92.1614 WETH approved to an attacker-controlled helper contract before a single dollar moved. That's the scale of the trap that snared JaredFromSubway, one of Ethereum's most aggressive sandwich bots, costing it $15 million in WETH, USDC, and USDT.
Fake Pools That Looked Like Free Money
Blockaid spotted the drain on Saturday. The attacker deployed contracts that appeared as profitable MEV opportunities, complete with fake liquidity pools and tokens. JaredFromSubway's automated execution system analyzed the routes, saw what looked like a rewarding trade, and generated the transactions to execute it. Those transactions granted ERC-20 token approvals to contracts the attacker controlled.
The attacker didn't just dump the approvals. They ran harmless test transactions first to confirm the bot's action routines, then swapped the route so that the allowance was neither consumed nor revoked after approval. They let the bot accumulate spending permissions - up to that 92.1614 WETH figure - and only then hit transferFrom to drain the balance.
A $7.5 Million Bounty That Went Unanswered
JaredFromSubway first offered $3 million for a full return, no questions asked. No response. So they doubled it: $7.5 million bounty (half the stolen amount, with $1 million to go to the community) for returning just 50% of the funds. Still nothing.
The bot operator is now negotiating with an unnamed white-hat hacking group, but no deal's confirmed. Meanwhile, the attacker sits on a clean $15 million profit from exploiting a system designed to extract value from everyone else.
Private MEV bots like JaredFromSubway have no public code, making them black boxes that only their operators can audit. This attack is a reminder that if you run automated trading logic on public blockchains, you're betting the house that every input your bot consumes is real. Fake pools cost $15 million - next time it could be worse.
Source: JaredFromSubway MEV bot hacked in $15 million crypto theft
Domain: bleepingcomputer.com
Comments load interactively on the live page.