Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026

    HTTPS Doesn't Hide This From Your ISP!! – YouTube

    June 30, 2026

    6 Key Takeaways: Strengthening Public Safety Through Collective Defense

    June 30, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»JaredFromSubway MEV bot hacked in $15 million crypto theft
    News

    JaredFromSubway MEV bot hacked in $15 million crypto theft

    adminBy adminJune 22, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    JaredFromSubway MEV bot hacked in $15 million crypto theft

    The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities.

    The drain was detected on Saturday by blockchain security firm Blockaid, and today, JaredFromSubway confirmed that the attacker used fake pools and tokens to trick the bot into approving helper contracts.

    According to Blockaid, the attacker deployed contracts designed to appear as profitable MEV opportunities to JaredFromSubway’s automated execution system.

    image

    The bot automatically analyzed routes and trade opportunities that seemed financially rewarding. It then generated the transactions needed to execute them, granting ERC-20 token approvals to contracts controlled by the attacker.

    It appears that the attacker planned the heist carefully, as early transactions served as harmless tests to help confirm the bot’s action routines. Later, the threat actor changed the route so that the allowance was not consumed or revoked after the bot granted approvals.

    The attacker accumulated valid spending permissions without immediately using them, reaching up to 92.1614 WETH approved to an attacker-controlled helper contract.

    Finally, the attacker used the open approvals to withdraw WETH, USDC, and USDT from the JaredFromSubway MEV bot contract via the transferFrom function.

    Blockaid

    Karma slaps back

    MEV bots are ultra-fast automated trading systems that scan Ethereum and other blockchains for opportunities to make money by exploiting the order and timing of transactions before they are included in a block.

    JaredFromSubway is a private MEV operation with no publicly available code, known as one of Ethereum’s most aggressive and visible “sandwich”-bot operations.

    In a sandwich attack, the bot detects a user’s pending trade, places a buy order immediately before it, and then sells immediately afterward, profiting from the price movement caused by the victim’s transaction.

    The practice is controversial because it often results in worse prices for regular traders while generating profits for the bot operator.

    Tweet

    Initially, JaredFromSubway offered a $3 million bounty to the attacker for the full return of the stolen funds, promising no further action would be taken.

    After receiving no response, JaredFromSubway increased the bounty to $7.5 million for the return of just 50% of the stolen amount, with $1 million to be given to the community.

    JaredFromSubway is also negotiating with “a white-hat hacking group” on the stolen $15 million but there is no confirmation of a deal yet.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleAre Public Libraries Becoming Children’s Libraries?
    Next Article Miasma Worm Source Code Leaked + What NPM v12 Means for Developers | Threat Wire
    admin
    • Website

    Related Posts

    News

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026
    News

    6 Key Takeaways: Strengthening Public Safety Through Collective Defense

    June 30, 2026
    News

    Anthropic to restore Claude Fable access on Wednesday

    June 30, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026

    HTTPS Doesn't Hide This From Your ISP!! – YouTube

    June 30, 2026

    6 Key Takeaways: Strengthening Public Safety Through Collective Defense

    June 30, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.