Last week decentrailzed finance (DeFi) researcher Michael Nadeau highlighted a strange transaction in which someone swapping two stablecoins, USDC for Tether, started with $221,000 but only received $5,000. Was it a fat fingered trader who was fleeced, or money laundering?

If one were executing a similar transaction via online banking, they usually ask you to approve the FX rate. If you don’t agree quickly enough, the rate changes.

DeFI automated market makers (AMMs) take a slightly different approach so that all the questions are asked in advance. Instead of requesting rate approval, they ask how much slippage you are willing to tolerate when swapping two cryptocurrencies.

So if you say you are willing to bear 1% slippage that means you might only get 99 cents in Tether for every $1 in USDC. If you are only willing to tolerate 0.01% slippage, there’s a reasonable chance your transaction won’t complete and you will have to try again.

Uniswap’s user interface makes 1% the maximum slippage, to protect traders. But if someone wants to execute transactions in code using the API, they have more flexibility. This particular trader failed to set the minimum acceptable amount they expected to receive.

On its own, that would not have been enough to get fleeced to this extent. AMMs work with liquidity pools and use an algorithm to determine the exchange rate. The rate is influenced by the balance of funds between the two currencies in the trading pair. If there isn’t enough of one of the currencies, then the rate can get lopsided.

MEV and front running

Here’s where it gets messier. The Ethereum block builder executed a front running transaction. Even though the Uniswap liquidity pool for USDC to Tether had around $35 million, the builder made the pool completely lopsided, draining the USDC out of the pool, resulting in a silly exchange rate so that the trader apparently got fleeced. That front running transaction was quite a complex one that involved interacting with a pool on Curve as well as Aave.

After executing the transaction that appeared to lose $216,000, the next transaction (more-or-less) reversed the front running transaction. However, that reversal transaction also paid the block builder, bob-the-builder, more than $200k in ETH.

We took a look at bob-the-builder’s transactions, and 12 March seemed to be an exceptionally profitable day compared to the previous month. Apart from the $200k transaction, there were five other big ones yielding around $440k. During the previous month it mostly earned small amounts with the occasional $4k transaction and a handful of transactions earning around $25k.

Is it money laundering?

Several commentators on X reckoned these transactions might be money laundering, including a co-founder of DeFi Llama. That’s because the source of the funds came from mixer-like addresses and some of the wallets were single use. If the trader is sufficiently sophisticated, the likelihood of making such a major mistake is slim.

Uniswap’s API documentation has specific notes on how to protect against this. Instead of using a slippage percentage, the trader should set the minimum amount they expect to receive, to say $219,000 in this case.

“amountOutMinimum: we are setting to zero, but this is a significant risk in production. For a real deployment, this value should be calculated using our SDK or an onchain price oracle – this helps protect against getting an unusually bad price for a trade due to a front running sandwich or another type of price manipulation.”

The argument against the transaction being money laundering is the fact it’s so public.

Even if it is money laundering, this does not provide a good for reason for institutions to avoid using permissionless blockchains. If one used that rationale, nobody could use banks.

In related news, this morning regulated crypto exchange OKX suspended its DEX aggregator service. OKX provides conventional centralized trading as well as aggregating decentralized exchanges (DEXs) across various blockchains into a single user interface, which allows non-custodial trading. It suspended the DEX aggregator after detecting activities by North Korea’s Lazarus group, and plans to institute additional upgrades, following the recent addition of hacker tracking features. While the suspension was voluntary, it consulted with regulators. OKX is registered in Malta under EU’s MiCA regulations.

Meanwhile, the New York Federal Reserve explored block building, concluding that most builders comply with sanctions. It observed that non-compliant builders often earned low fees, implying it was a conviction issue.

Update: added OKX DEX aggregator suspension