Jaredfromsubway.eth’s Ethereum MEV bot was siphoned of over $7.5 million after an attacker repurposed the bot’s own automated trading logic against it.
How the Attack Was Executed
The bot, notorious for sandwich attacks, typically monitors pending transactions, buys ahead of them, forces the victim to trade at a worse price, and then sells the position for a tiny hidden profit. Attackers leveraged this pattern by deploying dozens of counterfeit token contracts and artificial liquidity pools that mimicked assets such as WETH, USDC and USDT.
When the bogus pools appeared profitable, the bot generated approvals for attacker‑controlled helper contracts, granting them permission to move tokens on its behalf. Those approvals were immediately exercised, allowing the adversary to drain the bot’s balances and convert the stolen assets at prevailing market prices.
Impact on the Crypto Market
Investors watching the incident notice a sharp rise in gas fees and a heightened awareness of predatory MEV behavior that does not benefit the blockchain ecosystem. The $7.5 million loss underscores the risk that automated traders pose to market stability and highlights the need for stronger safeguards.
Response and Future Safeguards
Security firm Blockaid clarified that the breach differed from typical phishing attacks and did not stem from a simple contract bug, but from a targeted manipulation of the bot’s decision‑making engine. Moving forward, developers are expected to incorporate stricter validation of token sources and limit approval scopes to protect both investors and the broader crypto infrastructure.