Picture of the author

数字Catalyst

06/23 03:50

Notorious MEV Bot JaredFromSubway Drained of ~$7.5M After Fake-Route Approval Scam

Headline: Notorious MEV bot “JaredFromSubway” reportedly drained for ~$7.5M after attacker tricked it into granting token approvals A high-profile Ethereum MEV bot long associated with aggressive sandwich trading, known as JaredFromSubway, has reportedly lost roughly $7.5 million after attacker-controlled contracts duped its automation into granting token approvals, CoinDesk reports citing blockchain security firm Blockaid. What happened - According to Blockaid, the attacker deployed fake routes/contracts that the bot’s decision logic interpreted as profitable opportunities. The bot automatically approved those contracts as part of its trading flow. - Once those permissions were in place, the attacker used them to siphon WETH, USDC and USDT from the bot’s contract, draining the reported amount. Why this matters - This wasn’t a compromise of Ethereum’s base protocol, nor a failure of a mainstream DeFi app used by ordinary depositors — the exploit targeted one specific MEV bot and the automated logic it uses to interact with contracts. - The incident underscores a general risk across automated trading infrastructure: speed-driven automation can be a double-edged sword. MEV bots must act faster than humans to capture tiny routing or timing advantages, but that same automation can be manipulated into approving malicious contracts with little human oversight. Technical takeaway - Token approvals on-chain are powerful permissions, not innocuous signatures. If a bot or strategy automatically approves counterparty contracts based solely on simulated profit or route heuristics, adversaries can craft traps that look profitable but are designed to steal funds once permissions are granted. - Blockaid’s assessment frames the exploit as social-engineering of automation — fake routes convinced the bot to sign approvals, and those approvals were later used to transfer assets out. Broader impact - In pure dollar terms, $7.5 million is meaningful but not systemic for the overall Ethereum or DeFi ecosystem. The larger consequences are reputational for MEV infrastructure and operational for bot operators, who will now likely tighten approval logic, add more rigorous route verification, and increase pre-execution simulations and human checks. - For many observers, there’s an added layer of irony: a bot built to extract value from other traders was itself manipulated into being the victim. Bottom line Treat this as a targeted exploit of a trading bot’s automation, not a network-wide security failure. The episode is a reminder for all automated DeFi systems to treat approvals with extreme caution and to harden their decision-making pipelines against adversarial inputs. Sources: Blockaid (as reported by CoinDesk). Read more AI-generated news on: undefined/news
#HTX Invites You to Share 600K USDT in Gift Packs#2026 World Cup Posting Challenge on HTX Square#TradFi Trading Strategies Sharing Challenge
1Partilhar

Todos os comentários0Mais recentePopular

avatar
Mais recentePopular