In an ironic twist of events in Decentralized Finance (DeFi), an Ethereum arbitrage trading robot managed to win the jackpot and then lose it all at once.
Robert Miller, a researcher at Flashbots, shared the story of how a Maximal Extractable Valu (MEV) bot using the prefix 0xbadc0de was capable to earn 800 Ether ( ETH), approximately $1 million through arbitrage trades.
Miller claims that the bot took advantage a huge arbitrage opportunity when a trader tried to sell $1.8million in cUSDC via the decentralized Exchange (DEX) Uniswap v2 but received only $500 in assets back. This opportunity was immediately recognized by the bot and it reacted quickly to make huge profits.
A hacker discovered a flaw in 0xbadc0de “bad code” within an hour and forced it to authorize a transaction that took its balance of 1,101 Ethereum, approximately $1.41million at the time.
#MEV A very profitable MEV bot, internally named as 0xbad, was somehow tricked/hacked with 1,101 ETH loss (~$1.45M) in the following tx: https://t.co/FxXSY8AyhX
— PeckShield Inc.
September 27, 2022
The bug was spotted by PeckShield, a blockchain security company. This routine is used by the hacker to approve spending at an arbitrary address.
Related: Pantera CEO is bullish about DeFi, Web3 & NFTs as Token2049 gets underway
A vulnerability in Profanity (an Ethereum vanity address generator) was exploited on Sept. 18. The attack took $3.3 million out of various wallets. 1inch Network, a decentralized exchange (DEX), found that the creation of wallets was unclear. DEX warned users about the danger to their wallets and advised them to move their assets.
A week later, another vanity address was exploited. was drained of nearly $1 million of Ethereum. The hackers immediately stole the funds and sent them to Tornado Cash, a controversial crypto-mixer.