By Key Points
- ย Crypto Trader Sandwich Attack Costs $215K in Stablecoin Swap
- The attack happened on Uniswap v3โs USDC-USDT liquidity pool.
- An MEV bot front-ran the trade, draining 98% of the value.
- Experts suspect the trader was hit by similar attacks multiple times.
A crypto trader suffered a devastating loss of $215,000 on March 12 after falling victim to a sandwich attack while swapping $220,764 worth of USD Coin (USDC) for Tether (USDT) on Uniswap v3.
Is anyone safe using DeFi?
A user on @Uniswap v3 was just sandwiched attacked out of $216k while simply trying to swap $221k USDC to USDT.
Mind you, this was a pool that had over $35m of USDC and USDT it.
This is insane.
How did it happen?
An MEV bot front-ran the tx byโฆ pic.twitter.com/cyzu4M6qfz
โ Michael Nadeau | The DeFi Report (@JustDeauIt) March 12, 2025
Within just eight seconds, the transaction was manipulated by a Maximum Extractable Value (MEV) bot, which siphoned nearly all the value before the trader could complete their swap.
According to Ethereum block explorer data, the attack occurred within the USDC-USDT liquidity pool on Uniswap v3, where approximately $19.8 million is locked.
Details of the sandwich attack transaction. Source: Etherscan – Techtoken
The bot front-ran the traderโs transaction by temporarily withdrawing all USDC liquidity from the pool, forcing the trader to receive a drastically reduced amount of USDT. Once the trade was executed, the bot restored the liquidity, profiting from the slippage created.
Crypto researcher Michael Nadeau, founder of The DeFi Report, analyzed the attack and revealed that the attacker tipped Ethereum block builder โbob-the-builder.ethโ a staggering $200,000 from the swap. Meanwhile, the attacker themselves pocketed an $8,000 profit.
Was This Trader Targeted Multiple Times?
DeFi researcher โDeFiacโ believes that the same traderโor at least someone using different walletsโmay have been attacked five more times on the same day.
Using internal tracking tools, DeFiac pointed out that the transactions were funded through the Aave lending protocol before being sent to Uniswap, suggesting a repeated pattern of exploitation.
Tx hashes: pic.twitter.com/krG2kfZjto
โ DeFiac (@TheDEFIac) March 12, 2025
At least two other wallet addresses, โ0xDDeโฆ42a6Dโ and โ0x999โฆ1D215โ, were hit by MEV sandwich attacks within minutes of the first exploit. These wallets lost $138,838 and $128,003, respectively, in nearly identical transactions.
This unusual pattern led some analysts to speculate whether the trades were not accidental, but possibly an attempt at money laundering.
The founder of crypto analytics platform DefiLlama, 0xngmi, suggested that bad actors couldย deliberately constructย MEV-friendly transactions and privately submitย them to MEV bots to clean illicit funds. Similar concerns have been raised in recent suspicious transactions linked to Hyperliquid money laundering fears.
Rising Risks in DeFi and Crypto Markets
This case is another example of the rising risks associated with decentralized finance (DeFi). Recently, the US crypto airdrop losses have exceeded $5 billion due to geoblocking, highlighting how different attack vectors are impacting users.
Meanwhile, concerns over regulatory actions are also growing, with the US House voting to overturn the IRS DeFi broker rule, potentially affecting how transactions like these are taxed and reported.
The crypto market is also experiencing volatility, with Bitcoin price gains following inflation reports but Solanaโs price drop raising concerns over potential market corrections.
While Uniswap initially faced criticism for the attack, its CEO Hayden Adams clarified that Uniswapโs official front end has built-in MEV protection and default slippage settings. This suggests that the exploited trader might have used a third-party front end without these safeguards, leaving them vulnerable to the attack.
Source: Hayden Adams – Techtoken
As the crypto space evolves, MEV attacks continue to pose a significant risk to traders using decentralized exchanges. Ensuring proper slippage settings, utilizing MEV-protected platforms, and staying informed about potential threats are crucial steps to avoid falling victim to such exploits.
What's your reaction?
