It turns 2.5 million USDC into $0.05 in 3 unfortunate clicks

Tweet from @BowTiedPickle revealing a user's Rekt.

USDC depeg busted jaws – At the end of last week, the stablecoin Circle’s USDC moved away from its dollar benchmark following uncertainties about its reserves. Indeed, part of Circle’s cash is stored with the bank in decline: Silicon Valley Bank. Unfortunately, this situation has led to situations that are not always pleasant for users.


$2 million in USDC evaporated

This weekend was colorful for cryptocurrency holders and more particularly USDC holders.

Indeed, Circle’s stablecoin encountered high volatility which resulted in the USDC course at $0.87, or 13 cents below the dollar standard.

Faced with this crisis situation, many investors tried to flee from USDC in favor of other stablecoins such as USDT.

Unfortunately, for some users the maneuver did not go as planned.

Saturday March 11, @BowTiedPickle disclosed an attempted leak that ended in an ugly rekt.

“In the face of USDC insolvency fears, users are taking refuge in other stables. But not everyone will get there in one piece. Here’s how an unlucky user paid $2,080,468.85 to receive $0.05 in USDT. »

Tweet from @BowTiedPickle revealing a user's Rekt.
Tweet from @BowTiedPickle revealing a user’s Rekt.

Thus, a user has attempted to convert 2,080,468 USDC to USDT. Unfortunately, nothing went as planned and netizen ended up with 0.05 USDT at the end of the run, a net loss of over $2 million.

>> Play it safe, register on Binance THE benchmark for crypto exchanges (commercial link) <<

A configuration error

Here’s how the maneuver that resulted in the massive $2 million loss unfolded.

Following the depeg, the user wanted to convert a large amount of 3CRV LP tokens. As a reminder, 3CRV is a pool of the Curve protocol which includes DAI, USDC and USDT.

The user went through the Kyberswap aggregation router to complete his exchange.

“This is already a questionable decision since it is possible to withdraw the LP in USDT for a 6% slippage, but he may have been desperate. »

During his transaction, the user has forgot to configure the slippage correctly. Unfortunately for him, the Kyberswap router will send the transaction to Uniswap V2’s 3CRV/USDC pool. Pool who practice held about $2 in cash.

No need to have done Polytechnique to realize that the calculations will not be good for our Internet user.

“2 million 3CRVs fall into the pool with the force of a thousand suns, and x*y=k does its sinister job. Exactly 54,182 units of USDC, worth approximately 5 cents, leave the contract for the second leg of the exchange, where they are happily exchanged for USDT, and returned to the exchange. »

After this trade, the pool obviously finds itself unbalanced with far too much 3CRV compared to the USDC present in the pool. This is where an MEV bot comes in.

This bot detected the imbalance and set out to restore it by exchanging 1.45 USDC for 2 million 3CRV.

“The bot paid $45 in gas and $39,000 in MEV bribes, for a profit of $2.045 million. This bot was not particularly complex. Backrun, flashbots, plus the ability to unwrap 3CRVs. That’s all. Equal opportunities, unequal results. »

Bug on the side of Kyberswap or inattention of the user?

Quickly, many observers wonder how this was possible. Indeed, this is not a sandwich attack or other unethical MEV strategy.

Thus, shortly after the swap, the teams of KyberSwap have published a post-mortem on Twitter to clarify the situation.

Post mortem tweet from KyberSwap on the situation.
Post mortem from KyberSwap on the situation.

Faced with market volatility, KyberSwap’s aggregator failed to estimate the gas of most routes to perform the swap. The only one that could be estimated was that of 0x protocol, with deplorable exchange rate.

“We displayed the rate of 0x to the user in a pop-up window. However, the user proceeded with the exchange without noticing the low yield of the operation. The user signed with the corresponding new data by clicking Confirm Trade, and the trade was executed through 0x. »

While not inherently KyberSwap’s fault, protocol teams are still considering changes so that such a situation does not happen again:

  • Improved user interface;
  • Creation of a function to reverse the transaction if the price is too low compared to the expected price.

In parallel, KyberSwap also contacted the injured user, the creator and the user of the bot who pocketed the big prize, in order to find an agreement on the situation.

Finally, the weekend ended rather well for the USD. Indeed, USDC operations resumed on the morning of March 13 with the reopening of US banks. Moreover, the $3.3 billion, deposited at Silicon Valley Bank, expected to be fully recovered by Circle.

Winter is a great time to build and learn! Register on the Binance platform and take advantage of a free academy and a site entirely in French to take your first steps in complete safety. You will save 10% on your trading fees by following this link (trading link).

Last Verdict

To get more updates about the insurance you can follow our website or can bookmark it.

Leave a Reply

Your email address will not be published. Required fields are marked *