I read an interesting on-chain story, the mev bot had just taken away 100w u, and then it was hacked immediately after, with all 1100 ETH being stolen 🤣👇:

In 2022, a user on eth used 180w u of cUSDC to exchange for USDC, but was squeezed by the famous mev bot 0xBAD, receiving only 500 USDC.

However, shortly after, another hacker address (0xb9f7) discovered a contract vulnerability in 0xBAD. When using DYDX's flash loan, the protocol calls back a "callFunction" function, and this mev bot seems to have caused the hacker to gain authorization for the attack contract by not correctly authenticating, transferring all 1100 ETH of 0xBAD.

The most dramatic thing is that 0xBAD, after being hacked, still tried to threaten the hacker, sending a message on-chain:

“
Congratulations, we overlooked this momentarily and you managed to take advantage of it, which is indeed not easy to detect. We hope to work with you to resolve this matter. Please return the funds to 0x19603D249DF53d8b1650c762c4dF31f013Dce840 before 23:59 GMT on September 28. We will consider this a white hat action and reward you with a 20% bug bounty on the amount recovered, with the payment method of your choice. If the funds are not returned by then, we will have no choice but to use all means to cooperate with the relevant authorities to recover the funds.
”

However, in the end, I only received mockery from the other party:
“
For those ordinary users who have suffered losses due to your MEV attacks, will you return their assets? Please fully refund all affected users by September 28 at 23:59 GMT, and we will consider this act as a white hat behavior. As a gesture of goodwill, we will return 1% of the total amount recovered as a reward, and the payment method can be decided by you. If the refund is not made on time, we will have to use all means to collaborate with the relevant authorities to recover the funds.
”

——on-chain is the dark forest, code is law, you will eventually pay for coming out.
source: