How MEV Bots Stole $1.27 Million From This Crypto Platform
The maximal extractable value (MEV) bot carried out a flash loan attack and stole around $1.27 million from the BlackHole (BH) token.
MEV bots have attracted a lot of attention this year. Some utilize the bots to conduct sandwich attacks or take advantage of arbitrage opportunities.
MEV Bot Conducts Flash Loan Attack at Cost of Just $4
According to the MEV data website EigenPhi, there was an arbitrage MEV attack through the BH token on the BNB chain. The blockchain security platform Beosin Alert estimates a loss of $1.27 million. It explains:
“The attacker flash loaned a large amount of $USDT, then called 0x33688938() to add $USDT to the contract. The contract adds liquidity to the pair, with normal liquidity ratios of ~1 USDT : 100 BH.
The attacker then swapped $USDT for $BH via pair, called the 0x4e290832 function to remove liquidity.
Due to the attacker’s swap, the liquidity removal ratio was about 1 USDT : 2 BH, allowing to withdraw more $USDT.”
Read more: What Is Maximal Extractable Value (MEV)?
Arbitrage MEV attack on BH token. Source: EigenPhi
After conducting the flash loan attack, the BH token exploiter siphoned off the funds using the crypto mixer Tornado Cash. The screenshot below shows that the wallet sent funds to Tornado Cash in batches of 100 BNB.
Apart from this MEV bot attack on the BH token, there has been a surge in rug pull incidents on the BNB chain lately.
Read more: Top 7 Tornado Cash Alternatives in 2023
Attacker moves funds to Tornado Cash. Source: Etherscan
Platypus Finance Flash Loan Attack
Earlier on Thursday, the blockchain security firm PeckShield reported that the decentralized finance (DeFi) protocol Platypus Finance had been a victim of a $2 million exploit. The project has reacted by suspending all the pools and assuring the community members of timely updates.
While the nature of the transaction is not specified, it is potentially a flash loan attack. Also, in February 2023, the project lost $8.5 million through flash loan attacks.
BeInCrypto explained earlier:
“A flash loan is a crypto loan that is taken out and repaid within the same transaction.
However, this facility attracts bad actors to take huge loans and then use the amount to manipulate the market in their favor. Such malicious activity is referred to as a flash loan attack.”
The $200 million Euler Finance exploit in March 2023 was also a flash loan attack.