Jaredfromsubway trading bot suffered a $7.5 million theft on Saturday, exposing its core logic to a malicious actor and prompting the bot’s operator to offer a bounty for the exploit.
Attack Overview
The incident unfolded when an attacker flooded the bot with deceptive transactions, leveraging counterfeit tokens and rogue smart contracts. Blockaid, the security firm monitoring the breach, reported that the scheme allowed the perpetrator to siphon legitimate funds while the bot continued scanning for profitable trades.
Mechanics of the Exploit
Jaredfromsubway typically executes sandwich attacks—placing orders before and after pending trades to manipulate price execution on decentralized exchanges. In this case, the bot was tricked into granting permission to move assets, a step required for its automated strategy, which the attacker exploited to drain capital.
Aftermath and Market Impact
Following the breach, a portion of the stolen cryptocurrency was routed through Tornado Cash, a privacy‑focused mixer on the blockchain. Investors watching the incident noted heightened scrutiny of automated trading bots, while the crypto market absorbed the shock without a noticeable shift in overall price levels.