A cryptocurrency user lost millions while exchanging cryptocurrencies on the decentralized finance protocol Aave, with a maximum extraction (MEV) bot also leading the trade and making almost $10 million.
A recently funded wallet from Binance containing 50.4 million USDt (USDT) performed a swap through decentralized exchange aggregator CoW Protocol and SushiSwap DEX on Thursday, with the goal of converting the full amount to the Aave token (AAVE).
However, the wallet only received 327 AAVE tokens worth approximately $36,000, According to to Etherscan.
The result was an almost total loss as the user paid approximately $154,000 for AAVE compared to the market price of approximately $114.
The losses were caused by the MEV bot, which carried out a “sandwich attack” on the user. MEV bots scan pending blockchain transactions and in this case target a huge incoming AAVE order to inflate the pre-order token price in order to make a profit.
The bot executed a trade by borrowing $29 million worth of Ether (ETH) tokens from Morpho to drive up the price of AAVE ahead of the user’s transaction involving a purchase at Bancor. He then sold the inflated tokens on SushiSwap for a profit of $9.9 million.
User ignored slip warnings: Aave
Automated market makers like SushiSwap employ an automated pricing formula that adjusts slippage, or the intended and actual price of a trade, depending on the size of the trade pool and upcoming trades.
Aave founder, Stani Kulechov sent X that the protocol interface warned the user of “extraordinary slippage” resulting from the “unusually large size of a single order.”
“The user acknowledged the warning on his mobile device and continued the trade, accepting the large slippage,” he said.
Related: Vitalik Buterin proposes solutions to the MEV problem in Ethereum
DAO cow he said to
“No DEX, DEX aggregator, public liquidity pool or private liquidity pool (or combination thereof) would have been able to execute this transaction at anywhere near a reasonable price.”
CoW DAO said these types of transactions “show that DeFi UX is still not where it needs to be to protect all users,” adding that it will refund any protocol fees associated with the transaction.
Kulechov said Aave sympathizes with the user and will try to contact him to refund the $600,000 in fees charged on the transaction.
“The key takeaway is that while DeFi should remain open and permissionless, allowing users to transact freely, there are additional guardrails the industry can build to better protect users.”
Warehouse: Fully 21 Million Bitcoins Are at Risk from Quantum Computers
