A sandwich attack on a stablecoin swap on Uniswap cost a cryptocurrency trader $215,500, highlighting the risks in this space.

This incident highlights a number of significant issues: Security versus transparency: Even though blockchain transparency ensures trustlessness, it exposes merchants to potential weaknesses like sandwich attacks.

A cryptocurrency trader suffered significant losses after becoming a victim of a sandwich attack on Uniswap, a popular decentralized exchange (DEX), aiming to swap USD Coin (USDC) for Tether (USDT). The trader, who had expressed gratitude for the event, initially attempted to exchange USDC, valued at $220,764, for USDT on Uniswap.

However, the trader ended up with only $5,271 USD from the sandwich assault, resulting in a substantial loss. According to Michael Nadeau, founder of the DeFi Report, data from the Ethereum block reveals that the MEV attack occurred on Uniswap v3’s USDC-USDT liquidity pool.

A sandwich attack, also known as a MEV attack, is a type of front-running where a malicious actor discovers a pending transaction and submits two orders: a purchase order immediately before the target transaction and a sell order immediately after.

In this case, the attacker's purchase order increased the token's price, while the subsequent sell order, after the victim's transaction was executed, decreased the token's price. This manipulation forced the victim to purchase the token at a higher price and sell it at a lower price.

Furthermore, DeFiac, a renowned DeFi researcher, noted that the same trader, using different wallets, fell victim to a total of six sandwich attacks. Internal tools revealed that all funds traveled from Aave before being deposited on Uniswap.

The attacker searched for large, unprocessed transactions, typically over $100,000, to maximize their potential gains. Upon locating a target, the attacker would increase the item's price by filing a buy order for the same item.

For instance, if the victim planned to exchange 100,000 USDC for USDT at a price of 1.01, the attacker would submit a limit order to buy 50,000 USDC at 1.01. This action would raise the price of USDC, and the best price at which the victim could sell his 100,000 USDC would become 1.01.

As a result, the victim's trade would be executed at this inflated price, and he would receive fewer USDT than anticipated. To capitalize on this discrepancy, the attacker would then place a sell order for 50,000 USDC at the new, higher price, which was 1.01 in this case.

This attack method is applicable to any token on Uniswap v3, and traders can take precautions to mitigate the risk.