- According to CertiK Alert, a hacker stole about $2 million in MEV bot hack.
- The hacker exploited a weakness where the MEV bot forgot to put permission limits on its functions.
- MEV bot contained an arbitrage trading function with no restrictions on callers.
CertiK Alert, a platform known for reporting crypto hacks and scams, posted that the MEV robot was hacked, with the hacker stealing nearly $2 million. According to the crypto alerts platform, the hacker exploited a weakness where the MEV bot forgot to put permission limits on its functions.
In a detailed presentation, CertiK Alert explained that the MEV bot contained an arbitrage trading function with no restrictions on callers. That vulnerability made it susceptible to attacks from forced arbitrage trading.
According to the crypto hacks reporting platform, to exploit the protocol, the attacker borrowed a flash loan at Aave and exchanged a significant amount of WETH for wBTC, throwing the curve’s exchange pool out of balance.
Furthermore, the hacker called the MEV bot’s vulnerability function to force another user to buy wBTC at an unreasonable price. The hacker sold the wBTC at a high price to earn more WETH and realize profit.
Yesterday, CertiK Alert reported that TheStandard.io, a decentralized stablecoin protocol, was exploited. It was noted that the hacker stole 8,500 USDC.e and 280,000 EUROs. The attacker proceeded to mint an Algebra position NFT with 222,819 EUROs.
Rosco Kalis, founder of Revoke.cash, noted in a recent publication on Coin Edition that the increasing trend of crypto hacks would continue until users became adequately educated on the workings of the industry. He also suggested that introducing specific tools could help protect crypto users who may not have enough time to spend on education.
According to CertiK Alert, the crypto industry lost about $32.2 million last month to bad actors. Exit scams accounted for about $8 million of the total loss; flash loans were almost $1.7 million; and exploits were responsible for about $22 million in losses.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.