DeFi User Loses $50M in Crypto Swap Error
A crypto user has lost millions during a crypto swap on the decentralized financial protocol Aave, a Maximal Extractable Value, or MEV, bot also running the transaction in front of almost 10 million dollars.
Decentralized exchange aggregator CoW protocol, a wallet recently funded by Binance with $50.4 million (USDT) and intends to convert the entire amount to Aave (AAVE) token on SushiSwap DEX on Thursday.
However, the wallet only received 327 AAVE tokens worth approximately $36,000, Eterscan said.
The result was almost a loss as the user paid around $154,000 for AAVE, compared to the market value of $114.
Adding to the damage was the MEV bot that launched a “sandwich attack” on the user. MEV bots scan for pending blockchain transactions, and in this case they target the highly profitable AAVE order to pre-empt the profit order to increase the token price.
The bot leveraged its front-end trading in Flash, opening $29 million in sealed Ether (ETH) tokens from Morpho and buying the user's transaction on Bancore to boost AAVE's value. He then sold the inflated tokens on SushiSwap for $9.9 million.
User ignored scrolling warnings: Aave
Automated market makers such as Sushi Swap use an automated price formula that adjusts for drift, the expected and actual trade price based on the size of the trade pool and recent trades.
According to Aave founder Stani Kulekov, the protocol interface on X warned the user about “strange drift” due to “unusually large amounts of single orders”.
“The user confirmed the warning on their mobile device and continued to switch, accepting the high slippage,” he said.
Related: Vitalik Buterin Proposes Solutions to Ethereum's MEV Problem
According to CoW DAO in X, “Although clear warnings show the user that they will lose almost all of their trade value, and even if they clearly want to enter the trade after seeing the warning, the user chooses to continue with the switch.
“No DEX, DEX aggregator, public liquidity pool or private liquidity pool (or combination thereof) could have filled this trade at a reasonable price anywhere.”
CoW DAO said that such transactions “show that DeFi UX is still not what it should be to protect all users,” and that it will refund any protocol fees associated with the transaction.
Aave's Kulechov said he is sorry to the user and will try to contact them to return the $600,000 he collected from the transaction.
“The key takeaway is that while DeFi is open and permissionless, allowing users to make transactions freely, there are additional safeguards that the industry can build to better protect users.”
Magazine: All 21 Million Bitcoins From Quantum Computers Are At Risk
