The unfortunate soul used the KyberSwap aggregation router to dump a large clip of 3CRV (DAI/USDC/USDT) LP token into USDT.
This is already a questionable decision since you could just withdraw the LP into USDT for 6% slippage, but maybe he got desperate.
In his haste to swap, he neglected to set his slippage correctly. Or, like, at all. He hits send.
The next actor in our story is UniswapV2 pool 0x7d36fbd3, pairing 3CRV/USDC.
This pool contained about $2 in liquidity, and had sat idle for the last 251 days.
2 million 3CRV slam into the pool with the force of a thousand suns, and x * y = k does its grim work.
Exactly 54182 units of USDC, worth about 5 cents, leave the contract for the second leg of the swap, where they are happily swapped into USDT, and go on to the swapper.
The pool, now hideously imbalanced, cries out for aid. An MEV bot answers the call, and gently restores the balance by exchanging 1.45 USDC for the 2M 3CRV in the pool.
The bot paid $45 in gas and $39k in MEV bribes, netting $2.045M in profit. This was not a particularly complex bot. Backrun, flashbots, plus the ability to unwrap 3CRV. That’s it. Equal opportunity, unequal results.
Let me be clear – fault with this is twofold.
A: the user clearly did not understand or properly set slippage
B: the router mysteriously routed a $2M trade through a dead UniswapV2 pool with $2 of liquidity
This was not a sandwich attack, MEV bot just cleaned up afterwards.
submitted by /u/friedballbag