An Ethereum arbitrage buying and selling bot were able to hit the jackpot and lose everything on the day that within an ironic turn of occasions in decentralized finance (DeFi).
Inside a Twitter thread, Robert Miller, who works in the research firm Flashbots, shared the way a Maximal Extractable Value (MEV) bot using the prefix 0xbadc0de could earn 800 Ether (ETH), around $a million, through arbitrage trades.
Based on Miller, the bot required benefit of an enormous arbitrage chance that came whenever a trader tried to sell $1.8 million in cUSDC with the decentralized exchange (DEX) Uniswap v2 and just got $500 price of assets in exchange. The bot detected this opportunity and immediately sprung to action and acquired massive profits.
However, only an hour or so later, a hacker exploited a vulnerability in 0xbadc0de’s “bad code” and tricked it into authorizing a transaction that drained its balance of just one,101 ETH, that was around $1.41 million during the time of writing.
#MEV A really lucrative MEV bot, internally named as 0xbad, was in some way tricked/hacked with 1,101 ETH loss (~$1.45M) within the following texas: https://t.co/FxXSY8AyhX
— PeckShield Corporation. (@peckshield) September 27, 2022
Based on the blockchain security firm PeckShield, the bug could be tracked to the bot’s callback routine, which was exploited through the hacker to approve a random address for spending.
Related: Pantera Chief executive officer bullish on DeFi, Web3 and NFTs as Token2049 will get going ahead
On Sept. 18, a vulnerability in Profanity, an Ethereum vanity address generator, was exploited, draining $3.3 million in funds from various wallets. Investigations made by the decentralized exchange (DEX) aggregator 1inch Network highlighted there was ambiguity with regards to the development of the wallets. The DEX cautioned users their wallets were in danger and advised these to transfer their assets.
Greater than a week later, another vanity wallet address was exploited and drained of just about $a million price of ETH. After stealing the funds, the online hackers immediately sent these to the questionable crypto mixer Tornado Cash.