- JaredFromSubway reportedly lost between $7.5M and $15M in funds.
- Attackers used fake token contracts to trick automated trading logic.
- Bot operator offered $1M bounty for the stolen funds return.
The MEV Bot Exploit involving Ethereum’s well-known JaredFromSubway trading system has become one of the most discussed security incidents in decentralized finance this month. Reports indicate the bot suffered losses ranging from approximately $7.5 million to $15 million after attackers manipulated its automated trading logic.
JaredFromSubway built its reputation by executing sandwich trades, a strategy that profits from transactions detected in Ethereum’s mempool. However, security researchers say the same automation that generated profits was ultimately used against it.
MEV Bot Exploit Used Fake Tokens to Trigger Approvals
According to blockchain security firm Blockaid, the MEV Bot Exploit did not rely on a smart contract vulnerability, private key compromise, or phishing attack. Instead, attackers reportedly created dozens of counterfeit token contracts designed to resemble widely used assets such as WETH, USDC, and USDT.
The automated trading system identified these contracts as profitable opportunities. As the bot interacted with them, it unknowingly approved token spending permissions to attacker-controlled contracts.
Researchers said one approval alone granted access to more than 92 WETH. Once enough permissions had been accumulated, a final contract executed the drain and removed funds from the bot’s wallets.
Blockaid described the event as a sophisticated reverse-MEV strategy. Rather than attacking infrastructure directly, the perpetrators exploited assumptions built into the bot’s execution framework.
MEV Bot Exploit Highlights Risks of Automated Trading Systems
The MEV Bot Exploit demonstrates how highly automated trading strategies can become vulnerable when operating at scale. JaredFromSubway became famous in 2023 for consuming massive amounts of Ethereum gas while conducting sandwich attacks.
By aggressively chasing profitable trades, the bot processed transactions faster than most market participants. However, attackers reportedly spent weeks preparing fake liquidity pools and deceptive token contracts specifically designed to attract its attention.
Following the incident, the operator claimed losses exceeded $15 million and publicly offered a $1 million reward for the return of funds. A separate $50,000 bounty was announced for information identifying those responsible.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. CoinCryptoNewz is not responsible for any losses incurred. Readers should do their own research before making financial decisions.
