MEV bot drained $1m after attacker manipulated bug 

A non-atomic MEV bot was reportedly drained $1 million through a bug. Further investigation shows it has been on the platform for a while and was responsible for prior bad trades.

In a Twitter thread, Flashbot’s Robert Miller explained that one bot’s attack led to the highest proposer payment of all time when an address received 691.96 ETH. He identified the bot as a non-atomic MEV bot that buys tokens in a block and sells them later. However, they sandwich occasionally, are generally profitable, and have millions of tokens on hand ($5 million).

The bot in question is sometimes some kind of non-atomic MEV bot, buying tokens in one block and selling them usually a bit later. But occasionally they sandwich too: https://t.co/pwMgELJPJu

Usually they are quite profitable. And they usually have a lot of tokens ($5m+) on hand.

— @bertcmiller ⚡️? (@bertcmiller) March 20, 2023

He explains that the attacker, 0x000…2D4, swapped $1 million in Tether for 325 WaBi. The transfer seemed like sandwiching a transaction, but the second one proved otherwise.

After investigation, it was confirmed that 0x000…2D4’s first trade was a backrun, while the second was them getting a backrun. The exploiter took 375 ETH, paid 150 ETH to the builder, and made 225 ETH. Miller mentions that sometimes, the attackers send the first sandwich part through flashbots and close the second via the mempool.

Moreover, oddly enough, we also find a huge backrun arb cleaning up 0x000…2D4’s mess. They made ~ 375 ETH and paid 150 ETH of that to the builder, making a cool 225 ETH for themselves.

That’s weird though, how’d they backrun 0x000…2D4?https://t.co/jBb7XhwmS2 pic.twitter.com/IU4HoXr8nd

— @bertcmiller ⚡️? (@bertcmiller) March 20, 2023

Further investigation showed that this was not the first time. 0x000…2D4 was backrun by a bot earlier, making 370 ETH and repeating the same process by sending it back to the mempool.

Miller writes that the bot has had the bug for a while, whereby it made bad trades weeks ago. Someone might have noted it and laid the bait for 0x000…2D4. Since the bot has gone off the rails after several bad trades, leading it to throw millions away.

Looking deeper into the block more we find more bad trades from 0x000…2D4! This time backrun by a bot who made ~370 ETH and bribed nothing to the builder! Free money for that MEV bot.https://t.co/jQgJUiF1z5

Again, 0x000…2D4 sent this to the mempool where it was backrun. pic.twitter.com/xBS9a66qHf

— @bertcmiller ⚡️? (@bertcmiller) March 20, 2023

Hackers in DeFi are rampant

Last September, an MEV bot 0xbaDc0dE lost over $1 million when a bad actor exploited a flaw in the code. 0xbaDc0dE was a mempool bot on ETH that was active over a few months and made about $220,000 in transactions.

Imagine making 800 ETH in a single arb

… and an hour later then losing 1100 ETH to a hacker

Here is the story of 0xbaDc0dE, an MEV bot who gained and lost it all in a few hours tonight

— @bertcmiller ⚡️? (@bertcmiller) September 27, 2022

The bot lost over 1100 ETH as it did not protect the “callFunction”, which the hacker used to execute dYdX flash loans. They then approved the transaction and took the funds to another address.

Most recently, Euler Finance, a crypto lending platform, fell victim to a flash loan attack that caused a $197m net loss.

Source