A hacker who tried to steal US$5.5 million (AU$8.2 million) from a pool of cryptocurrency funds appears to have been ‘frontrun’ by a crypto trading bot.

Crypto Hacker Tries To Steal $8.2 Million To Trade — But Gets Outwitted By A Bot

3 min read

This article is for general information purposes only and isn’t intended to be financial product advice. You should always obtain your own independent advice before making any financial decisions. The Chainsaw and its contributors aren’t liable for any decisions based on this content.



A hacker who tried to steal US$5.5 million (AU$8.2 million) from a pool of cryptocurrency funds appears to have been frontrun by a crypto trading bot. 

The saga began with a hack on a liquidity pool on the Ethereum blockchain called Curve.

What is a liquidity pool? In the crypto world, it refers to a pool of crypto tokens to facilitate trading on decentralised finance (DeFi) platforms. These tokens are crowdsourced, and act as funds that can be deployed quickly for trade by buyers and sellers, hence the term “liquidity”. 

Curve was hacked on July 31. The attacker exploited not one, but several liquidity pools, and took off with over US$52 million (AU$77 million). 

Shortly after the hack, Curve’s native crypto token CRV plummeted 11% from US$0.61 (AU$0.91) to US$0.54 (AU$0.80).


Curve hack: Part 2 

Curve later confirmed the exploit, and said that it was “assessing the situation”. At the time of writing, the team behind Curve has been advising traders on Twitter/X about liquidity pools that are safe, and those that are not.

But it’s not the end for the poor victims of the hack, because here comes Batman – for the crypto bros, at least!

On crypto transaction tracker Etherscan, users noticed that the hacker attempted to steal a new round of funds of over 2,879 ETH worth US$5.5 million (AU$8.2 million) from the Curve pool to trade. However, that attempt was swiftly cockblocked by an anonymous crypto trader named c0ffeebabe.eth.

How did c0ffeebabe.eth do that? Turns out, the anonymous trader had used a crypto trading bot, or an MEV bot.

What is an MEV bot?

Crypto trading can be heart attack-inducing due to the extreme volatility of crypto coins. So, to help lighten the load, some crypto traders use what’s called a crypto arbitrage trading bot or MEV bot.

MEV stands for “maximal extractable value” – so that gives you an idea of what these bots do. An MEV bot trawls through blockchains to analyse and search for a profitable trade, and then executes it.

When a trader wants to execute a crypto transaction on the blockchain, they pay a gas fee, which is the crypto world’s equivalent of a processing fee. The higher the gas fee paid, the sooner your crypto transaction gets processed in the queue. MEV bots frontrun – that is, jump the queue – by paying a higher gas fee.

So, in the case of the c0ffeebabe.eth, the trader’s MEV bot spotted that the hacker wanted to execute the 2,879 ETH or US$5.5 million (AU$8.2 million) transaction, and frontran them by paying more gas fees.

In the end, the MEV bot’s transaction was processed first, and the bot bagged the millions.

Stealing crypto… then returning them

That’s not the end of the story. After obtaining the 2,879 ETH, users noticed that c0ffeebabe.eth proceeded to slowly return the funds to their rightful owners.

Nobody knows the true identity of c0ffeebabe.eth, but that doesn’t matter, because the crypto community is singing the trader’s praise.

“That MEV bot operator is a true legend,” wrote one user on Twitter.