A crypto user attempting a $50 million USDT to AAVE swap on the decentralized finance platform Aave suffered a catastrophic loss, with a Maximal Extractable Value (MEV) bot capitalizing on the transaction to siphon off nearly $10 million.
The swap, executed via the CoW Protocol and SushiSwap decentralized exchange (DEX), was intended to convert the entire $50.4 million USDT into AAVE tokens. However, the wallet ended up with a mere 327 AAVE tokens, valued at approximately $36,000, according to Etherscan. This means the user paid around $154,000 per AAVE, a stark contrast to the token’s market price of roughly $114.
The loss was exacerbated by a MEV bot that performed a ‘sandwich attack.’ These bots scan pending blockchain transactions and, in this case, targeted the large incoming AAVE order to artificially inflate the token’s price. The bot front-ran the transaction by flash-borrowing $29 million in wrapped Ether (ETH) from Morpho, then drove up the price of AAVE on Bancor before the user’s transaction was executed. It then sold the inflated tokens on SushiSwap for a $9.9 million profit.
Warnings Ignored, Trade Proceeded
Aave founder Stani Kulechov highlighted that the protocol’s interface had warned the user about the ‘extraordinary slippage’ due to the unusually large size of the single order. ‘The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return,’ Kulechov said.
The CoW DAO, the decentralized autonomous organization behind the CoW Protocol, also noted that despite clear warnings, the user opted to proceed with the trade. ‘No DEX, DEX aggregator, public liquidity pool, or private liquidity pool (or combination thereof) would have been able to fill this trade at anywhere near a reasonable price,’ the CoW DAO stated.
DeFi UX: A Critical Issue
This incident underscores the ongoing challenges in the user experience (UX) of decentralized finance (DeFi). ‘Trades like this show that DeFi UX still isn’t where it needs to be to protect all users,’ the CoW DAO added. The organization pledged to refund any protocol fees associated with the transaction.
Kulechov expressed sympathy for the user and stated that Aave would attempt to contact the individual to return $600,000 in fees collected from the transaction. ‘The key takeaway is that while DeFi should remain open and permissionless, allowing users to perform transactions freely, there are additional guardrails the industry can build to better protect users,’ he emphasized.
Future Implications
This event serves as a stark reminder of the risks associated with large, high-slippage trades in DeFi and the need for better user education and protection mechanisms. As the DeFi ecosystem continues to evolve, it is crucial for developers and platforms to implement more robust safeguards to prevent such significant losses. The industry must strike a balance between maintaining the principles of decentralization and ensuring that users are adequately protected from predatory practices and technical pitfalls.
About the Author
