Blockchain and decentralized finance (DeFi) are relatively new technologies. This means that both have a certain lack of security maturity. Recently hacks against Defi projects have become commonplace, often yielding the attacker massive amounts of cryptocurrency. Flashloan attack is a trending method in favor of hackers to take large advantage of DeFi world.
On May 30th one of the appealing NFT Bored Ape sold for 10 ETH. The buyer sold the ape for 71 wETH in the same transaction, but only abandon 20 ETH after everything. Why was their profit here so low, and how did they execute this?
0x01 Firstly let's recap the flash loan attack
In short, it’s one way to potentially make substantial gains without having to risk your own money.
There are times when the unheard-of speed of a flash loan makes sense.
Flash loans can be used for:
- Arbitrage: Traders can make money by looking for price discrepancies across a number of different exchanges. Say two markets are pricing pizzacoin differently. It’s priced at $1 on Exchange A and $2 on Exchange B. A user can use a flash loan and call a separate smart contract to buy 100 pizzacoins for $100 at Exchange A, then sell them for $200 at Exchange B. The borrower then repays the loan and pockets the difference.
- Collateral swaps: Quickly swapping the collateral backing the user’s loan for another type of collateral.
- Lower transaction fees: In a sense, flash loans roll what would normally take several transactions into one. Each transaction costs a fee so flash loans potentially mean lower fees.
- Self-Liquidation
0x02 how did this happen?
Based on victim said he was trying to list at 105, Very unfortunate this happened, but at the end of the day, in the crypto world, there are a lot of unknown dangers, and relentless places if you’re not cautious.
Here are the transaction details are shown:
There is a lot of information here so let’s break it down to see what’s going on.
https://etherscan.io/tx/0x841c2ebe79887f86246354297298e3ef6d156d1e78a0965019556e7c32c41e41
To be more clear let's note what are these stand for
- 0x9fb274: is the real buyer
- 0x6c830a: is a contract they use to execute all of their actions in one transaction
- dydx: is a decentralized borrowing and lending platform based on Ethereum. It offers borrowing, lending, and betting tools for crypto users.
- F2 is a mining pool
Firstly they tried to acquire a flash loan from dydx. because a flash loan is a loan that is borrowed and repaid back in the same transaction. They’re often used in MEV to run risk-free arbitrage, and only possible to do using a smart contract. MEV:can be extracted even when block producers order transactions according to the highest gas prices. However, MEV can be seen as the upper bound of how much value can be extracted by block producers, since they ultimately have control of the final transaction ordering within a block.
the buyer took a flash loan (using 0x6C8) for 48 wETH from dydx.
The buyer then converted wETH to ETH via their smart contract. The contract then transferred the 48 ETH over to their actual wallet. They then purchased the Bored Ape for 10 ETH.
After this, they sold the Bored Ape to the highest bidder via LooksRare at 71 wETH. the buyer converted the wETH to ETH.
After all these transactions, the buyer has 106 ETH (48 flash loan — 10 purchased+ 68 LR sale). They then move 68 ETH back to their smart contract (0x6C8) and transfer the remaining 38 ETH to F2Pool. you might ask why they did this 38 ETH transfer?
F2Pool is a mining pool, which is a collaboration of miners where everyone contributes some computer power to discover blocks. F2Pool, also known as Discus Fitch, was launched in 2013 and is currently one of the five largest mining pools in the world.
By bribing the miner, the buyer can guarantee that their transaction is the first one executed in that block.
Right now, the user’s wallet now has 0 ETH, and their smart contract has 68. They complete the flash loan by converting 48 ETH to wETH and paying back dydx. This leaves the SC with 20 ETH which they then transfer to another wallet
https://etherscan.io/address/0xb13744aea4f68ac3c8a6e640055b6b285c925d1c
In a separate transaction, our arbitrager converts the 20 ETH to 37K USDC using uniswap:
https://etherscan.io/tx/0xa8e78391142217bf5cdf8a46dbe83a07e8286e88b46f0a1c58d7aaf922f31bbb
I have to say the crypto world is crazy :)
