top of page
Search
Writer's pictureConnie Chan

This MEV bot gained and lost over $1M in 1 hour


A Maximal Extractable Value (MEV) bot 0xbaDc0dE lost over $1 million after a hacker exploited a flaw in its code.


Flashbots’ Robert Miller explained that 0xbaDc0dE was a mempool bot active on ETH over the past few months, making about $220,000 transactions.


The bot got its big break after a user tried to sell cUSDC worth $1.8 million on Uniswap V2 but got about $500 in return, which generated a massive arbitrage opportunity.


According to Miller, 0xbaDc0dE took this opportunity and raked a handsome profit of 800 ETH.

However, the euphoria was short-lived because the MEV bot lost over 1100 ETH, around $1.4 million an hour later, due to a flaw in the code.

Miller said:

“It seems that the 0xbaDc0dE did not properly protect the function that they used to execute dYdX flash loans.”

The hacker exploited the “callFunction,” which is the function called by the dYdX router as a part of the flashloan execution, and the MEV bot code unfortunately allowed arbitrary execution.


So, the hacker got the bot to approve the transaction and moved all the funds to another address.


The recent incident showed how malicious players are taking advantage of vulnerabilities found in codes of crypto projects. This year alone, billions have been lost to hackers exploiting these vulnerabilities.


Only recently, a white hacker saved Arbitrum from an exploit that could have resulted in a loss of almost $500 million due to an initialization-related vulnerability.


Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Comments


bottom of page