A crypto user lost millions of dollars while trading crypto on the Aave decentralized financial protocol with the maximum minable value, or MEV, the bot also advances the transaction to nearly $10 million.
A recently funded wallet from Binance with 50.4 million USDT (USDT) completed a swap through decentralized exchange aggregator CoW Protocol and SushiSwap DEX on Thursday, aiming to convert the entire amount into Aave (AAVE) tokens.
However, according to Etherscan, the wallet only received 327 AAVE tokens, worth about $36,000.
The result was almost a total loss, as the user paid about $154,000 for one AAVE, compared to its market price of about $114.
Adding to the damage was an MEV bot that did a “sandwich attack” on the user. MEV’s bots scan blockchain transactions and in this case targeted a large AAVE entry order to drive up the token’s price before the order took a profit.
The bot advanced the transaction by taking $29 million in wrapped Ether (ETH) tokens from Morpho to drive up the price of AAVE before the user transacted with a purchase on Bancor. It then sold the inflated tokens on SushiSwap for $9.9 million.
User ignored swipe warnings: Aave
Automated marketers, such as SushiSwap, use an automated pricing formula that adjusts the slippage, expected and actual trade prices based on the size of the trade pool and upcoming trades.
Aave founder Stany Kulechov posted to X that the protocol’s interface is warning the user of an “emergency slip” due to an “unusual size of a single order.”
“The user confirmed the notification on their mobile device and proceeded to switch, accepting a high swipe, eventually receiving only 324 AAVE in the switch,” he said.
related to: Vitalik Buterin proposes a solution to the MEV Ethereum problem
CoW DAO in X said that “despite clear warnings to the user that they would lose almost all of the value of their transactions, and despite clearly entering the trade after seeing the warning, the user chose to continue trading.”
“No DEX, DEX aggregator, public liquidity pool, or private liquidity pool (or combination thereof) was able to fill this trade at a reasonable price.”
CoW DAO said that trades like this “show that the DeFi UX is not yet where it needs to be to protect all users,” adding that it would refund any protocol fees associated with the transaction.
Aave’s Kulechov said he sympathizes with the user and will try to contact them to get a refund of the $600,000 in transaction fees he received.
“The key takeaway is that while DeFi should remain open and permissionless, allowing users to transact freely, there are additional safeguards that the industry can build to better protect users.”
Magazine: All 21 million bitcoins from quantum computers are at risk
