Hacks and exploits are increasingly taking more root in the crypto space. With the acceptance of digital assets globally, crimes also grow. The criminals use more technological approaches to aid their exploitation and hacks on protocols and platforms. A slight and negligible loophole is enough to result in these exploits.
MEV bot, an Ethereum arbitrage trading bot, amassed a whopping $1 million as a jackpot prize. However, the joy of its gains was short-lived as events turned out negatively for it some hours later. Before adequately reflecting on the tremendous value, a hack wiped the gains.
MEV Bot’s Crypto Gains Came Through Arbitrage Trading Opportunity
Robert Miller, an employee of Flashbots, a research firm, took to Twitter to report the attack. He noted that the Maximal Extractable Value (MEV) bot with the prefix 0xbadc0de earned Ether through arbitrage trades. He said the bot gained up to 800 ETH worth about 1 million in the works.
The bot leveraged a considerable arbitrage opportunity from trader sales from Miller’s explanation. The transaction involved about $1.8 million in cUSDC via Uniswap v2, a decentralized exchange (DEX). The trading yielded just $500 assets in return. Upon detecting the advantage, the bot immediately utilized its availability to obtain a huge earning.
But the bot’s gain could not stay much longer when a hacker discovered a vulnerability in its lousy code. The bad actor used the lapse to trick it into authorizing a transaction. The hacker wiped the bot’s balance, about 1,101 ETH.
PeckShield, a blockchain security company, revealed that the bug is traceable to the bot’s callback routine. This served as the loophole for the exploit through which the hacker approved an arbitrary address for spending.
Similar Vulnerability Attack
Vulnerability attacks on the crypto space are skyrocketing. For example, an Ethereum vanity address generator, Profanity, recorded a vulnerability exploit on September 18. The attack ended with a loss of $3.3 million worth of funds from different wallets.
1Inch Network, a DEX aggregator, investigated the exploit. The DEX discovered some ambiguity in the creation of the compromised wallets. It warned the wallet users to move their funds due to the risk associated with their use.
There was another exploit on a vanity wallet address just a week after that of Profanity. The attack resulted in the loss of some Ether valued at approximately $1 million. The hackers moved their proceeds to Tornado cash, the crypto mixer which was recently sanctioned.
Featured image from Pixabay, Chart: TradingView.com