Skip to content
- Attackers drained $7.5 million after deceiving Ethereum’s notorious MEV bot.
- Fake token contracts enabled withdrawals from automated trading systems.
- Stolen assets were converted into ETH before funds moved.
The notorious MEV bot jaredfromsubway.eth is a member of the Ethereum community that lost out on $7.5 million from a high-stakes scam that involved his automated trading system. Blockaid, a blockchain security firm, was able to identify dozens of seemingly legitimate contracts, revealing millions in assets, in the hack. Onchain analyst Specter spotted the incident initially when he noticed a single wallet that lost over $7 million in a single transaction, which was associated with the bot. According to Blockaid, the attacker cashed out 1,474.58 WETH, nearly $2.9 million worth of USDC, and approximately $2 million worth of USDT.
The attack was carried out without a stolen private key or a phishing attack or a vulnerability in a widely used decentralized finance platform, Blockaid said. Instead, the attacker tried to deceive the bot’s automatic trading system with well-designed fake trading signals. Jaredfromsubway.eth has been in service on Ethereum since early 2023, and is one of the most popular sandwich bots in the ecosystem. The operator had a reputation for conducting trades against pending trades for added value to the market participant.
Also Read: Strategy Raises STRC Appeal With New Twice-Monthly Dividend Schedule
Fake Token Contracts Set the Stage for the Drain
In the course of the investigation, Blockaid discovered that the attacker took months to launch 66 fake versions of the tokens (WETH, USDC and USDT) that mimic the tokens. In addition, fake liquidity pools have been established to give the impression of profit to the bots’ algorithms.
The bot interacted with those contracts to sign the attacker’s helper contracts to spend the tokens on the bot’s account. The first trades were made on a normal basis and even with small profits. That bot continued, then, to communicate with the threat infrastructure. It was to be a different matter, however, for larger deals. A pseudonymous developer banteg claims to have been the one who developed the contracts and that the contracts were intended to behave differently under certain conditions.
For larger transactions, however, those approvals were still in place. This allowed the attacker to still have access to a large amount of the bot’s finances. The report found 16 active WETH allowances that have a total of about 1,474.58 WETH. Remarkably, this is the same amount as was removed in the last exploit.
Stolen Assets Converted Into ETH
The stolen funds were then converted to ~4,427 ETH after the exploit. 1,000 ETH was then sent to Lookonchain’s onchain tracker, which shows that it was deposited into Tornado Cash. In the meantime, an X account named jaredfromsubway.eth said that the bot has lost $15 million and was offering a $1 million reward for any information. However, several on-chain researchers questioned the authenticity of the account and there is no evidence of the account belonging to the operator itself.
The incident is one of the biggest losses for a prominent MEV player in the year. It also shows the potential of how attackers can use automated trading systems, creating realistic fake markets and obtaining dangerous token approvals.The attacker was able to create a chain of fake tokens and manipulated liquidity pools, and used the bot’s trading algorithm as a conduit to a multimillion-dollar heist.
Also Read: Algorand Targets 2027 for Quantum-Resistant Upgrades Across Network
