In an ironic twist in decentralized finance (DeFi), an Ethereum arbitrage trading bot managed to win big and lose it all on the same day.
A MEV bot took advantage of an arbitrage opportunity and made huge gains of $1 million. However, it was duped into approving a fraudulent transaction that siphoned off the money. Arbitrage bots are programs that automate trading for profits based on historical market information.
Robert Miller, a researcher at the company Flashbots, revealed on Twitter how a MEV bot with the prefix 0xbadc0de was able to make 800 Ether (ETH), or almost $1 million, through arbitrage trades.
Miller claims that a trader tried to sell $1.8 million in cUSDC through the decentralized exchange (DEX) Uniswap v2 but received only $500 worth of assets in return. This presented a huge arbitrage opportunity for the bot. The bot promptly acted after spotting this opportunity to capitalize and made enormous earnings.
However, barely an hour later, a hacker took advantage of a flaw in 0xbadc0de’s “bad code” and convinced it to approve a transaction that depleted its balance of 1,101 ETH, which at the time of writing was equivalent to $1.46 million.
The weakness can be found in the bot’s callback code, which was exploited by the hacker to authorise an arbitrary address for spending, said blockchain security company PeckShield.
3.3 million dollars were stolen from several wallets on September 18 as a result of a flaw in Profanity, an Ethereum vanity address generator. Investigations carried out by the decentralized exchange (DEX) aggregator 1inch Network revealed that the process of creating the wallets was unclear. The DEX advised customers to transfer their funds after alerting them that their wallets were in danger.
Almost $1 million worth of ETH was stolen from another vanity wallet address more than a week later. The hackers stole the money and moved it right away to Tornado Cash, a controversial crypto-mixer.
Despite claiming to offer stress-free passive income, MEV gain, an Ethereum arbitrage trading bot created by MEVbots, has recently been found to aggressively drain its users’ cash using a fund-stealing backdoor.