MEV Bot Makes $1 Million, But a Hacker Steals it all Within an Hour

An odd development in decentralized finance saw an Ethereum (ETH) arbitrage trading bot win big and destroy it all on the same day.

Robert Miller, a researcher at the company Flashbots, revealed on Twitter how a MEV bot, through arbitrage trades, with the prefix 0xbadc0de could make 800 Ether (ETH), or almost $1 million.

Miller claims that a trader tried to liquidate $1.8 million in cUSDC using Uniswap v2 but received just $500 in return. This presented a big arbitrage opportunity for the bot. The bot promptly acted after spotting this opportunity to capitalize and made enormous earnings.

Yet, barely an hour later, a hacker took advantage of a flaw in 0xbadc0de’s bad code and convinced it to approve a transfer that depleted its amount of 1,101 Ethereum (ETH), which was at the time of posting, equal to $1.41 million.

The weakness can be found in the bot’s callback code, which was leveraged by the hacker to authorize a random address for expenditure, said blockchain security company PeckShield. On September 18, a flaw in Profanity, a vanity address generator for Ethereum (ETH), was leveraged, resulting in the theft of $3.3 million from several wallets. Investigations carried out by the DEX aggregator 1inch Network revealed that the process of creating the wallets was unclear. The DEX advised customers to transfer their funds after alerting them that their wallets were in jeopardy.

Nearly $1 million worth of Ethereum (ETH) was stolen from that other vanity wallet address over a week later. The hackers stole the money and moved it right away to Tornado Cash, a contentious cryptocurrency exchange.