An attacker exploited a high-profile MEV bot by creating fake tokens and pools, draining $7.5M in WETH, USDC, and USDT.
A notorious MEV bot, Jaredfromsubway.eth, was exploited for $7.5M after an attacker created fake wrapper tokens and liquidity pools, including counterfeit WETH, USDC, and USDT. The fake routes mimicked profitable trades, tricking the bot into approving attacker-controlled contracts to spend real funds.
The bot’s automated system, designed to chase maximum extractable value (MEV) opportunities, generated approvals for the attacker’s contracts. Unlike typical trades, these approvals remained open, allowing the attacker to drain the bot’s assets in a final sweep. The exploit targeted the bot’s reliance on automated approvals without additional safeguards.
The incident highlights vulnerabilities in MEV infrastructure, where bots prioritize speed over security. Market participants noted the irony of a bot known for sandwich attacks falling victim to a similar exploit.