Son Dakika
TRAydın Kuşadası'nda Sahil Keyfi Faciayla Bitti: 3 Kişi Hayatını KaybettiDESelenskyj befürchtet russische Angriffe vor Nato-GipfelRUМАГАТЭ проконтролирует использование Украиной британского урана в мирных целяхCN喬科維奇溫網創紀錄 賽史勝場王超越費德爾RUКейруш объявил об уходе с поста тренера сборной Ганы по футболуFRVenezuela earthquake: Over 3,300 dead, over 17,000 homelessRUНорвегия обыграла Бразилию и вышла в четвертьфинал ЧМTR2026 Dünya Kupası Brezilya: 1 - Norveç: 2 | MAÇ SONUCUKR트럼프, 중간선거 앞두고 '공산주의' 프레임 공세…박물관 역사관도 겨냥RUFIFA Suspends Balogun Ban, Clearing US Striker for Belgium ClashTRAydın Kuşadası'nda Sahil Keyfi Faciayla Bitti: 3 Kişi Hayatını KaybettiDESelenskyj befürchtet russische Angriffe vor Nato-GipfelRUМАГАТЭ проконтролирует использование Украиной британского урана в мирных целяхCN喬科維奇溫網創紀錄 賽史勝場王超越費德爾RUКейруш объявил об уходе с поста тренера сборной Ганы по футболуFRVenezuela earthquake: Over 3,300 dead, over 17,000 homelessRUНорвегия обыграла Бразилию и вышла в четвертьфинал ЧМTR2026 Dünya Kupası Brezilya: 1 - Norveç: 2 | MAÇ SONUCUKR트럼프, 중간선거 앞두고 '공산주의' 프레임 공세…박물관 역사관도 겨냥RUFIFA Suspends Balogun Ban, Clearing US Striker for Belgium Clash
Newsgather
GeriJaredfromsubway MEV Bot Loses $7.5 Million in Allowance Drain Attack
Jaredfromsubway MEV Bot Loses $7.5 Million in Allowance Drain Attack
Gelişiyor
CryptoSlate21.06.2026Teknoloji3 dk okuma

Jaredfromsubway MEV Bot Loses $7.5 Million in Allowance Drain Attack

Hızlı Bakış

  • The Jaredfromsubway.eth MEV bot, responsible for 70% of Ethereum sandwich attacks, lost over $7.5 million due to an allowance drain.
  • An attacker exploited the bot's automated system by creating imitation tokens and liquidity pools, tricking the bot into authorizing contracts to spend its real tokens, leading to the theft of WETH, USDC, and USDT.

Yapay zekâ özeti

Neden Önemli?

The Jaredfromsubway.eth bot, a major player in Ethereum's MEV market, was targeted through an allowance drain, leading to a loss of over $7.5 million in WETH, USDC, and USDT.

Yazı boyutu

The Jaredfromsubway MEV bot, linked to roughly 70% of Ethereum sandwich attacks, lost more than $7.5 million in an allowance drain after its automated system authorized attacker-controlled contracts to spend its tokens.

The bot, known as Jaredfromsubway.eth, approved a series of transactions that appeared to be part of profitable trading routes. Those permissions remained active, allowing the attacker to remove wrapped ether and two major stablecoins from contracts associated with the operation.

The incident effectively caused one of Ethereum’s largest extractive trading systems to approve its own theft. It also highlights a vulnerability facing automated traders that must evaluate markets, authorize contracts, and execute transactions within seconds.

Onchain security company Blockaid said the attacker did not compromise the bot’s private keys or exploit a flaw in a widely used decentralized finance protocol. Instead, the operation targeted the rules the bot used to identify and pursue potential profits.

How Jaredfromsubway.eth was drained

According to Blockaid, the attacker had spent several weeks deploying imitation tokens, liquidity pools, and supporting contracts that resembled markets the bot might normally trade against.

The fake assets included versions of wrapped Ethereum, USDC, and USDT, paired via trading routes designed to generate profitable-looking signals. Jaredfromsubway.eth detected those routes and followed its usual process of permitting helper contracts to move tokens as part of the expected trades.

Some early transactions used the permissions as anticipated, helping establish a pattern that the bot’s system continued to accept. Later transactions left the approvals unused.

That distinction gave the attacker an opening through ERC-20 approvals, which allow another address or smart contract to spend a specified amount of tokens belonging to the approving account.

The permission can remain available after the original transaction unless it is exhausted, reduced, or revoked.

Once the attacker had accumulated enough unspent allowances, the contracts used the ERC-20 transferFrom function to move real WETH, USDC, and USDT from the bot’s accounts.

On-chain records show repeated transfers totaling about 92 WETH, $143,000 USDC, and $149,000 USDT from a contract linked to the bot. The funds were directed to an address controlled by the attacker.

Yearn Finance developer Banteg described the final operation as an allowance drain rather than a conventional token swap. A coordinating contract called a withdrawal function across dozens of subsidiary contracts, which checked the bot’s balances and their remaining permissions before transferring the available tokens.

Some of the proceeds were subsequently sent through Tornado Cash, a crypto-mixing service that can make funds more difficult to trace.

A dominant sandwich operator becomes the target

Jaredfromsubway.eth has operated since 2023 and became one of the most prominent participants in Ethereum’s market for maximal extractable value (MEV).

MEV refers to revenue generated by changing the order in which blockchain transactions are processed. In a sandwich attack, a bot identifies a pending trade and buys the asset first, pushing up its price. The user’s transaction then executes at the less favorable price before the bot sells, capturing the difference.

That made Jaredfromsubway.eth one of Ethereum’s most visible sandwich attack bots before the same automation became the route into its own funds.

The loss to any individual trader may be small. Across tens of thousands of transactions, however, the strategy can generate substantial revenue while increasing trading costs and network fees.

According to reports, these attacks imposed an estimated $60 million in annual costs on traders, while about 70% were associated with a single operator identified as Jaredfromsubway.eth.

Açık Sorular

  • Will other MEV bots implement stricter security measures?
  • Can the stolen funds be recovered?
  • What are the long-term implications for Ethereum MEV security?

İlgili Konular

Bu haber ilk olarak şurada yayınlandı: CryptoSlate.

İlgili Haberler

Bu konuda daha fazlaMEV