Jaredfromsubway.eth, the MEV bot known for front‑running trades, suffered a $7.7 million loss after an exploit on Saturday, wiping out more than $7.5 million of its holdings.
Exploit Overview
Blockaid confirmed that the attacker drained the bot’s treasury by siphoning 1,583.5 ETH (approximately $2.75 million), 2.87 million USDC, and 2.09 million USDT. The malicious actor promptly swapped the entire haul for 4,427 ETH, valuing the stolen assets at roughly $7.7 million.
Attack Mechanics
The perpetrator deployed 66 counterfeit token contracts that mimicked Wrapped ETH, USDC, and USDT, pairing each with fabricated liquidity pools to lure the bot. By granting these fake contracts permission to access its treasury, the bot unintentionally opened a backdoor that the attacker triggered in a single blockchain transaction, emptying its balances across ETH, USDC, and USDT.
Aftermath and Market Impact
Approximately 1,000 ETH from the stolen pool has already been funneled into TornadoCash, indicating an effort to launder the proceeds. Investors monitoring the crypto market now view the incident as a cautionary tale about automated strategies, while the ETH price hovered near $1,735 during the breach.