Coverage from Bleeping Computer indicates that the JaredFromSubway Ethereum MEV bot experienced a significant financial loss of $15 million due to an attacker exploiting its opportunity-detection logic.The exploit, detected by blockchain security firm Blockaid, involved an attacker creating fake cryptocurrency trading opportunities using fabricated pools and tokens. These deceptive setups tricked the JaredFromSubway bot into approving helper contracts controlled by the attacker. The bot, designed for rapid identification and execution of profitable MEV opportunities, analyzed these fake routes, believing them to be financially rewarding. The attacker meticulously planned the heist, initially conducting harmless test transactions to confirm the bot's routines before altering the route to accumulate spending permissions without immediate use.Ultimately, the attacker leveraged these accumulated approvals to withdraw WETH, USDC, and USDT from the bot's contract. MEV bots like JaredFromSubway, known for aggressive "sandwich" attacks, scan blockchains for transaction timing advantages. JaredFromSubway initially offered a $3 million bounty for the return of funds, later increasing it to $7.5 million for 50% of the stolen amount, but has received no response. Negotiations with a "white-hat hacking group" are ongoing.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds