JaredFromSubway Ethereum MEV bot hit by network compromise

Timeline

1. 23.06.2026 00:52 1 articles · 2h ago

   Fake MEV opportunities trick JaredFromSubway into granting helper-contract approvals

   Exploitation Observed

   An attacker deployed contracts that appeared to be profitable MEV opportunities, causing JaredFromSubway's automated execution system to analyze routes, generate trades, and grant ERC-20 token approvals to attacker-controlled helper contracts.

   Show sources

   • JaredFromSubway MEV bot hacked in $15 million crypto theft — www.bleepingcomputer.com — 23.06.2026 00:52

   Open in new tab
2. 23.06.2026 00:52 1 articles · 2h ago

   Open approvals drain WETH, USDC, and USDT from the JaredFromSubway MEV bot

   Victim Impact Update

   The attacker accumulated valid spending permissions without immediately using them and then used the open approvals to withdraw WETH, USDC, and USDT from the JaredFromSubway MEV bot contract via transferFrom, resulting in a reported $15 million loss.

   Show sources

   • JaredFromSubway MEV bot hacked in $15 million crypto theft — www.bleepingcomputer.com — 23.06.2026 00:52

   Open in new tab
3. 23.06.2026 00:52 2 articles · 2h ago

   Blockaid detects the drain and JaredFromSubway confirms the fake-pool trick

   Initial Disclosure

   Blockaid detected the drain on Saturday, and JaredFromSubway confirmed that fake pools and tokens were used to trick the bot into approving helper contracts; the operator also offered a $3 million bounty for the full return of the stolen funds.

   Show sources

   • JaredFromSubway MEV bot hacked in $15 million crypto theft — www.bleepingcomputer.com — 23.06.2026 00:52
   • JaredFromSubway MEV bot hacked in $15 million crypto theft — www.bleepingcomputer.com — 23.06.2026 00:52

   Open in new tab