RSS

JaredFromSubway MEV bot hacked in $15M crypto theft

ilreb1 pts0 comments

JaredFromSubway MEV bot hacked in $15 million crypto theft

Home<br>News<br>Security<br>JaredFromSubway MEV bot hacked in $15 million crypto theft

JaredFromSubway MEV bot hacked in $15 million crypto theft

By Bill Toulas

June 22, 2026

05:52 PM

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities.

The drain was detected on Saturday by blockchain security firm Blockaid, and today, JaredFromSubway confirmed that the attacker used fake pools and tokens to trick the bot into approving helper contracts.

According to Blockaid, the attacker deployed contracts designed to appear as profitable MEV opportunities to JaredFromSubway's automated execution system.

The bot automatically analyzed routes and trade opportunities that seemed financially rewarding. It then generated the transactions needed to execute them, granting ERC-20 token approvals to contracts controlled by the attacker.

It appears that the attacker planned the heist carefully, as early transactions served as harmless tests to help confirm the bot&rsquo;s action routines. Later, the threat actor changed the route so that the allowance was not consumed or revoked after the bot granted approvals.

The attacker accumulated valid spending permissions without immediately using them, reaching up to 92.1614 WETH approved to an attacker-controlled helper contract.

Finally, the attacker used the open approvals to withdraw WETH, USDC, and USDT from the JaredFromSubway MEV bot contract via the transferFrom function.

Karma slaps back

MEV bots are ultra-fast automated trading systems that scan Ethereum and other blockchains for opportunities to make money by exploiting the order and timing of transactions before they are included in a block.

JaredFromSubway is a private MEV operation with no publicly available code, known as one of Ethereum's most aggressive and visible &ldquo;sandwich&rdquo;-bot operations.

In a sandwich attack, the bot detects a user's pending trade, places a buy order immediately before it, and then sells immediately afterward, profiting from the price movement caused by the victim's transaction.

The practice is controversial because it often results in worse prices for regular traders while generating profits for the bot operator.

Initially, JaredFromSubway offered a $3 million bounty to the attacker for the full return of the stolen funds, promising no further action would be taken.

After receiving no response, JaredFromSubway increased the bounty to $7.5 million for the return of just 50% of the stolen amount, with $1 million to be given to the community.

JaredFromSubway is also negotiating with "a white-hat hacking group" on the stolen $15 million but there is no confirmation of a deal yet.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

FBI: Americans lost a record $21 billion to cybercrime last year<br>USB worm spreads crypto-stealing malware via Windows shortcut files<br>New Rokarolla Android malware targets 217 banking, crypto apps<br>FBI: Fraudsters use couriers to steal money in crypto scams<br>Exploit released for Ivanti Sentry bug abused as zero-day in attacks

CryptoCurrency

DeFi

Exploit

Financial Theft

Trading

Bill Toulas

Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Klue OAuth breach victim list grows as Icarus hackers claim attack

Webinar: How attackers bypass MFA and how defenders can respond

Microsoft: June 2026 Windows updates break Recycle Bin prompts

Sponsor Posts

Don't just map the problem with AI agent sprawl, fix it.

Microsoft 365 doesn’t fully protect your data. See how Acronis Cyber Protect fills the gap.

Overdue a password health-check? Audit your Active Directory for free

CTI Starter Kit + 2026 SANS CTI Survey

AI is a data-breach time bomb: Read the new report

Upcoming Webinar

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...

SUBMIT

jaredfromsubway attacker million crypto theft hacked

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.