The Hunter Becomes the Hunted: The Most Profitable MEV Bot Gets Hacked
A well-known and highly profitable Ethereum MEV Bot, Jaredfromsubway.eth, suffered a sophisticated on-chain attack this Saturday, losing over $7.5 million. Analysis by Blockaid and others reveals this was not a conventional phishing or smart contract exploit, but a targeted "counter-MEV honeypot attack."
The attacker meticulously laid a trap over several weeks, deploying 66 fake token contracts and liquidity pools disguised as major assets like WETH and USDC. These pools created the illusion of arbitrage opportunities. The MEV Bot's automated system detected these signals, executed trades, and in the process, granted approval permissions to attacker-controlled contracts. These approvals were not revoked, creating a persistent vulnerability. The attacker then exploited this in a single transaction, draining the bot's ETH, USDC, and USDT holdings.
Jaredfromsubway.eth is notorious as one of Ethereum's most active and profitable MEV Bots, primarily known for executing "sandwich attacks" to profit from transaction slippage. Estimates suggest it has earned tens of millions in MEV revenue. The incident highlights escalating crypto security threats, demonstrating that even top-tier automated "predators" are vulnerable to novel, logic-based attacks designed to exploit their own operational rules.
Following the hack, an unverified X account impersonating Jaredfromsubway.eth emerged, falsely offering a bounty for the return of funds, prompting developer warnings for users to stay vigilant.
marsbit4 год тому
