Jaredfromsubway, one of the best-known MEV bots on the Ethereum network, has reportedly been attacked, with millions of dollars worth of assets stolen. According to a community alert shared b
Jaredfromsubway, one of the best-known MEV bots on the Ethereum network, has reportedly been attacked, with millions of dollars worth of assets stolen.
According to a community alert shared by Blockaid, the company’s vulnerability detection system identified an attack targeting the jaredfromsubway MEV bot on Ethereum. Initial assessments suggest that the attackers manipulated the bot’s automated MEV execution mechanism, directing the system to validate tokens for contracts under their control.
Related News: Watch Out: An Altcoin Liquidity Pool on PancakeSwap Has Been Hacked
Blockaid stated that at least $7.5 million worth of assets were stolen in the incident, while on-chain sources indicated that the total loss exceeded $15 million. The company added that the incident was not a classic phishing attack or a traditional smart contract vulnerability in the victim’s contract.
The attack was based on tricking the bot’s mechanism for automatically evaluating seemingly profitable MEV opportunities. The attackers created fake wrapper tokens and liquidity pools, pairing fake routes such as fWETH, fUSDC, and fUSDT with fCAP tokens. These transactions appeared to the MEV bot as lucrative arbitrage opportunities.
As a result, the bot approved auxiliary contracts controlled by the attackers as addresses with spending authority. In the initial test operations, it was noted that the approvals given were immediately consumed within the route and did not leave any permanent permission behind. However, in subsequent operations, the attackers created routes that the bot approved but where this permission was neither consumed nor revoked.
*This is not investment advice.
Continue Reading: Attention: One of the Best-Known Cryptocurrency Platforms Has Been Hacked! Significant Losses Reported
