Skip to content
Active Currencies: 17,407
Market Cap: $2.286T
Bitcoin Dominance: 56.30%
24h Market Cap Change: $0.57

$7.5mln Jaredfromsubway exploit exposes THIS DeFi security risk

As automated trading systems grow across DeFi, operational security is emerging as a challenge alongside smart contract risk.

Written by Written by Muriuki Lazaro
Reviewed by Reviewed by Renuka Tahelyani
Updated June 21, 2026
Jaredfromsubway loses $7.5M after approval-based exploit - Is automation outpacing security?

On the 20th of June, Jaredfromsubway.eth Maximal Extractable Value (MEV) bot was exploited, leading to losses amounting to $7.5 million. First, the attacker created a token (wrapper) and a liquidity pool that mimicked a profitable opportunity.

As the bot interacted with the opportunities, the attacker managed to maliciously alter the trading logic of the bot. This enabled the attacker to trick MEV bots into automating the approval process, giving the attacker-controlled contract lasting approval to withdraw funds.

The proceeds of the exploit included 1,583 in Ethereum [ETH], 2.87 million in USD Coin [USDC], and 2.09 million in Tether [USDT]. The assets were later consolidated and swapped in 4,427 ETH. This made it easier for the attacker to launder the proceeds while reducing their fragmentation.

Source: X

Shortly after that, multiple exact transfers of 100 ETH flowed into Tornado Cash. Each of these was in the amount of approximately $172k. This approach mattered because smaller deposits make fund tracing more difficult for the authorities.

As laundering activity accelerated, at least 1,000 ETH entered Tornado Cash. The movement suggests the attacker shifted focus from extraction to concealment. Therefore, the exploit evolved beyond the initial theft, with investigators now tracking efforts to break the on-chain trail and complicate fund recovery.

The rising stakes of automated trading systems

The Jaredfromsubway exploit arrived as MEV bots continued expanding their influence across on-chain markets.

For years, automated bots have evolved to multi-billion dollar execution engines capable of finding and executing opportunities across multiple blockchains, including Ethereum [ETH], Solana [SOL], and layer 2 networks.

As capital concentrates within these programs, operational risks become more significant. The Jaredfromsubway exploit highlighted this.

Rather than finding the flaw in the smart contract, the hacker found a way to target the token approvals embedded in the bot’s workflow. Therefore, hackers tend to exploit access rather than errors in coding.

Even though there have been numerous exploits that have resulted in losses amounting to hundreds of millions, revocation rates remain extremely low. Thus, as automation continues to drive both liquidity and price discovery in DeFi, managing permissions is becoming one of DeFi’s most pressing security issues.

Final Summary

  • The $7.5M Jaredfromsubway exploit highlights how attackers increasingly target workflows and permissions rather than code vulnerabilities.
  • Growing capital concentration in MEV infrastructure is raising the stakes of operational failures across on-chain markets.

 

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Muriuki Lazaro

Journalist

Muriuki Lazaro is a on-chain data analyst with a B.Sc. in Data Science. Muriuki specializes in dissecting complex on-chain data into clear and accurate insights for readers in the crypto ecosystem, with a particular focus on Bitcoin.

Related Articles

AMBCrypto
Facebook X Instagram Youtube Linkedin

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.