MEV Myth Buster #1: Why Your Passive Limit Orders Are Actually Active Targets
Zero Capital, Full Profit: How Bots Arbitrage Your Passive Orders Against Themselves
If you’ve spent any time onchain, you’ve seen the whispers:
Limit orders are passive, so they’re safe.
Only whales get sandwiched.
Flash-loan exploits? Just edge cases.
Everyone pays the same gas, so the playing field is fair.
Ethereum’s blockspace says otherwise.
Behind every transaction is a battle-tested supply chain of searchers, builders, and validators—an ecosystem that rewards speed, creativity, and, sometimes, downright audacity. Over the next ten posts, we’ll dissect the real transactions that shatter people's comforting stories about DeFi.
Please think of this series as MythBusters for MEV: one by one, we’ll place a popular belief under the microscope, replay the raw on-chain evidence, and show exactly how value was extracted.
What to Expect
A crisp myth up top — the sentence you might have heard in Discord.
A cinematic replay — flow-charts and Lego-diorama visuals of the actual block.
Microstructure breakdowns — why a bot could act, who got paid, who got drained.
Takeaways you can use — concrete settings, habits, and mental models to stay safer (or, if you’re a builder, less exploitable).
The Ten Myths We’ll Tackle
Unfilled limit orders are harmless.
Providing liquidity can’t be sandwiched.
Private mempools solved swap-sandwiches.
Small trades fly under the radar.
Gas fees on Etherscan show the full cost.
A single hack affects only one protocol.
The “best” arbitrage is a lucky one-off.
Scam tokens and MEV are separate worlds.
Flash-loan attackers risk their own capital.
Bots specialize; they don’t blend strategies.
Each myth corresponds to a case study you can open in your block explorer and verify for yourself. No hypotheticals, no red-lined theory—just live ammunition pulled straight from Ethereum’s dark forest.
Buckle up and let’s go.
🦄Myth:
Limit orders feel safe.
You’re not swapping blindly. You’re not even active.
You set a price, wait, and assume the worst-case is that you don’t get filled.
But in DeFi, even your passive intent can be exploited.
In this case, a searcher made money by triangulating two stale orders left by the same user—and filled them using no upfront capital.
🧠 What Happened
The bot arbitraged a price gap between two stale limit orders—using only the user’s own liquidity.
That’s right: the bot filled one order with the proceeds from the other.
🔬Microstructure
🧬 Key Steps Breakdown
Before this transaction, the user had set two limit orders on the same token pair and created price discrepancies, unintentionally offering an arbitrage opportunity to searchers.
Buy Order: One to buy MOODENG with WETH, with a price of 2.5E-08 WETH.
Sell Order: One to sell MOODENG for WETH with price being 3.3E-08 WETH
Even worse: both orders touched the same liquidity pool – the user’s EOA.
Step 0: The bot borrows 17M MOODENG from the user’s sell limit order.
Step 1: It borrows 0.5618 WETH from the user’s buy order on the same token.
Step 2: It returns the MOODENG to fulfill part of the buy order.
Step 7: It returns 0.4256 WETH to fulfill part of the sell order.
The user walks away with both orders partially filled.
The bot walks away with 0.1362 WETH in pure arbitrage profit.
No risk. No capital. Just execution.
Steps 3 and 4 are the wrapping and unwrapping of ETH.
The searcher tipped the builder 0.1351 ETH in Step 5 and pocketed the remaining 0.0011 ETH.
It might seem like the searcher only took 0.0011 ETH, but that is not the actual number. Here is why.
🧑🤝🧑Key Entities
The bot and the builder receiving the 0.1351 ETH tips were integrated, which we will explain next.
🔁 Not a Fluke
The same bot executed 30 similar arbitrages in the same block—positions 1 through 31. Its first transaction even targeted the same token pair again, arbitraging between the same user and a Uniswap V2 pool.
That kind of positional dominance at the top of a block is unusual.
A deeper look reveals why: over 95% of this bot’s builder tips went to a small builder called turbobuilder—far outside the norm.
In comparison, major builders like Titan and BeaverBuild usually control around 90% of block production.
This isn’t a typical MEV flow.
It suggests tight searcher-builder integration—a pattern we’ll revisit in later cases.
But for now, the takeaway is simple:
These weren’t clever market reads.
They were systematic extractions from stale public intent.
Because in DeFi, your orders don’t have to be filled…
They just have to be visible.
⚠️ Your Takeaway
You don’t need to swap tokens to be exploited.
In DeFi, leaving mismatched limit orders open is like offering a zero-risk arbitrage to bots.
You can click this link or open https://bit.ly/hfdefi to download the free ebook Head First DeFi, Decoding the DNA of Crypto Transactions & Strategies. We are adding more intriguing cases in 2024. Let us know if you want to be part of it.
Follow us via these to dig more hidden wisdom of DeFi:
EigenTx | Website | Discord | Twitter | YouTube | Substack | Medium | Telegram