Top-Tier MEV Bot Loses $7.5 Million: Is 'Approval' the Most Overlooked Fatal Risk On-Chain?

marsbitPublished on 2026-06-24Last updated on 2026-06-24

Abstract

The article discusses a sophisticated attack on a prominent Ethereum MEV (Miner Extractable Value) bot, Jaredfromsubway.eth, resulting in a loss exceeding $7.5 million. Unlike typical exploits involving key leaks or smart contract bugs, this attack was a carefully orchestrated "reverse hunt." The attacker spent weeks deploying fake tokens and liquidity pools that mimicked legitimate assets like WETH and USDC. These pools were designed to appear as profitable arbitrage opportunities, tricking the automated bot's trading logic. During its normal operation, the bot was induced to grant ERC-20 token approvals to the malicious contracts. Once sufficient permissions were accumulated, the attacker drained the bot's funds by calling these pre-approved allowances. This incident highlights the often-underestimated risks associated with token approvals in Web3. The article explains that approvals are a fundamental mechanism, allowing smart contracts (like DEXs) to move a user's tokens on their behalf. However, risks arise from practices like granting infinite approvals, the persistence of approvals even after disconnecting from a dApp, and the potential for a once-trusted contract to become compromised later. The piece concludes with advice for managing approval risks: users should adopt the principle of least privilege (approving only the needed amount), use separate wallets for storage versus interactions, and regularly audit and revoke unnecessary approvals using tools like Revoke....

Author: imToken

A long-running MEV bot that hunted ordinary traders on Ethereum finally fell into a 'custom-made' trap worth $7.5 million.

On June 21, the well-known Ethereum sandwich arbitrage bot Jaredfromsubway.eth was attacked, with assets including WETH and USDC transferred from its address. Preliminary statistics show losses exceeding $7.5 million (though public reports on the exact loss figure still vary).

Interestingly, this attack was neither due to private key leakage nor the exploitation of traditional smart contract vulnerabilities. Instead, the attacker deployed a large number of fake tokens, liquidity pools, and auxiliary contracts in advance, packaging them as trading paths with potential arbitrage opportunities. This lured the bot into automatically granting ERC-20 Approvals to malicious contracts during execution, ultimately allowing the assets to be 'legally' transferred away.

As of publication, Jaredfromsubway.eth has publicly messaged the attacker on-chain, stating, 'If 2150 ETH is returned within 48 hours, we are willing to offer a 50% white hat bounty. Otherwise, we will pursue all available legal and law enforcement actions.'

However, if even a highly specialized, code-driven MEV bot can stumble over an Approval, it forces us to re-examine how dangerous the 'Approval' action we use every day truly is.

I. A Reverse Hunt Designed Specifically for an MEV Bot

A careful review of this attack reveals it was not an accidentally triggered flaw but a long-term hunt designed around Jaredfromsubway.eth's trading logic.

Jaredfromsubway.eth has long been one of the most famous sandwich arbitrage bots on Ethereum. Simply put, a sandwich attack involves the bot spotting an impending on-chain transaction, buying ahead of the user to push the price up, waiting for the user to complete their transaction at a worse price, and then immediately selling to pocket the difference.

Consequently, this strategy requires the bot to continuously scan the mempool, identify arbitrage opportunities at extreme speed, and construct transaction paths calling various tokens and contracts. This also means the faster the speed and the broader the asset and protocol coverage, the more opportunities the bot can capture.

Yet, this very aspect became the entry point for this incident.

Based on post-mortem analysis, the attacker did not directly attack the bot's fund contract. Instead, they spent weeks constructing a trading environment that appeared profitable:

  • Step One: Deploy numerous fake tokens and liquidity pools. These tokens mimicked common assets like WETH, USDC, and USDT in name, interface, and trading behavior, tricking the bot's automated identification system into believing it had discovered normal trading paths.
  • Step Two: Gradually gain the bot's trust. In early tests, the approvals granted by the bot were consumed normally during transactions. Once the bot's system began repeatedly executing similar paths, the attacker adjusted the contract logic. This left some of the approvals generated by the bot unconsumed and not reset to zero after transactions, causing them to persist.
  • Finally, the attacker centrally invoked the still-valid approval limits to transfer the real WETH, USDC, and USDT from the bot's contract.

In essence, the entire attack precisely targeted the operational characteristics of MEV bots: first, create an environment that matches their profit-judgment rules; then, exploit their mechanism of pursuing automated execution of trading paths, making the system proactively hand over asset-calling permissions.

This also explains why even a highly specialized MEV bot could be tricked.

It knows how to calculate price differences, Gas costs, and transaction ordering, but may not conduct thorough identity verification for every newly appearing contract. From this perspective, the problem for ordinary users is 'confirming without understanding,' while the problem for automated bots is 'executing automatically without confirmation.'

Superficially, the two are entirely different, but the underlying risk is quite similar: both treat approval as just an ordinary step before completing a transaction, without clearly recognizing how high its hidden risk can be.

II. Why is Approval Always Underestimated?

As is well known, in the ERC-20 standard of Ethereum and EVM-compatible chains, Approve (authorization) is a fairly low-level design.

However, when users directly transfer tokens via their wallet, they typically call `transfer`, which generally doesn't involve Approve. Only in smart contract scenarios like DEXes, lending, staking, or adding liquidity—where users need a smart contract to call tokens on their behalf—does Approval come into play.

For example, when we want to swap USDT for ETH on Uniswap, Uniswap's smart contract cannot directly take USDT from your wallet. It must first execute an Approve to tell the system, 'I allow Uniswap to withdraw X amount of USDT from my wallet.'

Only after the approval is granted can the authorized contract, via `transferFrom`, call the user's USDT within the set limit, allowing the subsequent Swap to proceed smoothly.

In other words, Approval itself is not a vulnerability; it's a fundamental basis for DeFi's normal operation. The problem, however, is that it's somewhat like automatic debit permissions on Alipay/WeChat Pay:

The user hasn't given their account password to the merchant, but they have allowed the merchant to initiate debits within an agreed range. As long as the authorization remains valid, subsequent debits don't require the user to re-enter a password or confirm each transaction individually. This inherently creates issues.

First, there's the issue of infinite approval—turning a one-time transaction into long-term permission. Mainly to reduce operational and Gas costs from repeated approvals, many DApps default to requesting an extremely large approval limit, commonly known as 'infinite approval.'

A user might have only intended to use 100 USDC for a single transaction but ended up allowing the contract to potentially use all USDC in their address in the future. As long as this approval isn't revoked, even if the user's wallet only held a small amount of assets at the time, future deposits of USDC could continue to be affected.

Second, approvals don't disappear by default when you leave a DApp. Many users confuse 'disconnecting a wallet' with 'revoking approval.' In reality, disconnecting only temporarily prevents the webpage from reading or requesting the current wallet; it doesn't change the Approval already written to the blockchain.

Closing the webpage, deleting the DApp, clearing browser cache, or even changing wallet applications won't automatically invalidate it.

Finally, even legitimate contracts can become dangerous in the future. Many approval risks don't only come from phishing sites that were malicious from the start, as seen in this hunt. A user might grant permission to a protocol that was normal at the time, but later, the protocol's contract could be hacked, admin keys leaked, upgradeable logic replaced, or issues could arise with its called router contracts.

For the user, the assets remain in their address, but from a permissions perspective, another contract always retains the ability to call those assets. Therefore, Approval risk isn't just about 'did I authorize a bad actor,' but also includes 'could the entity I authorized have problems later?'

III. So, How Can We Manage Approval Risk?

Faced with Approval risk, the simplest advice is 'don't grant infinite approval.'

However, in real-world DeFi usage, completely refusing approval is impractical. As mentioned, approval itself is not a flaw; it's the basic method for on-chain applications to call assets.

What truly needs to change is transforming Approval from a one-time confirmation action into an ongoing permission management mechanism.

For ordinary users, first, it's essential to establish a few basic habits:

  • First, follow the 'principle of least privilege.' When a wallet pops up an approval prompt, try to set the limit based on the actual needs of the current interaction. For example, if you only plan to use 100 USDT, try to approve only an amount close to 100 USDT, rather than directly granting unlimited permission.
  • Second, separate storage wallets from interaction wallets. Avoid frequently connecting addresses holding large long-term assets to unfamiliar DApps. For activities like airdrops, minting, new projects, and high-risk DeFi interactions, use a separate address to limit potential losses to a smaller scope.
  • Third, regularly check and revoke approvals no longer needed. Users can utilize tools like Revoke.cash or, within imToken, navigate to the corresponding token page, click 'Token Function' in the bottom left, then select 'Authorization Management' to view approval targets, tokens, and amounts for that address. Revoke permissions that are no longer used or of unknown origin (further reading: Step-by-Step Guide to Using Revoke.cash for Authorization Management).

Of course, at the end of the day, facing unpredictable approval attacks, relying solely on user security awareness and regular checks isn't enough. After all, most users find it difficult to distinguish who a string of contract addresses belongs to or judge whether a particular approval amount is reasonable.

Therefore, as the first line of defense for users entering Web3, wallets must provide active defense in their product capabilities.

Taking imToken as an example, it marks or blocks identified risky tokens, addresses, and DApps. When users grant token permissions to ordinary external accounts or make direct transfers to contract addresses, targeted risk warnings are also provided. These warnings cannot replace user judgment but at least add a necessary safety buffer before actual signing.

Additionally, imToken performs structured parsing and human-readable presentation of signature content during key processes like DApp login, transfers, token swaps, and approvals. This aims to help users understand what they are agreeing to before confirmation, ensuring that the content users sign must be consistent with the behavior they see, rather than being compressed into an indistinguishable hash string.

With the further advancement of standards like ERC-7730 (Clear Signing), this 'What You See Is What You Sign' readable presentation is expected to gradually evolve from a single wallet's product capability into an industry standard shared among wallets, DApps, and smart contracts.

Overall, private keys determine who owns an account, while Approvals determine who else can call the assets within that account. They are not the same thing but are equally important.

This also means that wallet security cannot stop at 'has the private key been leaked.' This requires joint effort from users to wallets: For users, it's about seeing the object and amount before approving, and promptly cleaning up unnecessary permissions after interactions end. For wallets, it's about making these permissions—originally hidden within contracts—more visible, easier to understand, and more convenient to limit and revoke.

After all, what's truly dangerous might not be the transfer that just happened, but an approval long forgotten yet never invalidated.

Trending Cryptos

Related Questions

QHow did the attacker manage to steal $7.5 million from the Jaredfromsubway.eth MEV bot, and what was the core vulnerability exploited?

AThe attacker did not exploit a private key leak or a traditional smart contract vulnerability. Instead, they spent weeks creating a 'honeypot' environment by deploying numerous fake tokens and liquidity pools that mimicked legitimate assets like WETH and USDC. This setup tricked the MEV bot's automated system into identifying these as profitable arbitrage paths. During its execution, the bot was induced to grant Approvals to the malicious contracts. Once the approvals were in place and the bot had accumulated a certain level of trust through repeated interactions, the attacker called the still-valid approval limits to legally transfer the bot's real WETH, USDC, and USDT assets. The core vulnerability exploited was the bot's automated and insufficiently verified granting of ERC-20 token approvals.

QWhat are the three main reasons why Approval risks are often underestimated by users in DeFi, according to the article?

AAccording to the article, Approval risks are underestimated due to three main reasons: 1. **Unlimited Approvals**: Users often grant extremely high or infinite approval amounts to DApps to save on gas fees and repeated confirmations for future transactions, exposing all current and future tokens of that type. 2. **Persistence of Approvals**: Users commonly mistake disconnecting a wallet from a DApp interface with revoking an approval. Approvals are recorded on-chain and remain valid until explicitly revoked, regardless of closing the website or switching wallets. 3. **Future Risk of Approved Contracts**: A contract that was safe at the time of approval can later become dangerous due to exploits, admin key leaks, logic upgrades, or issues with downstream contracts it calls, posing an ongoing risk.

QWhat practical steps can ordinary users take to manage and mitigate their Approval-related risks?

AOrdinary users can take several practical steps to manage Approval risks: 1. **Principle of Least Privilege**: Only approve the specific amount needed for the current transaction, avoiding unlimited approvals whenever possible. 2. **Separate Wallets**: Use a dedicated 'hot' wallet for frequent interactions with new or high-risk DApps, and a separate 'cold' wallet for storing significant long-term assets to limit potential exposure. 3. **Regular Review and Revocation**: Periodically use tools like Revoke.cash or wallet-built-in features (e.g., imToken's 'Token Function' -> 'Authorization Management') to review all active approvals and revoke those that are no longer needed or from unknown sources.

QWhat role do wallets like imToken play in helping users defend against Approval risks, beyond user education?

AWallets like imToken provide proactive defense mechanisms at the product level: 1. **Risk Identification and Warnings**: They mark or block known risky tokens, addresses, and DApps, and provide specific risk warnings when users attempt actions like granting token approvals to external accounts or transferring directly to contract addresses. 2. **Clear Signing (Structured Transaction Decoding)**: They parse and present the content of signature requests (for logins, transfers, swaps, approvals) in a human-readable, structured format. This helps users understand what they are agreeing to before signing, ensuring 'What You See Is What You Sign' and preventing confusion with raw hash data. 3. **Support for Industry Standards**: They support the development and adoption of standards like ERC-7730 (Clear Signing) to make this safety feature a shared industry standard across wallets, DApps, and smart contracts.

QAccording to the article's conclusion, how does the importance of managing Approvals compare to protecting private keys, and what is the required approach for overall wallet security?

AThe article concludes that managing Approvals is equally as important as protecting private keys, but they address different aspects of security. The private key determines **who owns the account**, while Approvals determine **who else can move the assets within that account**. Therefore, wallet security cannot be solely focused on 'whether the private key is leaked.' A comprehensive approach requires effort from both users and wallet providers: Users must carefully review approval requests, grant minimal necessary permissions, and regularly clean up unused approvals. Wallet providers must make these on-chain permissions more visible, understandable, and easier to limit and revoke through better user interfaces and proactive safety features.

Related Reads

Goldman Sachs In-Depth Report: Who Will Be the Long-Term Winners in China's AI Large Model Industry?

Goldman Sachs Report: China's AI Models at an Inflection Point China's open-source/open-weight large language models (LLMs) have reached performance parity with top global proprietary models, according to a Goldman Sachs report. This is driven by architectural innovations and higher parameter efficiency, allowing Chinese models to achieve comparable capabilities at 2%-10% the parameter size and significantly lower cost. The market is evolving into a two-tiered structure: a high-end segment (e.g., GLM5.2, Qwen3.7 Max) with premium pricing and a low-end, price-sensitive segment for global SMEs and individual users. Key points: * **Cost & Performance:** Innovations like Mixture of Experts (MoE) enable high performance with smaller models. Projects like Meituan's LongCat 2.0, trained on domestic hardware, highlight progress in tech self-sufficiency. * **Open-Source Strategy:** Most Chinese players use open-source/open-weight models for flexibility and ecosystem growth. However, Goldman notes this may underreport actual deployment and revenue. A shift toward "open-weight + community license" models with revenue sharing (e.g., MiniMax) could improve monetization. * **Market Shift & Global Expansion:** Enterprise AI adoption is shifting from "token maximization" to "ROI-first." International expansion, especially in non-US markets, is a major growth driver. Chinese models are increasingly available on global platforms like AWS Bedrock and Microsoft Copilot. * **Competitive Landscape:** Using a framework based on pricing power, cost advantage, and financial strength, Goldman identifies **Zhipu AI and DeepSeek** as the strongest in foundational text models, and **ByteDance** as the leader in multimodal/video generation. The report maintains Buy ratings on MiniMax and Kuaishou. * **Market Growth:** China's AI model API and subscription revenue is projected to grow from an estimated ¥35 billion in 2026 to ¥879 billion by 2030.

marsbit11m ago

Goldman Sachs In-Depth Report: Who Will Be the Long-Term Winners in China's AI Large Model Industry?

marsbit11m ago

Goldman Sachs Deep Dive Report: Who Will Become the Long-Term Winners in China's AI Large Model Industry?

Goldman Sachs Report: Who Will Be the Long-Term Winners in China's AI Large Model Industry? China's AI large model sector is at a historic inflection point. Goldman Sachs argues that the intelligence of Chinese open-source/open-weight models is approaching top global proprietary models. Rapid adoption by domestic enterprises and global SMEs is creating a data flywheel effect that will further drive model iteration. The evolution is summarized as moving from "DeepSeek's cost-efficiency moment last year to GLM's model-intelligence moment this year." Chinese models achieve near-state-of-the-art performance at significantly lower cost, primarily due to architectural innovations like Mixture of Experts (MoE) and higher parameter efficiency. Models like DeepSeek V4 Pro (1.6T params), GLM5.2 (0.7T), and MiniMax M3 (0.4T) are much smaller than global leaders. Recent advancements in coding capability are attributed to better data curation and RLHF. Landmarks like Meituan's LongCat 2.0, trained fully on domestic AI chips, demonstrate progress in hardware stack independence. The market is forming a "two-tiered structure." The high-end tier (e.g., GLM5.2, Alibaba's Qwen3.7 Max) prices around $1 per million tokens, about 10-25% of US top models, with estimated inference gross margins of 10-20%. The low-end tier (priced as low as $0.06-$0.2 per million tokens) targets price-sensitive global SMEs and individuals. MiniMax derives 60-70% of revenue overseas. Goldman forecasts China's AI model API/subscription revenue to grow from an estimated RMB 35bn in 2026 to RMB 879bn by 2030. Most Chinese players adopt open-source/open-weight strategies for deployment flexibility and community feedback, though this limits monetization as deployments on third-party platforms (e.g., Alibaba Cloud) may not generate direct revenue. A shift towards "open-weight + community license" models with revenue-sharing agreements (like MiniMax's approach) could improve unit economics. International expansion, particularly in non-US markets, is the key growth driver. The global enterprise AI paradigm is shifting from "token maximization" to "ROI prioritization." Chinese models are already hosted on major global platforms like AWS Bedrock and are under consideration for integration into Microsoft Copilot. Using a competitive framework based on pricing power, cost advantage, and financial strength, Goldman identifies the strongest players: In foundational text models, Zhipu AI (initiated coverage) and DeepSeek lead. In multimodal/video generation, ByteDance's Seed is the frontrunner, with Kuaishou's Kling and MiniMax's Hailuo also well-positioned. Goldman maintains a Buy rating on MiniMax, citing its attractive valuation.

链捕手16m ago

Goldman Sachs Deep Dive Report: Who Will Become the Long-Term Winners in China's AI Large Model Industry?

链捕手16m ago

Is Ethereum Truly a "World Computer"?

Title: Is Ethereum Really a "World Computer"? Ethereum, envisioned as a "world computer" by its founder Vitalik Buterin, aims to be a decentralized platform for global applications. However, a recent analysis by Four Pillars raises questions about whether it is more accurately a "Western computer," based on the geographical distribution of its validators. Currently, the United States dominates with 38.19% of all validators, followed by Germany at 13.04%. Combined, these two countries account for over half of the network. In contrast, Asian representation is minimal, with Singapore holding only 3.15%. The concentration is partly due to affordable cloud hosting services like Hetzner and OVH in Europe and North America, as well as the prevalence of residential validators in the U.S., where individuals run nodes via home internet connections. When examining professionally operated validators, the distribution becomes more balanced. The U.S. share drops to 25.81%, while Asian countries like Singapore (7.28%), Hong Kong (6.44%), Japan (6.38%), and South Korea (4.59%) collectively approach the U.S. level. This shift reflects strategic deployments by institutions to meet regulatory requirements and reduce latency for local users. However, regions like South America, the Middle East, and Africa remain underrepresented. Ethereum's peer-to-peer network mechanisms, such as gossipsub, disadvantage areas with low node density, creating a feedback loop where delayed message propagation reduces validator performance and rewards. This imbalance challenges Ethereum's promises of censorship resistance and global accessibility. Despite these issues, opportunities exist for growth in underrepresented regions. As demand for localized staking infrastructure rises, early entrants in areas like the Middle East could establish dominant positions by offering compliant, low-latency solutions. The evolving validator landscape highlights both the structural challenges and the potential for Ethereum to move closer to its "world computer" ideal.

Foresight News2h ago

Is Ethereum Truly a "World Computer"?

Foresight News2h ago

Trading

Spot

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of ETH (ETH) are presented below.

活动图片