JaredFromSubway MEV bot hacked in $15 million crypto theft
The JaredFromSubway Ethereum MEV bot was exploited in a $15 million theft when an attacker manipulated its opportunity-detection logic by creating fake cryptocurrency trading opportunities. The attacker deployed malicious contracts that appeared profitable, tricking the bot into granting token approvals to attacker-controlled contracts. These approvals were then used to withdraw significant amounts of WETH, USDC, and USDT. The bot is a private, aggressive MEV operation known for sandwich attacks on Ethereum. JaredFromSubway has offered bounties for fund recovery and is negotiating with a white-hat group. No public patch or fix is available.
AI Analysis
Technical Summary
An attacker exploited the JaredFromSubway Ethereum MEV bot by creating fake pools and tokens that appeared as profitable MEV opportunities. The bot's automated system granted ERC-20 token approvals to attacker-controlled helper contracts, which were not revoked or consumed immediately, allowing the attacker to accumulate spending permissions. The attacker then used these approvals to withdraw approximately $15 million in various cryptocurrencies from the bot's contract via the transferFrom function. The bot operates by scanning Ethereum for MEV opportunities, including sandwich attacks. The incident was detected by blockchain security firm Blockaid. JaredFromSubway has responded by offering bounties for the return of stolen funds and is in talks with white-hat hackers, but no official patch or remediation has been announced.
Potential Impact
The attacker successfully stole $15 million worth of cryptocurrencies (WETH, USDC, USDT) by abusing the bot's logic to approve malicious contracts. This financial loss impacts the bot operator directly and highlights vulnerabilities in automated MEV bot logic related to opportunity detection and token approval management.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. JaredFromSubway has not publicly released a fix or patch. The operator has offered bounties to recover stolen funds and is negotiating with white-hat hackers. Until an official fix or update is provided, users and operators of similar MEV bots should exercise caution with automated token approvals and consider manual review or additional validation of detected opportunities.
JaredFromSubway MEV bot hacked in $15 million crypto theft
Description
The JaredFromSubway Ethereum MEV bot was exploited in a $15 million theft when an attacker manipulated its opportunity-detection logic by creating fake cryptocurrency trading opportunities. The attacker deployed malicious contracts that appeared profitable, tricking the bot into granting token approvals to attacker-controlled contracts. These approvals were then used to withdraw significant amounts of WETH, USDC, and USDT. The bot is a private, aggressive MEV operation known for sandwich attacks on Ethereum. JaredFromSubway has offered bounties for fund recovery and is negotiating with a white-hat group. No public patch or fix is available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An attacker exploited the JaredFromSubway Ethereum MEV bot by creating fake pools and tokens that appeared as profitable MEV opportunities. The bot's automated system granted ERC-20 token approvals to attacker-controlled helper contracts, which were not revoked or consumed immediately, allowing the attacker to accumulate spending permissions. The attacker then used these approvals to withdraw approximately $15 million in various cryptocurrencies from the bot's contract via the transferFrom function. The bot operates by scanning Ethereum for MEV opportunities, including sandwich attacks. The incident was detected by blockchain security firm Blockaid. JaredFromSubway has responded by offering bounties for the return of stolen funds and is in talks with white-hat hackers, but no official patch or remediation has been announced.
Potential Impact
The attacker successfully stole $15 million worth of cryptocurrencies (WETH, USDC, USDT) by abusing the bot's logic to approve malicious contracts. This financial loss impacts the bot operator directly and highlights vulnerabilities in automated MEV bot logic related to opportunity detection and token approval management.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. JaredFromSubway has not publicly released a fix or patch. The operator has offered bounties to recover stolen funds and is negotiating with white-hat hackers. Until an official fix or update is provided, users and operators of similar MEV bots should exercise caution with automated token approvals and consider manual review or additional validation of detected opportunities.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/","fetched":true,"fetchedAt":"2026-06-22T22:09:13.821Z","wordCount":702}
Threat ID: 6a39b289eed863c81e7e843f
Added to database: 06/22/2026, 22:09:13 UTC
Last enriched: 06/22/2026, 22:09:24 UTC
Last updated: 06/23/2026, 03:57:59 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.