DeFi trader hit by MEV attack swapped 440K USDC for just 10K USDT

Liquidity issues affected users on two decentralized finance (DeFi) platforms today, though for different reasons and with widely differing consequences.

In what appears to be user error, three sizable swaps of 220,000, 131,000, and 91,000 of Circles USDC stablecoin netted a total of just over 10,000 tethers (USDT) after falling victim to a maximum extractable volume (MEV) bot.

The swaps, made via the Uniswap V3 decentralized exchange, were flagged by blockchain security firm Peckshield, which regularly alerts the DeFi community to hacks, phishing attacks, and suspicious transactions.

While the three affected transactions all come from distinct addresses, a brief look at their transaction histories indicates they are likely to be from the same individual.

In all three cases, the tokens used in the swaps were withdrawn from the DeFi lending platform Aaves $1.2 billion USDC pool around seven hours previously. USDT was also withdrawn but not swapped.

MEV bots ready to pounce

MEV bots scan Ethereums mempool, the list of pending transactions, looking for opportunities to profit from the actions of other users.

Typically, this involves sending a transaction before the victims in order to manipulate the price of assets in the liquidity pool via which assets are swapped on a decentralized exchange such as Uniswap.

In this case, the bot‘s front-run transaction swapped 18 million USDC, increasing the price of USDT within the pool by a factor of 44. The victim’s original transaction then goes through, and finally, the bot back-runs the victim, clearing approximately $200,000 profit.

Trades are usually protected via “slippage” settings, which define a minimum amount of tokens to be received or the transaction reverts. However, for these swaps, the amountOutMinimum parameter was set to zero.

H(e)LP

Elsewhere in DeFi, on-chain leverage trading exchange Hyperliquid took to X to reassure users it hadnt been hacked after a trader shocked the community by actually making money for a change.

Read more: Are North Korean hackers liquidated on HyperLiquid planning something？

The Hyperliquid “whale” opened an ether (ETH) long on 50x leverage, resulting in a realised profit of $1.8 million. However, the traders actions took a $4 millionchunk out of the Hyperliquidity Provider (HLP) vault when collateral was withdrawn, and the position was liquidated.

Hyperliquid has since reduced the max leverage offered on ETH by half.

The HLP vault allows users to participate in market making on the platform, sharing in both profits and losses, and has accrued deposits totalling $436 million according to data from DeFiLlama.

Todays $4 million lossrepresents around 30 days of growth in the vault.

One X user summed up recent ETH trading sentiment, quipping “ppl thought their [sic.] was an exploit because someone made money longing eth”.