On July 6, 2026, a trader lost nearly $2 million after swapping 1,126.44 ETH for just 5,776 LIT tokens worth about $14,200. The incident exposed risks in DEX aggregators for large trades. The wallet withdrew ETH from Binance twice shortly before the swap. It then used a 0x aggregator that routed part of the order through a low-liquidity AVAIL/WETH pool on Uniswap V3. This caused the trader to buy AVAIL at roughly 120 times its fair market price.
Someone swapped 1,126.44 $ETH($2.01M) for only 5,776 $LIT($14,208), losing nearly $2M! 😱https://t.co/T86wIi7T76 pic.twitter.com/0ETOQ2ApR6
— Lookonchain (@lookonchain) July 6, 2026
Technical Breakdown
- Approximately 1,116.87 ETH converted to over 6.67 million AVAIL on Uniswap V3 at an inflated rate.
- AVAIL swapped to about 14,508 USDC on Uniswap V3.
- USDC converted to 5,775.66 LIT on Uniswap V4.
In the same block, a backrunner extracted value by selling a small amount of externally sourced AVAIL into the distorted pool. This yielded around 1,072 WETH, of which about 1,018 ETH went to Titan Builder as a builder payment. GoPlus Security identified this as a textbook same-block backrun arbitrage, not a direct sandwich attack.
Attack Details
- Victim wallet: 0xff89a35854e9c203bba1cc3ca408d0822cbe981e
- Key routing issue: Low-liquidity AVAIL/WETH pool on Uniswap V3
- Stolen value: Nearly $2 million extracted via backrun
- Beneficiary: Titan Builder received the majority share
LIT serves as the native token of Lighter, a zero-knowledge rollup perpetuals and spot exchange on Ethereum. The incident did not stem from any vulnerability in the Lighter protocol itself. This type of user execution risk comes amid a wave of diverse security challenges across the ecosystem. For instance, prediction market platform Polymarket faced a $3 million frontend exploit in June after hackers compromised a third-party vendor and injected malicious JavaScript.
Previous Context
Similar MEV-related losses have occurred in past large swaps where aggregators selected suboptimal routes. Titan Builder has profited from comparable pool imbalances in prior incidents. The event also echoes broader user vulnerabilities, such as the case of a Kraken and Coinbase user who lost approximately $6.7 million through rapid unauthorized withdrawals from both platforms. Attackers drained significant ETH, BTC, and cbBTC holdings, with much of the funds quickly laundered through Tornado Cash.
The trade had no significant effect on LIT’s overall price or Lighter’s TVL. However, it highlights user-level risks in DeFi execution. Liquidity providers in the affected AVAIL pool likely benefited from the temporary imbalance and fees.
Industry Context
This case connects to ongoing DeFi security trends and operational shifts in the space. According to a Q2 2026 crypto security report, the industry saw 124 hacking incidents resulting in $812 million in losses, with infrastructure failures and compromised admin keys driving nearly 79% of the total damage. Such incidents, alongside frontend supply-chain attacks and targeted user compromises, underscore the importance of robust safeguards at every layer, from smart contract execution to user interfaces and personal custody practices. Traders should verify routes, split large orders, and apply tight slippage settings when moving funds on-chain.

















