$7.5M DeFi Exploit Highlights MEV Bot Security Risks

A $7.5 million exploit on June 20 highlighted DeFi security risks as an attacker targeted a Maximal Extractable Value (MEV) bot.

The attacker created a token and liquidity pool that mimicked a profitable opportunity, tricking the MEV bot into automating the approval process for a contract controlled by the attacker.

The exploit resulted in losses of 1,583 ETH, $2.87 million in USDC, and $2.09 million in USDT, which were later consolidated and swapped for 4,427 ETH to facilitate laundering.

The attacker then shifted focus from extraction to concealment by moving the funds through Tornado Cash, complicating fund recovery for investigators.