Decentralized finance (DeFi) platforms are experiencing liquidity issues today, each born from divergent circumstances and resulting in significantly different outcomes.
In the first incident, a user made three substantial swaps of Circle’s USDC stablecoin on the Uniswap V3 decentralized exchange. The transactions, amounting to 220,000, 131,000, and 91,000 USDC respectively, netted a mere 10,000 Tethers (USDT) after falling prey to a maximum extractable volume (MEV) bot. Blockchain security firm Peckshield, which regularly monitors and alerts the DeFi community about suspicious transactions, hacks, and phishing attacks, flagged these unusual swaps.
Although the three transactions originated from distinct addresses, examination of their transaction histories hints that they likely belong to the same entity. In all instances, the tokens used for the swaps were withdrawn from Aave’s $1.2 billion USDC pool approximately seven hours prior to the incident, with USDT also being withdrawn but not swapped.
MEV bots continually scan Ethereum’s mempool, a list of pending transactions, to capitalize on potential opportunities to profit from other users’ actions. Typically, an MEV bot sends a transaction before the victim’s to manipulate the price of assets in the liquidity pool through which assets are swapped on decentralized exchanges like Uniswap. In this particular situation, the bot’s front-run transaction swapped 18 million USDC, skyrocketing the price of USDT in the pool by a factor of 44. The victim’s original transaction then proceeds, and the bot back-runs the victim, earning around $200,000 in profit.
Trades are normally safeguarded through “slippage” settings, which establish a minimum amount of tokens to be received or else the transaction reverts. However, in these swaps, the amountOutMinimum parameter was set to zero, leaving the transactions vulnerable.
Meanwhile, in another corner of DeFi, on-chain leverage trading exchange Hyperliquid found itself having to reassure users that it hadn’t been hacked after a trader reported a rare profit. The Hyperliquid “whale” initiated an Ether (ETH) long on 50x leverage, resulting in a realized profit of $1.8 million. Nevertheless, this action took a $4 million chunk out of the Hyperliquidity Provider (HLP) vault when collateral was withdrawn, and the position was liquidated.
Due to this, Hyperliquid has since halved the max leverage offered on ETH. The HLP vault, which allows users to participate in market making on the platform, sharing in both profits and losses, has accrued deposits totalling $436 million according to data from DeFiLlama. This loss of $4 million equates to roughly a month’s growth in the vault.
As the dust settles on these incidents, the DeFi community continues to grapple with the inherent risks and rewards of decentralized finance. Many users, however, seem to retain a sense of humor about the volatility, with one user jokingly remarking that people thought there was an exploit “because someone made money longing eth”.
