Arbitrage Bot Exploited for $2.3M in Flash Loan Cyberattack on Curve Pool
In Brief
An attacker exploited an arbitration bot to siphon off $2.3 million by manipulating the Curve finance pool with a flash loan.
In a recent sophisticated cyberattack, an exploiter drained $2.3 million from an arbitration bot. The attack involved a flash loan and subsequent price manipulation within the Curve finance pool.
The incident unfolded when the attacker identified an exposed function within the bot’s code that allowed the conversion of Ethereum to Bitcoin. By taking out a massive flash loan of 27,255 WETH, valued at approximately $51.36 million, the attacker was able to significantly skew the WETH/WBTC price ratio in the Curve pool.
The attacker’s manipulation of the price ratios in the Curve pool deliberately led to a distorted market. Consequently, this forced the arbitrage bot into an unfavorable trade, exchanging 1339.8 WETH for just 6.95 WBTC, inflicting a significant financial blow to the bot’s operators.
The cyberattack transaction clearing the funds from the arbitration bot can be tracked on Etherscan, revealing the specifics of the strategy that led to the bot’s downfall. The affected bot’s address is publicly viewable, providing a transparent ledger of the financial activity leading up to the exploit.
Looks like an arb bot contract got rekt for $2m
— Spreek (@spreekaway) November 7, 2023
Had an open function to sell weth for wbtc and blackhat found it and moved the price of the pool to drain the arb bot contract. pic.twitter.com/BNRJUHrmAX
Twitter user spreekaway actively highlighted the event, summarizing the significant exploit that impacted the arbitration bot. The social media post shed light on a critical vulnerability within the bot’s code. An attacker exploited this flaw, showcasing the persistent dangers in automated cryptocurrency trading strategies.
This incident sharply highlights the inherent risks in the DeFi space. The complexity of smart contracts can occasionally open up unforeseen opportunities for exploitation. The persistence of these exploits underscores the critical necessity for thorough smart contract audits. It also calls for robust security implementations across the decentralized finance ecosystem.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.
More articlesNik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.