One of Ethereum’s most famous MEV bots, known as JaredFromSubway, was reportedly sold out for around $7.5 million after attacker-controlled contracts tricked its automated system into granting token approvals.
TL;DR
- The JaredFromSubway MEV robot was reportedly dumped for around $7.5 million.
- Security firm Blockaid said the bot was tricked into approving malicious trade routes.
- The attacker then used these approvals to extract contract assets from the robot.
- The incident appears to target the bot’s own automation, not Ethereum itself.
CoinDesk reported that Blockaid identified the exploit, saying contracts controlled by the attacker tricked the bot into approving fake trade routes. These approvals were then used to remove WETH, USDC, and USDT from the bot contract. The incident attracted attention because JaredFromSubway has long been associated with aggressive sandwich trading on Ethereum.
The irony is hard to ignore. MEV bots are designed to exploit tiny timing and routing advantages in on-chain markets. In this case, the bot’s own automation seems to have become the weakness. Instead of extracting value from other users, she was manipulated into approving contracts that then depleted her balances.
What happened
The reported exploit was not a hack of Ethereum’s core protocol. Nor was it a widespread failure of a major DeFi application used by ordinary depositors. The target was a specific MEV bot and the logic it used to interact with contracts during automated trading.
This distinction is important. MEV infrastructure evolves rapidly and often relies on highly automated decision-making. If this automation can be caused to approve the wrong contract, the risk can be serious because transactions execute with little human control.
Reportedly, the attacker prepared the trap using fake routes or contracts that the bot interpreted as profitable opportunities. Once approvals were granted, the attacker used them to transfer assets. In DeFi terms, this is a reminder that approvals are powerful permissions, not harmless signatures.
Why traders care
The story is bigger than a single robot running out of steam. This highlights a risk that applies to all automated trading systems: speed can become brittle. Bots competing in MEV markets must act faster than human traders, but this also means they can be vulnerable to carefully designed traps.
For Ethereum users, the incident may seem like poetic justice, as sandwich bots are widely hated. But the technical lesson is broader. Any system that grants token approvals based on automated contract interactions requires strict guarantees, simulation, and route verification.
The impact on the market is unlikely to come from the dollar amount alone. A leak of $7.5 million is significant, but not systemic. The biggest impact is on the reputation of the MEV infrastructure and perhaps the operation of robot operators who must now review their approval logic more aggressively.
For now, this should be treated as a targeted exploit against a trading bot, not a network-wide security event.
This report is based on information from Blockaid.
This article was written by the News Desk and edited by Samuel Rae.
Editorial process as Bitcoinist focuses on providing thoroughly researched, accurate and unbiased content. We follow strict sourcing standards and every page undergoes careful review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance and value of our content to our readers.
