DeFi trader hit by MEV attack swapped 440K USDC for just 10K USDT

Liquidity issues affected users on two decentralized finance (DeFi) platforms today, though for different reasons and with widely differing consequences.

In what appears to be user error, three sizable swaps of 220,000, 131,000, and 91,000 of Circle’s USDC stablecoin netted a total of just over 10,000 tethers (USDT) after falling victim to a maximum extractable volume (MEV) bot.

The swaps, made via the Uniswap V3 decentralized exchange, were flagged by blockchain security firm Peckshield, which regularly alerts the DeFi community to hacks, phishing attacks, and suspicious transactions.

#PeckShieldAlert 220K $USDC -> 5K $USDT pic.twitter.com/dHnMyzxdea

— PeckShieldAlert (@PeckShieldAlert) March 12, 2025

Read more: MEV bot to return $7.5M if Rho Markets admits to oracle error

While the three affected transactions all come from distinct addresses, a brief look at their transaction histories indicates they are likely to be from the same individual.

In all three cases, the tokens used in the swaps were withdrawn from the DeFi lending platform Aave’s $1.2 billion USDC pool around seven hours previously. USDT was also withdrawn but not swapped.

MEV bots ready to pounce

MEV bots scan Ethereum’s mempool, the list of pending transactions, looking for opportunities to profit from the actions of other users.

Typically, this involves sending a transaction before the victim’s in order to manipulate the price of assets in the liquidity pool via which assets are swapped on a decentralized exchange such as Uniswap.

In this case, the bot’s front-run transaction swapped 18 million USDC, increasing the price of USDT within the pool by a factor of 44. The victim’s original transaction then goes through, and finally, the bot back-runs the victim, clearing approximately $200,000 profit.

Trades are usually protected via “slippage” settings, which define a minimum amount of tokens to be received or the transaction reverts. However, for these swaps, the amountOutMinimum parameter was set to zero.

Read more: Ethereum Foundation denies rumors of Maker liquidation

H(e)LP 

Elsewhere in DeFi, on-chain leverage trading exchange Hyperliquid took to X to reassure users it hadn’t been hacked after a trader shocked the community by actually making money for a change.

Regarding commentary and questions on the 0xf3f4 user's ETH long:

To be clear: There was no protocol exploit or hack.

This user had unrealized PNL, withdrew, which lowered their margin, and was liquidated. They ended with ~$1.8M in PNL. HLP lost ~$4M over the past 24h. HLP's…

— Hyperliquid (@HyperliquidX) March 12, 2025

Read more: Are North Korean hackers liquidated on HyperLiquid planning something?

The Hyperliquid “whale” opened an ether (ETH) long on 50x leverage, resulting in a realised profit of $1.8 million. However, the trader’s actions took a $4 million chunk out of the Hyperliquidity Provider (HLP) vault when collateral was withdrawn, and the position was liquidated.

Hyperliquid has since reduced the max leverage offered on ETH by half.

The HLP vault allows users to participate in market making on the platform, sharing in both profits and losses, and has accrued deposits totalling $436 million according to data from DeFiLlama.

Today’s $4 million loss represents around 30 days of growth in the vault.

One X user summed up recent ETH trading sentiment, quipping “ppl thought their [sic.] was an exploit because someone made money longing eth”.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.