He clicked confirm. The router picked the puddle. A bot drank $2M in 12 seconds.
A trader who swapped $2.01 million worth of Ether on a decentralized exchange was left holding $14,500 in tokens after an Ethereum block builder executed a same-block arbitrage on a low-liquidity pool, according to GoPlus Security. The trader submitted 1,126.44 ETH and received 5,776 Lighter (LIT) tokens, a loss of roughly 99.3%. The transaction was recorded on Monday at 1:59 am UTC. "This was a real, highly imbalanced backrunner arbitrage, not a classic sandwich attack," GoPlus Security said, describing the incident as a "textbook case of same-block backrun extraction."
GoPlus Security's breakdown shows the victim's swap was routed by 0x router into a thin AVAIL/WETH pool on Uniswap v3, where approximately 1,117 ETH executed at roughly 120 times the price at which AVAIL could later be sold. The trader received nearly 6.67 million AVAIL tokens at the inflated rate. 0x router then sold a small amount of externally sourced AVAIL into the same pool, extracting about 1,072 WETH before paying 1,018 ETH, valued at $1.8 million, to Titan Builder as a block-builder reward. The remaining AVAIL was converted into $14,200 worth of LIT, finalizing the loss.
Titan Builder was the largest beneficiary of the trade, taking home $1.8 million, data from Lookonchain shows. Titan has generated $112.6 million in revenue from its block-building services this year, according to DefiLlama. Its single largest day came in March, when it extracted approximately $34 million in arbitrage profit from a maximal extractable value (MEV) bot incident on CoW Protocol. Cointelegraph reached out to Titan but did not receive an immediate response.
Crypto trader Ruslan Khairullin said the loss underscored the need for traders to verify routing before signing transactions. "This is what happens when you clicked confirm faster than you read the route. Painful lesson to see in a real time," Khairullin said. On-chain researcher Luke Cannon also urged users not to sign DEX transactions blindly. The incident adds to a string of MEV-related exploits and highlights how liquidity routers and block builders can drain value alongside hackers and scammers operating in the broader crypto industry.
Mentioned Coins
Share Article
Quick Info
Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.
See our Terms of Service, Privacy Policy, and Editorial Policy.