Key Takeaways:
The Jaredfromsubway.eth MEV bot lost about $15 million in an advanced exploit. Attackers manipulated the bot’s automated trading logic using fake tokens and liquidity routes. The incident exposed a critical risk in MEV automation rather than a flaw in Ethereum itself.One of Ethereum’s most notorious MEV operators has become the victim of a highly unusual attack. The Jaredfromsubway.eth MEV bot was emptied of approximately $15 million after a special attack against the bot to bypass the automated execution system and gain approvals on tokens.
You guys seriously think $15 million is a big deal for me? 😂
I will keep front running you all 👊 https://t.co/gkAbJaf8wz
— Jaredfromsubway.eth (@jaredsmev) June 21, 2026
It quickly gained traction in the cryptocurrency community, and this weakness was not in the private keys or phishing techniques, or even a standard smart contract vulnerability.
Attackers Turned the Bot’s Logic Against It
Blockaid described the incident as an exploit of an automated MEV execution system. Instead of directly compromising the bot, the attacker spent time constructing fake trading environments designed to appear profitable. These are all fake wrapper tokens along with liquidity pools that appear to be real trading routes with WETH, USDC and USDT.
The bot’s algorithms recognized the interactions on the routes as potential arbitrage or MEV opportunities and automatically interacted with these routes. In the context of that decision, the system granted helpful contracts that the attacker controlled permission to purchase tokens for the system.
Fake Routes Created a Hidden Attack Surface
The exploit wasn’t a one-and-done operation. In the beginning, both fake routes responded as they should, and approvals would be used when executing. This gave the appearance of authenticity, and built trust into the bots automation process.
Read More: $2.1M Aztec Exploit Sparks Alarm as Funds Drain From Long-Abandoned Privacy Protocol
Critical Token Approvals Remained Active
Later the attacker added routes that were approved for the operation, but not used. Those permissions were still active and the attacker enabled supply permissions to assets owned by the MEV bot.
The attacker then utilised the ERC-20 transferFrom function to transfer WETH, USDC and USDT from the bot’s wallet to an attacker address they controlled.
Not a Smart Contract Hack or Phishing Scam
Security researchers stressed that this exploit was not the same as a lot of the prevalent, high-profile crypto exploits. There has not been any vulnerability found in Ethereum, nor has there been any private keys stolen. Similarly, the attack did not use any retail-users common phishing attack method.
The second way was not with the automatic earning of the bot, but by taking advantage of its weakness. The attacker now offers up the seemingly lucrative opportunities and makes the system grant permission for its own ante.
This situation illustrates the level to which trading bots can present individual security concerns if the very benefit of automation is to rush through the initiation of trade processes without adequate validation of counterparties and approvals.
Read More: $50M Exploit Finally Forces Radiant Capital Shutdown After 18 Months of Recovery Efforts
The post Ethereum’s Most Feared MEV Bot Loses $15M After Approving Its Own Exploit in Trap appeared first on CryptoNinjas.
Bengali (Bangladesh) · 
English (United States) ·