On the 20th of June, Jaredfromsubway.eth Maximal Extractable Value (MEV) bot was exploited, leading to losses amounting to $7.5 million. First, the attacker created a token (wrapper) and a liquidity pool that mimicked a profitable opportunity.
As the bot interacted with the opportunities, the attacker managed to maliciously alter the trading logic of the bot. This enabled the attacker to trick MEV bots into automating the approval process, giving the attacker-controlled contract lasting approval to withdraw funds.
The proceeds of the exploit included 1,583 in Ethereum [ETH], 2.87 million in USD Coin [USDC], and 2.09 million in Tether [USDT]. The assets were later consolidated and swapped in 4,427 ETH. This made it easier for the attacker to launder the proceeds while reducing their fragmentation.
Shortly after that, multiple exact transfers of 100 ETH flowed into Tornado Cash. Each of these was in the amount of approximately $172k. This approach mattered because smaller deposits make fund tracing more difficult for the authorities.
As laundering activity accelerated, at least 1,000 ETH entered Tornado Cash. The movement suggests the attacker shifted focus from extraction to concealment. Therefore, the exploit evolved beyond the initial theft, with investigators now tracking efforts to break the on-chain trail and complicate fund recovery.
The rising stakes of automated trading systems
The Jaredfromsubway exploit arrived as MEV bots continued expanding their influence across on-chain markets.
For years, automated bots have evolved to multi-billion dollar execution engines capable of finding and executing opportunities across multiple blockchains, including Ethereum [ETH], Solana [SOL], and layer 2 networks.
As capital concentrates within these programs, operational risks become more significant. The Jaredfromsubway exploit highlighted this.
Rather than finding the flaw in the smart contract, the hacker found a way to target the token approvals embedded in the bot’s workflow. Therefore, hackers tend to exploit access rather than errors in coding.
Even though there have been numerous exploits that have resulted in losses amounting to hundreds of millions, revocation rates remain extremely low. Thus, as automation continues to drive both liquidity and price discovery in DeFi, managing permissions is becoming one of DeFi’s most pressing security issues.
Final Summary
- The $7.5M Jaredfromsubway exploit highlights how attackers increasingly target workflows and permissions rather than code vulnerabilities.
- Growing capital concentration in MEV infrastructure is raising the stakes of operational failures across on-chain markets.