 3.3 million dollars in funds from various wallets. Investigations were done by the decentralised exchange aggregate 1inch Network. It highlighted that there was an ambiguity in terms of the creation of the wallet.
Hacker Outsmarts MEV Bot
DEX warned the users that their wallets were at risk and urged them to transfer their assets. After week later, another vanity wallet address was exploited, and it drained 1 million dollars worth of ETH in the MEV bot.
The hacker outsmarted the MEV bot and transferred the stolen funds to the controversial crypto mixer Tornado Cash. The hacker stole 732 ETH worth about 950,000 dollars and also sent it to Tornado Cash mixer.
PeckShieldAlert stated, “Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer.”
The United Kingdom-based crypto on September 20 maker suffered an exploit that led MEV bot to 160 million dollars in loss. According to Ajay Dhingra, this exploit may have been because of the hot wallet of MEV bot which caused the manipulated bug in the smart contract. The firm’s founder and CEO, Evgeny Gaevoy, said to get in touch as they are opening to treat the exploit as a white hat hack.