Currencies38131
Market Cap$ 2.27T+0.98%
24h Spot Volume$ 30.45B-8.03%
DominanceBTC56.30%+0.02%ETH9.49%+1.25%
ETH Gas0.06 Gwei
Cryptorank
/

Exploited MEV Bot Incurs $2M Loss in Curve Pool Swaps: Data


Exploited MEV Bot Incurs $2M Loss in Curve Pool Swaps: Data

Share:

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

According to PeckShield Alert data, an unknown Miner Extractable Value (MEV) bot has fallen victim to a hack, causing a loss of approximately $2 million.

The incident, which took place in the renowned curve pools, has led to multiple large swaps and subsequent reverse swap arbitrage.

Attacker Manipulates Curve Pool

The exploitation occurred when the arbitrage function, 0xf6ebebbb(), lacked proper authentication, providing an open door for the attacker to manipulate swaps across multiple curve pools. This malicious activity resulted in significant slippage, causing substantial losses for the affected parties.

As the situation unfolded, the attacker cunningly reversed the swaps to maximize their profits, compounding the impact of this incident.

The attacker exploited an arbitrage bot, resulting in a loss of $2.3 million through the Curve pool. They discovered an exposed function within the bot, which enabled them to trigger a transaction from Wrapped Ether (WETH) to Wrapped Bitcoin (WBTC).

Subsequently, they executed a flash loan for 27,255 WETH (equivalent to $51.36 million), utilizing it to significantly manipulate the price ratio of WETH/WBTC within the Curve pool.

By destabilizing the pool, the attacker compelled the arbitrage bot to convert 1,339.8 WETH (approximately $2.52 million) into 6.95 WBTC (around $244,000).

It is important to note that the owner of the MEV bot had already withdrawn funds from the contract prior to the attack.

Curve Finance Prior Exploits

On July 30, 2023, a series of exploitations occurred in multiple liquidity pools on Curve Finance, resulting in losses of approximately $70 million. This incident raised significant concerns within the DeFi community. The attacks were made possible due to a vulnerability in Vyper, a third-party Pythonic programming language utilized by Ethereum smart contracts, including those of Curve and other decentralized protocols.

It is important to note that, following the initial incident, both white hat hackers and Miner Extractable Value (MEV) bot operators collaborated to recover a portion of the lost funds. As a result, the final value of the losses may be lower than the initial reports suggested.

Less than a week after the exploit, the hacker returned 4,820 alETH and 2,258 ETH to Alchemix, which amounted to approximately $12.7 million.

On August 6, 2023, Curve Finance announced via Twitter that the deadline for the hacker to voluntarily return the remaining funds had passed. As a result, the company extended its bounty offer of $1.85 million to anyone who could identify the hacker.

The post Exploited MEV Bot Incurs $2M Loss in Curve Pool Swaps: Data appeared first on CryptoPotato.

Read the article at CryptoPotato

In This News

Coins

$ 63.87K

+1.12%

$ 1.79K

+2.37%

$ 0.00...361

$ 1.79K

+2.27%

$ 63.93K

+1.26%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 63.87K

+1.12%

$ 1.79K

+2.37%

$ 0.00...361

$ 1.79K

+2.27%

$ 63.93K

+1.26%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Aave V3 On zkSync Era Gives DeFi Lending Another Push Into ZK Rollups

Aave V3 On zkSync Era Gives DeFi Lending Another Push Into ZK Rollups

Aave V3 On zkSync Era Gives DeFi Lending Another Push Into ZK Rollups is the kind of ...
Crypto Posts Longest Losing Streak Since 2022, Yet On‑Chain Fundamentals Surge: Bitwise

Crypto Posts Longest Losing Streak Since 2022, Yet On‑Chain Fundamentals Surge: Bitwise

Bitwise data reveals three consecutive quarters of negative crypto returns, the worst...