The prominent Ethereum Maximal Extractable Value (MEV) bot, known as Jaredfromsubway.eth, has reportedly been exploited, leading to a loss of approximately $7.5 million. The incident, detailed in an analysis by on-chain security firm Blockaid, points to a sophisticated transaction approval trap mechanism as the method of attack.
TL;DR:
Prominent Ethereum MEV bot Jaredfromsubway.eth exploited for $7.5 million. Attack utilized a transaction approval trap targeting a router contract vulnerability. Sophisticated automated bots remain susceptible to protocol-level smart contract traps, as noted by Blockaid. Exploit Mechanism DetailedBlockaid, which first detected and flagged the exploit on its on-chain monitoring channels, explains that the attack involved forcing the bot into specific, unfavorable transactions. The analyst says this was achieved by leveraging a weakness in how the bot processed transaction approvals. Essentially, the attacker tricked the bot into approving and executing trades that benefited the attacker at the bot’s expense.
