Understand Back-Run Arbitrages and Their Signals and Join the MEV Game.
Last updated
Last updated
A hacker exploited 300WBTC from Nomad Bridge and swapped them for ETH (the hack of Nomad Bridge). This massive swap created a huge opportunity for arbitrage. Then, two back-run arbitrages follow. Vetting the connections between them empowers you with the knowledge for future opportunities.
This link brings us to the page containing 3 transactions' token flow charts.
You can also combine the 3 figures into one, as shown below.
Transfers marked with "A" belong to transaction 0x8c4...997f2 above at Position 3 of Block 15259200.
Transfers marked with "B" belong to transaction 0xb55...d7844 above at Position 5 of Block 15259200.
Transfers marked with "C" belong to transaction 0xba6...e328c above at Position 6 of Block 15259200.
The different colors of the lines/transfers indicate different assets. In this case, the blue lines are ETH-related, the green lines are WBTC-related, and the yellowish-brown lines are WETH-related.
The gas fee payments are not included.
We will use the steps in the combined token flow chart, which is more coherent to understand the strategy.
Step A-1: A hacker stole 300 WBTC from Nomad Bridge.
Step A-2 & A-3: the hacker swapped 300 WBTC for 2,224.3015 WETH. This unexpected massive amount of exchange severely impacted the rate between WBTC and WETH, creating the price discrepancy signal of which searchers can take advantage.
Step B-0 to B-3: we discussed this transaction in the $3.2 million profit arbitrage case, which is a transaction back-running the hacker's swapping.
Step C-0 to C-3: the same searcher bot 0xbaD finished another back-run employing the price discrepancy between the Uniswap V2 Pool and the Uniswap V3 Pool.
Like the 1.2582 ETH bribe for the builder in transaction B, the searcher paid 0.6814 ETH to the builder in transaction C to ensure the miner included it.
Uniswap: The biggest DEX protocol.
Nomad Bridge: Nomad is a bridging protocol supporting Ethereum, Moonbeam, and other chains. Nomad’s bridging protocol is built using both on-chain and off-chain components.
In Tx A:
EOA 0xb5c is marked as "from," EOA is marked as "leaf" with a leaf icon, and the contract/bot 0x0db is marked as "to"; all three belong to the Nomad hacker.
The contract marked as "Nomad: ERC20 Bridge" is the Nomad Bridge's contract.
Uniswap V2 Liquidity Pool, shown as an oval, trading WBTC and WETH: 0xBb2b8038a1640196FbE3e38816F3e67Cba72D940
In Tx B:
Bot 0xbad is the searcher's back-run arbitrage bot.
Uniswap V2 Liquidity Pool, shown as an oval, trading WBTC and WETH: 0xBb2b8038a1640196FbE3e38816F3e67Cba72D940
Uniswap V3 Liquidity Pool, shown as an oval, trading WBTC and WETH: 0xCBCdF9626bC03E24f779434178A73a0B4bad62eD
n Tx C:
Bot 0xbad is the searcher's back-run arbitrage bot.
Uniswap V2 Liquidity Pool, shown as an oval, trading WBTC and WETH: 0xBb2b8038a1640196FbE3e38816F3e67Cba72D940
Uniswap V3 Liquidity Pool, shown as an oval, trading WBTC and WETH: 0x4585FE77225b41b697C938B018E2Ac67Ac5a20c0
WBTC, WETH.
In the chart below, we combined the Tx B & C together to simplify the process.
It's worth noting that 2 Uniswap V3 pools trading WBTC and WETH were involved.
Step 0: The Nomad hacker's EOA sent a small amount of ETH to the bot as a way to pass parameters. Sometimes, it's a block number, and sometimes it could also be another meaning. For example, if you check all the transactions to this "to" contract, the amount is always 0.00000000000000466 ETH. So, it is likely that 466 is the "password" that the attacker uses to operate his bot. This approach could be cheaper than passing parameters directly.
Step 1: The hacker's bot took 300 WBTC from Nomad Bridge's contract.
Step 2-3: The bot swapped 300 WBTC for 2,224.3015 WETH in the Uniswap V2 Liquidity Pool trading WBTC and WETH.
Step 4-5: The bot unwrapped the WETH as ETH.
Step 6: The bot sent the ETH to an EOA of the hacker.
Step 0: The searcher's bot borrowed 296.835415 WBTC from Uniswap V2's WETH/WBTC pool using Uniswap's flash swap.
Step 1-2: The searcher's bot swapped the borrowed WBTC for 4,160.997729 WETH in Uniswap V3's WETH/WBTC pool.
Step 3: The searcher's bot returned the borrowed WBTC in 2,193.2113 WETH.
Step 4: The searcher burned 0.0072 ETH as a gas fee.
Step 5: To ensure the miner accepts the arbitrage, the searcher transferred 1.258 ETH to the miner as a bribe.
Step 0: The searcher's bot borrowed 75.8357 WBTC from Uniswap V2's WETH/WBTC pool using Uniswap's flash swap.
Step 1-2: The searcher's bot swapped the borrowed WBTC for 1070.7816 WETH in Uniswap V3's WETH/WBTC pool.
Step 3: The searcher's bot returned the borrowed WBTC in 1064.2104 WETH.
Step 4: The searcher burned 0.0090 ETH as a gas fee.
Step 5: To ensure the miner accepts the arbitrage, the searcher transferred 0.6814 ETH to the miner as a bribe.
To monetize the pricing discrepancy created by the Nomad hacker, the searcher 0xbad had to put its back-run transactions right after the hack transaction. We can find out the situation using EigenTx's Affiliated Txs tabs.
This link brings you to all the transactions in the same block.
To view the combined token flow chart, first visit this page for the 3 separated ones. Then click the "View Multi-Txs In one Chart" to get the combined token flow chart.
From the last case, we showed you that the searcher reaped 1,967.7864 ETH.
The balance table of the combined transactions shows the total profit of the searcher as 1,974.3576 ETH. The difference between these 2 profits is 6.5712 ETH, which is precisely the difference of the swapped ETHs in Tx C: 1070.7816-1064.2104 = 6.5712.
The consolidated token flow chart provides valuable insights into the flow of tokens and transactions, making it easier to follow the path of value and identify potential arbitrage opportunities.
Back-run, Nomad hack, 0xbad.