Greetings WIWers!
We’re back with another episode of WIW Insight, where we bring you the latest and most relevant news from the crypto space. This time, we’re going to dive into a big story that involved the Curve Finance and MEV bots recently.
And of course, we have some amazing updates to share with you. You’ll be amazed by what we’ve done!
On July 30, 2023, a group of attackers exploited a vulnerability in Curve Finance. The exploit resulted in the loss of more than $24 million worth of crypto from various DeFi projects that integrated with Curve’s liquidity pools.
The root cause of the exploit was traced back to Vyper, an alternative programming language for Ethereum smart contracts that was used by Curve to create some of its pools. According to Curve, there was a malfunctioning reentrancy lock in the Vyper code, which allowed the attackers to make multiple calls to the same function and manipulate the balances of the pools. The attackers leveraged flash loans, fake tokens, and arbitrage opportunities to drain funds from the vulnerable pools.
c0ffeebabe.eth: The MEV front-runner who returned funds
Although the attacker managed to drain funds from several liquidity pools on Curve, including alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH. In a surprising twist, an MEV bot operator named c0ffeebabe.eth intervened and returned $5.4 million worth of ETH to Curve Finance, showing a rare display of ethical hacking in the DeFi space.
c0ffeebabe.eth managed to outsmart the attackers and snatch some of the funds before they could escape, but instead of keeping them, She chose to send them back to Curve’s deployer address. c0ffeebabe.eth’s action helped to reduce some of the losses suffered by Curve Finance and its partners, such as JPEG’d, Alchemix, and Saddle Finance, who were also affected by the exploit.
Breaking Down c0ffeebabe.eth’s On-chain History
A quick glance at c0ffeebabe.eth’s on-chain badge portfolio reveals two impressive WIW Badges: Ethereum Rookie and Gas Guzzler. These badges show that this address has been burning gas like crazy on Ethereum, ranking in the top 0.02% of gas guzzlers among 33k other addresses, despite being active for only around 6 months. This is a clear sign of the power of MEV Bot, which enables crypto traders to capture arbitrage opportunities across different markets and squeeze value out of other traders’ transactions.
Judging from the Wind Speaker and Wind Seeker WIW Badges she obtained, users of this MEV Bot are also enthusiastic supporters of Tornado Cash. In fact, despite that Tornado was sanctioned for quite a long while, it still proved to be the most effective application from the perspective of privacy when transferring funds on-chain. Thus, the value it can bring to high-frequency crypto traders is evident.
Since the Tornado Cash sanction actually happened last year, these new batch of Tornado-related addresses did not suffer much impact. c0ffeebabe.eth didn’t possess the “TORNed” commemorative WIW Badge, as a memorial to the sanction. You can find various badges related to major crypto events at https://app.wiw.io/badge-library to record your connections with crypto history.
