复杂的最大提取价值（MEV）三明治攻击如何耗尽加密投资者的USD硬币（USDC）余额

在八秒钟内，他们的美元硬币（USDC）余额在Tether（USDT）的贸易中仅耗资至5,271美元，作为机器人的贸易，赚取了超过215,500美元的利润。

A crypto investor fell victim to a sophisticated Maximum Extractable Value (MEV) sandwich attack when attempting to execute a $220,764 stablecoin swap on Uniswap v3. Within eight seconds, their USD Coin (USDC) balance was drained to just $5,271 in Tether (USDT) as a bot front-ran the trade, amassing over $215,500 in profits.

当试图在UNISWAP V3上执行220,764美元的Stablecoin互换时，加密投资者遭受了复杂的最大可提取价值（MEV）三明治攻击的受害者。在八秒钟之内，他们的美元硬币（USDC）余额在Tether（USDT）中仅排入5,271美元，因为它是机器人前线的交易，积累了超过215,500美元的利润。

Highlighting the incident on X, DeFi Researcher 'DeFiac' noted that the stablecoin swap was executed at 2:33:30 pm on March 12, aiming to convert $220,764 USDC to USDT in the Uniswap v3 USDC-USDT stablecoin liquidity pool.

DeFi研究人员“ Defiac”强调了这一事件，指出，稳定股交换在3月12日下午2:33:30执行，旨在将$ 220,764 USDC转换为UNISWAP V3 USDC-USDC-USDC-USDT StableCoin流动性池中的USDT。

The post highlighted that the pool had around $19.8 million locked and no trades had occurred for about seven minutes. Moreover, the trader set a 0.1% slippage cap, which is quite low, especially for a large trade.

该帖子强调，游泳池的锁定约为1,980万美元，并且没有发生大约7分钟的交易。此外，交易者设定了0.1％的滑倒帽，这很低，尤其是对于大型交易而言。

MEV bots typically prefer large trades with high slippage, rendering them optimal targets for such attacks. In this case, the bot performed a traditional front-running maneuver by quickly withdrawing all the available USDC liquidity from the pool before the trader's swap could be executed.

MEV机器人通常更喜欢较高滑倒的大型交易，从而使它们成为此类攻击的最佳目标。在这种情况下，机器人通过在交易者交换之前迅速从游泳池中撤回所有可用的USDC流动性来执行传统的前进操作。

Afterward, the bot immediately replenished the pool, enabling the trader's order to be fulfilled at an inflated price and the bot to realize a huge arbitrage profit.

之后，机器人立即补充了池，使交易者的命令以高昂的价格实现，并可以实现巨额套利利润。

According to The DeFi Report founder Michael Nadeau, the attacker also tipped Ethereum block builder "bob-the-builder.eth" a staggering $200,000 for successfully including the trades in the block, leaving themselves with an $8,000 profit from the entire exploit.

根据DEFI报告的创始人迈克尔·纳多（Michael Nadeau）的说法，攻击者还向以太坊建筑商“ Bob-the-Builder.eth”倾斜了一笔惊人的20万美元，成功地包括该街区的交易，从而使自己从整个利用中获得了8,000美元的利润。

Is anyone safe using DeFi?A user on @Uniswap v3 was just sandwich attacked out of $216k while simply trying to swap $217k USDC to USDT.

有人使用defi安全吗？

Mind you, this was a pool that had over $35m of USDC and USDT in it. This is insane.

请注意，这是一个拥有超过3500万美元的USDC和USDT的游泳池。这太疯狂了。

How did it happen? An MEV bot front-ran the tx by… pic.twitter.com/cyzu4M6qfz

它是怎么发生的？ Mev Bot Front-Ran TX by…pic.twitter.com/cyzu4m6qfz

— DeFiac (@DeFiac_) March 13, 2024

- 2024年3月13日（@defiac_）

Pointing out that the same trader, most probably operating through several wallets, has been repeatedly targeted, DeFiac, using internal tools, claims that the trader was hit by at least six such sandwich attacks, all the funds having come from Aave's lending platform before being sent through Uniswap.

指出同一个交易员，很可能是通过几个钱包运营的，反复针对的是使用内部工具，声称交易员至少遭受了至少六次这样的三明治攻击的袭击，所有资金都来自AAVE的贷款平台，然后通过Uniswap发送。

Tx hashes: pic.twitter.com/krG2kfZjto

TX哈希：pic.twitter.com/krg2kfzjto

— DeFiac (@DeFiac_) March 13, 2024Further investigations by crypto analysts verified that two more wallets were performing sandwiching on March 12 in nearly the same category of trades. Wallets "0xDDe…42a6D" and "0x999…1D215" lost $138,838 and $128,003, respectively, in trades made in minutes following the $220,764 exchange.

- 2024年3月13日，Crypto Analysts的Defiac（@defiac_）调查了3月12日在几乎相同类别的交易中进行夹心夹有两个钱包。钱包“ 0xdde…42A6D”和“ 0x999…1d215”分别损失了$ 138,838和$ 128,003，在220,764美元的交易所交易后的几分钟内进行了交易。

These transactions, clocking in at an average of $364,000, were part of a money laundering scheme rather than simple trading blunders, some crypto analysts believe.

一些加密分析师认为，这些交易平均为364,000美元，是洗钱计划的一部分，而不是简单的交易计划。

if you do happen to have illicit funds, you might build a highly MEV-conducive transaction, secretly forward it to an MEV bot, and allow them to arbitrage it in a bundle, said 0xngmi, DeFiLlama founder, adding that this would essentially "wash" crypto with little loss.

Defillama创始人0xngmi说，如果您确实有非法资金，您可能会建立一项高度MEV有效的交易，秘密地将其转发给MEV机器人，并允许他们套件套利，Defillama创始人0xngmi表示，这本质上是“ Wash”的加密货币，几乎没有损失。

suggesting that the victims could have used private mempools to prevent the trades from being front-run, and set slippage caps more tightly to prevent price manipulation. He also advised trading through MEV-protected platforms like Uniswap’s front-end or alternative routing services.

暗示受害者本可以使用私人备忘录来防止交易是前进的，并更紧密地设置了滑倒帽以防止价格操纵。他还建议通过UNISWAP的前端或替代路由服务等受MEV保护的平台进行交易。

Pointing out that traders are largely aware of MEV and prefer to use Uniswap’s front-end due to its built-in protections and default slippage settings which are designed to counteract sandwich attacks, legal and compliance issues posed no threat to the attacker, highlighted Defiant's founder.

指出，交易者在很大程度上意识到MEV，并且由于其内置保护和默认的滑板设置而倾向于使用Uniswap的前端，这些设置旨在抵消三明治攻击，法律和合规性问题对攻击者没有威胁，强调了Defifted Defiant的创始人。

suggesting that these transactions do not originate from Uniswap’s front-end interface which has built-in MEV protections and default slippage settings to counteract sandwich attacks.

表明这些交易不是源自Uniswap的前端界面，该界面具有内置的MEV保护和默认的打滑设置以抵消三明治攻击。

Uniswap CEO defended the platform’s security measures, saying that Uniswap’s official interface already incorporates safeguards against such exploits.

UNISWAP首席执行官为该平台的安全措施提供了辩护，称UNISWAP的官方界面已经结合了防止此类漏洞的保障措施。

suggesting that the trader was engaging in risky trading practices by setting a low slippage cap on a large trade, which made them an easy target for MEV bots.

这表明交易者通过在大型交易上设置低滑倒上限来从事风险的交易实践，这使它们成为MEV机器人的容易目标。

highlighting that traders should be mindful of the risks involved with decentralized exchanges and MEV abuse. Traders with large sums should utilize private mempools in a way that prevents front-running,

强调交易者应该注意分散交易所和MEV滥用涉及的风险。拥有大笔的交易者应以防止前线运行的方式利用私人孟买