Anonymous MEV Sandwich Bot (on-chain MEV contract): Unprotected public swap function → sandwich attack via Curve WETH/WBTC pool — $50M flash loan

An MEV sandwich bot lost $2M after an attacker discovered a public function with no access control, using a $50M flash loan to sandwich attack the bot through its own exposed swap interface.

Occurred 2023-11-07 Loss $2M Status closed

Summary #

Anonymous MEV Sandwich Bot (on-chain MEV contract) suffered a MEV / Sandwich Bot (not a DeFi protocol for depositors) on 2023-11-07, resulting in a loss of approximately $2M.

What happened #

An MEV sandwich bot lost $2M after an attacker discovered a public function with no access control, using a $50M flash loan to sandwich attack the bot through its own exposed swap interface.

Linked factors #

RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited — proprietary bot contract]
RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: N/A]
RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Anonymous]