AMM Vulnerabilities and Exploits: How DeFi Liquidity Pools Get Drained

Automated Market Makers (AMMs) power most of today’s decentralized exchanges. Uniswap, SushiSwap, Curve - they all run on the same basic idea: instead of order books, they use math to set prices. Liquidity providers deposit tokens into pools, and traders swap tokens against those pools. Simple. Efficient. But broken in ways that cost millions every month.

How AMMs Work (The Simple Version)

AMMs use a formula - usually x * y = k - to price assets. If you put 100 ETH and 200,000 USDC into a pool, the product is 20 million. No matter how much you trade, that product must stay constant. So if someone buys 10 ETH, the pool gives them ETH and takes USDC until 90 ETH * new_USDC = 20 million. The price changes automatically.

This works great until someone finds a way to game the math.

Flash Loan Attacks: Borrowing Millions to Steal Thousands

A flash loan lets you borrow any amount of crypto - as long as you pay it back within the same transaction. No collateral. No credit check. Just code.

Here’s how attackers use it:

1. Borrow $10 million in USDC via a flash loan.
2. Use it to buy all the ETH in a small AMM pool - say, a pool with only $500,000 in liquidity.
3. The price of ETH in that pool skyrockets because the pool is now 95% USDC.
4. Go to a bigger exchange (like Uniswap) and sell that ETH at the inflated price.
5. Return the $10 million USDC to the lender. Keep the profit.

This isn’t theory. In 2023, a single flash loan attack drained $60 million from a DeFi protocol using this exact method. The attacker didn’t hack a wallet. They didn’t steal a private key. They just used the AMM’s own pricing logic against itself.

Sandwich Attacks: The Bot That Bites You

Imagine you’re trading 1000 DAI for ETH on Uniswap. You think you’re getting a fair price. But a bot sees your transaction before it’s confirmed. It jumps in - buys ETH right before you, then sells it right after you.

Here’s the trick:

• Bot sees your pending trade.
• Bot buys ETH from the pool - pushing the price up.
• Your trade executes at the higher price - you get less ETH than expected.
• Bot sells the ETH it bought - now at your inflated price - and pockets the difference.

This is called a sandwich attack. The bot sandwiches your trade between two of its own. It’s legal because it happens on-chain. No one’s breaking rules. They’re just faster.

Research from Chainalysis in 2024 showed that over $1.2 billion was extracted from DeFi users via sandwich attacks in just one year. Most victims never even realized they were targeted.

Impermanent Loss Isn’t Just a Risk - It’s a Weapon

Impermanent loss is when the value of your deposited tokens changes compared to just holding them. It’s often framed as a "risk" for liquidity providers. But attackers turn it into a weapon.

Here’s how:

• An attacker floods a pool with one token - say, a newly launched meme coin with no real value.
• They lure in liquidity providers who think the coin will pump.
• Once enough liquidity is locked in, the attacker dumps the token - crashing its price.
• Liquidity providers are stuck with a pool full of worthless coins and a huge impermanent loss.
• The attacker walks away with the stablecoins (USDC, DAI) from the pool - and the real value.

This is called a "rug pull" via AMM manipulation. It doesn’t require a smart contract bug. Just bad incentives and human greed.

MEV and Front-Running: The Invisible Tax on Traders

Maximal Extractable Value (MEV) is the profit miners or validators can make by reordering, inserting, or censoring transactions in a block. In AMMs, MEV isn’t optional - it’s built in.

Validators can see all pending transactions. They can:

• Delay your trade to let a bot front-run you.
• Reorder trades to maximize their own profit.
• Even cancel your trade entirely if it’s not profitable for them.

Studies from MIT and Stanford found that up to 15% of all DeFi trades are affected by MEV. That means for every $100 you trade, $15 might vanish into the pockets of block producers - not because of a hack, but because the system is designed to let them do it.

Smart Contract Bugs: The Code That Doesn’t Add Up

Not all AMM exploits are clever. Some are just sloppy code.

In 2022, a DeFi protocol used a flawed rounding function in its AMM math. When users swapped tiny amounts of tokens, the system didn’t properly calculate fees. The error was less than 0.001% per trade. But over 800,000 trades, it added up to $23 million stolen.

Another example: a protocol allowed users to withdraw liquidity while still holding a debt from a previous trade. The math didn’t check for negative balances. Attackers drained over $12 million before the bug was patched.

These aren’t futuristic threats. They’re daily occurrences. In 2024, over $1.8 billion was lost to DeFi exploits - 78% of them tied directly to AMM logic or implementation flaws.

Why These Attacks Keep Working

AMMs are open, permissionless, and trustless. That’s their strength. But it’s also their weakness.

No one is monitoring trades. No customer support line. No chargebacks. If you lose money to a sandwich attack, there’s no one to call. The blockchain doesn’t care if you got tricked.

Worse, most AMMs are built on the same open-source code. Fix one bug, and you fix it for everyone - but only if someone finds it first. Until then, every copy of that code is vulnerable.

How to Protect Yourself

If you’re a trader:

• Use limit orders instead of market orders - they’re less likely to be sandwiched.
• Check the slippage tolerance before confirming a trade. Set it below 1% if possible.
• Avoid trading in pools with less than $10 million in liquidity. Smaller pools are easier to manipulate.

If you’re a liquidity provider:

• Only provide liquidity to well-audited pools (look for audits from CertiK, Trail of Bits, or OpenZeppelin).
• Avoid new tokens with no trading history. They’re prime targets for rug pulls.
• Use multi-signature wallets for large deposits - don’t let one private key control your funds.

And always remember: if it looks too good to be true - a 1000% APY on a new token - it probably is.

The Bigger Picture

AMMs were supposed to democratize finance. They did - but they also created new ways for the smartest players to take money from the rest.

The vulnerabilities aren’t going away. They’re evolving. Flash loans are now used with AI to predict price movements. Sandwich bots run on private RPCs that bypass public mempools. MEV is being formalized into "liquid staking" products that hide the theft.

DeFi isn’t broken. It’s just raw. And until we build better guardrails - not just code audits, but economic incentives that reward honesty - the attacks will keep coming.

The next time you swap tokens on a decentralized exchange, ask yourself: who’s really making money here? And are you part of the plan - or just part of the profit?