A hacker’s attempt to exploit the decentralized finance (DeFi) platform Curve Finance was thwarted by a bot. The bot, operated by a white-hat hacker known as ‘coffeebabe.eth’, managed to frontrun the hacker’s transaction, effectively stealing the stolen funds.
Here’s a breakdown of the events:
- Curve Finance, a stablecoin exchange at the heart of DeFi on Ethereum, was the victim of an exploit due to a “re-entrancy” bug in Vyper, a programming language used to power parts of the Curve system. This bug allowed attackers to trick a smart contract by making repeated calls to a protocol in order to steal assets.
- The exploit put upwards of $100 million worth of cryptocurrency at risk, with several stablecoin pools on the platform being drained by hackers. The exact amount drained from Curve as a result of the attack was unclear at the time, with estimates ranging from $42 million to $20 million of CRV and a version of ether.
The Bot’s Intervention
- A miner extractable value (MEV) bot, operated by ‘coffeebabe.eth’, spotted the hacker’s transaction. MEV bots search the chain for profitable trades and frontrun the transactions by using higher gas fees.
- In this case, the bot did the same transaction as the hacker but with a higher gas fee, resulting in the bot’s transaction going through first and getting the 2800 ETH instead of the hacker.
- ‘Coffeebabe.eth’, being a white-hat hacker, returned the stolen funds to Curve Finance. This act of ethical hacking saved the platform from a significant loss.
- Despite the exploit, CRV’s price denominated in Korean won (KRW) rose sharply on South Korea-based digital assets exchange Bithumb, trading up more than 500% for the day.
This is a developing story.
This article is published on BitPinas: Only in Crypto: Bot Frontruns Hacker Who Tried to Steal 2800 ETH ($5.5m) from Curve Finance Exploit
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.