A Japanese corporate pension fund plans to start investing in crypto assets in fiscal 2026, in a rare move for the country’s retirement sector. 

The National Business Corporate Pension Fund, based in Okayama City, serves about 1,200 small and medium-sized companies and manages about 21.3 billion yen, or roughly $136 million, according to CoinPost, citing Nikkei.

The fund reportedly plans to allocate about 1% of total assets to crypto. The exposure would come through a passive fund managed by a major hedge fund and would hold multiple crypto assets. The fund has not disclosed the exact tokens or the manager.

Fund cites currency risk as main reason

The reported allocation is not being framed as a short-term bet on crypto prices. CoinPost said the main goal is currency risk diversification. The fund’s fiscal 2025 asset mix stood at 80% yen, 15% dollars and 5% other currencies.

For fiscal 2026, the fund plans to cut yen exposure to 70% and add a 10% allocation to developed-market currencies. Another 5% would include emerging-market currencies, gold and crypto. Aiyu Kiguchi, the fund’s investment executive director, reportedly said the dollar “may lose its status as a reserve currency,” explaining why the fund did not raise dollar holdings.

Six years of research led to decision

Kiguchi also reportedly said the fund reached its view after about six years of research. He said the market had “matured” as the investor base became deeper. The fund is also studying funds that use arbitrage strategies across several crypto assets.

The plan remains small by design. A 1% allocation would give the pension fund exposure while limiting direct pressure on its wider portfolio. That matters because defined benefit plans must protect retirement savings and manage losses with care. CoinPost said the fund has a funded ratio above 140% and an effective equity ratio above 30%.

Japan’s crypto rules are changing

The pension plan comes as Japan moves toward a wider rewrite of crypto rules. As previously reported by crypto.news, Japan’s lower house passed a bill on June 11 to move crypto assets from the Payment Services Act to the Financial Instruments and Exchange Act.

Crypto.news also reported that the linked 20% tax rate is a target for 2028, not an immediate change. The same legal shift could help open a path for regulated crypto exchange-traded funds in Japan, although further upper-house review and rulemaking are still needed.

Osaka Exchange also eyes Bitcoin futures

Separately, CoinPost noted that Osaka Exchange, part of Japan Exchange Group, aims to launch Bitcoin futures in 2028 if spot Bitcoin ETFs become legal in Japan. The exchange would use futures to meet hedging demand from institutional investors. 

Reuters reported this month that a ruling party panel also urged Japan to build a legal framework for crypto ETFs and promote yen stablecoins in Asia. Together, these moves show how Japan is trying to place crypto inside regulated market channels rather than leave it only to direct exchange trading.

The pension fund’s plan marks a cautious step by a medium-sized Japanese asset owner. It does not change the risk profile of crypto assets. It does show that some domestic institutions now see limited crypto exposure as part of currency and portfolio planning.

Bitcoin steadied near $64,000 over the weekend, clawing back part of Friday’s drop, as traders weighed the start of US-Iran ceasefire talks against a renewed threat to close the Strait of Hormuz.

The token traded around $64,200 on Sunday, up 0.9% over 24 hours but roughly flat on the week, per CoinDesk data, after dropping below $63,000 on Friday. Most majors firmed alongside it.

Ether rose 0.5% on the day and 3.3% on the week to $1,734, solana gained 1.5% to $73 and tron added 1.2%. Hyperliquid’s HYPE slipped 2% on the day but remains the week’s standout, up 14.8%. Dogecoin was the weakest major, down 4.9% over seven days.

Bitcoin has gone nowhere on net this week, rallying early on the signed Iran deal, selling off Friday in a broad risk-off move, and stabilizing over the weekend.

The weekend’s focus is Switzerland, where US and Iranian officials, including Vice President JD Vance, are due to open talks on a permanent ceasefire, per Bloomberg.

The negotiations follow the memorandum of understanding President Donald Trump signed last week, which set a 60-day window that can be extended.

Ethereum’s well-known MEV bot JaredFromSubway was drained after an attacker used contracts that made its automated trading system grant token approvals, according to Blockaid.

The security firm said the incident was not a normal phishing case and not a direct bug in the victim contract. 

“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said. 

The firm said the bot approved attacker-controlled contracts during routes that appeared to be profitable MEV trades.

🚨Community Alert:
Blockaid Exploit Detection system detected an exploit involving the @jaredsmev MEV bot on Ethereum.
The incident resulted from attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.…

— Blockaid (@blockaid_) June 20, 2026

Blockaid says approvals stayed open

Blockaid said the attacker first tested routes where approvals were used at once, leaving no open allowance. Later, the attacker changed the route design so the bot gave approvals that were not spent or revoked.

One example cited by Blockaid involved an approval of about 92.16 WETH to an attacker helper contract. Etherscan data for the transaction showed jaredfromsubway.eth interacting with its MEV Bot 2 contract before the later sweep. The transaction record also showed ERC-20 movements tied to the same automated route.

Final sweep hit WETH, USDC and USDT

The final transaction used the open approvals to pull WETH, USDC and USDT from the JaredFromSubway MEV bot contract through transferFrom. Etherscan showed transfers from “jaredfromsubway: MEV Bot 2” to the attacker wallet beginning with 0x3e37.

Blockaid put the drained amount at about $7.5 million. The JaredFromSubway account later claimed the loss was $15 million and offered a $1 million bounty for the full return of the funds. That difference has not been fully explained in the public posts reviewed.

🚨 Major incident: My MEV bot JaredFromSubway.eth was just drained for $15M

I am offering a $1,000,000 USD bounty for the full return of the funds

No Q asked. Full confidentiality and safe return guaranteed. This is a legitimate, time-sensitive bounty.
Contact me privately. https://t.co/5VXfdg9tap

Advertisement

— Jaredfromsubway.eth (@jaredsmev) June 20, 2026

How the attacker turned the bot’s logic against it

The attack appears to have targeted the bot’s own trading workflow. MEV bots watch Ethereum activity and act on transactions that look profitable. In this case, attacker-controlled contracts made the route look useful enough for the bot to approve spending rights.

The attacker used 66 fake token contracts that copied the look and function of WETH, USDC and USDT. These contracts were paired with fake liquidity pools. The setup pushed the bot toward approvals that later became the path for the drain.

JaredFromSubway’s record is back in focus

JaredFromSubway is one of Ethereum’s most watched sandwich bots. In a sandwich attack, a bot places trades before and after a user’s swap. This can give the user a worse price while the bot captures the spread.

As previously reported by crypto.news, JaredFromSubway targeted a small swap by Ethereum co-founder Vitalik Buterin in April, using about $1.14 million in WETH volume across SushiSwap and Uniswap V2. Crypto.news also reported in 2023 that the bot used 455 ETH in gas within 24 hours and accounted for about 7% of Ethereum gas use during that period.

The exploit now puts attention on token approvals used by automated systems. The case shows how a system built to act quickly on open market data can be steered into unsafe permissions when controls around approvals are weak. It also adds a new chapter to the wider debate over MEV, sandwich trades and user protection on Ethereum.

For now, the key public details remain split between Blockaid’s technical thread, the on-chain records and posts from the JaredFromSubway account. No recovery had been confirmed in the reviewed updates.

US-listed spot Bitcoin exchange-traded funds (ETFs) are enduring a prolonged stretch of withdrawals, registering their largest 30-day net outflow since trading began in January 2024. The move comes during a broader risk-off period for crypto markets and underscores how ETF flows can diverge from short-term price headlines.

According to Galaxy Research data shared on social media, US spot Bitcoin ETFs recorded $6.35 billion in net outflows over the trailing 30 trading days. This also marks a continuation of negative momentum, with the funds completing six straight weeks of outflows, bringing cumulative net flow to $53.4 billion—down from a $63 billion peak reached in October 2025.

Key takeaways

• Galaxy Research reports $6.35B in net outflows across US spot Bitcoin ETFs over the last 30 trading days, the worst since January 2024.
• Six consecutive weeks of withdrawals have reduced cumulative ETF net flows to $53.4B, below an $63B high in October 2025.
• BlackRock’s iShares ETFs chief for US equity ETFs, Jay Jacobs, said day-to-day outflows can have multiple drivers that don’t necessarily reflect a single bearish thesis.
• Bitcoin’s spot market remains pressured by macroeconomic factors and geopolitical risk, though Jacobs argued volatility alone doesn’t change ETF issuers’ long-term positioning.

The worst 30-day outflow since launch

While spot Bitcoin ETFs have not been uniformly positive since their launch, Galaxy Research’s latest tally highlights how quickly the flow picture can worsen when sentiment turns. The firm characterized ongoing daily withdrawals as “still deepening day over day,” suggesting the recent outflows are not merely a short-lived dip.

Galaxy’s figures also frame the withdrawals against the ETFs’ earlier accumulation phase. The current cumulative net flow of $53.4 billion remains positive overall since launch, but it is now well below the $63 billion peak registered in October 2025—indicating that inflows earlier in the cycle have been partially given back.

Why ETF outflows don’t always mean “institutional exit”

Some market participants may read persistent outflows as confirmation of weakening institutional demand. However, BlackRock’s Jay Jacobs pushed back against a simplistic interpretation of daily ETF flow prints.

Speaking to Cointelegraph, Jacobs argued that outflows can result from routine reallocations rather than a broad selloff. In his view, a single day of withdrawals may reflect internal fund switching—such as investors moving exposure from one ETF to another.

“What I think is maybe sometimes misunderstood by the market is that if we see a day of outflows, there could be a million reasons why. It could be someone selling IBIT and buying BITA,” Jacobs said, referring to BlackRock’s iShares Bitcoin Premium Income ETF (BITA), which launched on Wednesday.

This distinction matters for traders and allocators trying to interpret flows as a directional signal. Galaxy Research’s data points to a negative trend over weeks, but Jacobs’ comments suggest that even during such periods, component funds within the broader Bitcoin ETF complex can experience opposite movements as investors rebalance.

Bitcoin price pressure continues alongside flow weakness

At the time of writing, Bitcoin was trading around $64,167, down 17.4% over the past month. Cointelegraph previously reported that Bitcoin has been pressured by macroeconomic factors, including increased US inflation, as well as geopolitical risk tied to the ongoing conflict between the US and Iran. Those drivers can weigh on liquidity and investor risk appetite—conditions that often affect both spot crypto demand and ETF flow behavior.

Even so, Jacobs said BlackRock does not treat BTC volatility as a reason to reconsider the asset’s longer-term role. He characterized volatility as a feature of many markets and pointed to the breadth of assets held across iShares’ ETF lineup.

“Every asset class has volatility… we have over 450 exchange-traded funds within iShares,” Jacobs said, noting that daily inflows and outflows occur across different asset categories including large-cap, small-cap, Bitcoin, and gold.

In his framing, short-term flow reversals do not necessarily change the underlying investment utility. “So we see inflows and outflows every day across a wide range of assets from large cap, small cap, Bitcoin, gold, etc. So in the short term, it’s absolutely not something that changes the way we view the asset or the utility of the asset.”

What investors should watch next

The immediate takeaway is that the ETF complex is still bleeding, with Galaxy Research pointing to deepening daily outflows and the worst trailing 30-day result since launch. The longer question is whether this pattern continues to consolidate into sustained outflow pressure—or whether it stabilizes as investors rotate between funds and as macro and geopolitical conditions evolve.

For market participants, the next milestone will be whether ETF outflows remain concentrated over multiple weeks (supporting a bearish flow narrative) or start to narrow in magnitude as rebalancing activity and sentiment shifts take hold.

US-listed spot Bitcoin exchange-traded funds recorded their largest 30-day net outflow since launching in January 2024 amid a crypto bear market.

According to data from Galaxy Research, US Bitcoin ETFs saw $6.35 billion in net outflows over a trailing 30 trading days. It also comes as they registered their sixth week of outflows last week, bringing their cumulative net flow to $53.4 billion, down from their $63 billion peak in October 2025.

Galaxy Research said the daily outflows are “still deepening day over day.” 

The outflows could reflect waning sentiment from institutional investors for Bitcoin. However, BlackRock US head of equity ETFs Jay Jacobs told Cointelegraph on Thursday that there are many other reasons why outflows occur day to day.

Source: Galaxy Research

“What I think is maybe sometimes misunderstood by the market is that if we see a day of outflows, there could be a million reasons why. It could be someone selling IBIT and buying BITA,” Jacobs said, referring to its iShares Bitcoin Premium Income ETF (BITA), which launched on Wednesday.

Bitcoin is trading at $64,167 at the time of writing, down 17.4% over the past month. The asset has been pressured by macroeconomic factors, including an increase in US inflation, along with the ongoing war between the US and Iran. 

Related: Bitcoin activity nears record highs on microtransaction surge

However, Jacobs said the volatility hasn’t impacted BlackRock’s view of Bitcoin as a global, decentralized, nonsovereign monetary alternative. 

“Every asset class has volatility… we have over 450 exchange-traded funds within iShares,” said Jacobs, referring to the family of ETFs and index mutual funds managed and marketed by BlackRock.

“So we see inflows and outflows every day across a wide range of assets from large cap, small cap, Bitcoin, gold, etc. So in the short term, it’s absolutely not something that changes the way we view the asset or the utility of the asset.”

Magazine: Bitcoin decouples from tech stocks, Ether eyes ‘selling wave’: Market Moves

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

A leading Ethereum MEV bot, Jaredfromsubway.eth, has reportedly been drained of more than $7.5 million after an attacker exploited weaknesses in the bot’s automated execution workflow. The incident highlights a critical, often underappreciated risk for MEV infrastructure: once a bot is trusted with permissions, attackers only need to trick it into granting the right approvals to move funds.

According to Blockaid, the attacker used attacker-controlled contracts to manipulate Jaredfromsubway.eth’s automated MEV execution system into issuing token approvals that were later used to drain funds. Blockaid described the event as neither a classic phishing attempt nor a straightforward smart-contract vulnerability in the bot’s victim contracts.

Key takeaways

• Blockaid attributes the theft to malicious approvals: attacker-controlled contracts induced Jaredfromsubway.eth to authorize spending before sweeping funds.
• The attack was “counter-MEV” in design, targeting the bot’s trust-minimized decision logic and execution pipeline rather than attempting to directly compromise the bot’s private keys.
• Fake token and liquidity artifacts played a central role, with the attacker deploying dozens of contracts designed to resemble major Ethereum assets and venues.
• The event reinforces systemic MEV exposure—even bots that target profitable opportunities can become liabilities if they approve the wrong spending permissions.

What Blockaid says happened

In its account of the incident, Blockaid said the attacker’s main move was to exploit how automated MEV bots operate: by monitoring activity and then executing trades based on what appear to be profitable on-chain opportunities. In this case, the “profitable” paths were set up by the attacker using contracts that behaved like bait.

Blockaid noted that the event on Saturday did not resemble a typical phishing scenario, and it was not characterized as a traditional smart-contract bug in the bot’s victim logic. Instead, the focus was on the automated execution system itself—specifically the token approval steps that enable a bot to interact with assets and helper contracts during MEV operations.

A “honeypot” aimed at the bot’s approvals

Blockaid’s chief technology officer, Raz Niv, told Cointelegraph that the attack functioned as a counter-MEV honeypot. The strategy, he explained, was to target the bot’s trust-minimized decision-making logic—the part that determines which trades to pursue and which contracts to empower.

Over several weeks, the attacker allegedly deployed 66 fake token contracts designed to imitate familiar assets such as Wrapped ETH (WETH), USDC, and USDT, pairing them with fake liquidity pools. The goal was to create the appearance of trade opportunities that automated systems like Jaredfromsubway.eth are programmed to seek.

Once the bot interacted with these counterfeit contracts, Jaredfromsubway.eth reportedly approved certain attacker-controlled helper contracts that would later be used to move real funds. As Niv put it, the bot effectively handed over “the keys” to its treasury—an important reminder that approvals can be as dangerous as vulnerabilities when automation is involved.

“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”

Why this matters beyond one wallet

MEV bots are typically described as automation that scans unconfirmed or pending activity and then reorders or manipulates transactions to extract profit. In doing so, they can impose an “invisible tax” on DeFi users—an issue that has drawn substantial research attention over the years.

Earlier Cointelegraph Research found that sandwich attacks on Ethereum caused roughly $60 million in annual losses for traders, with the analysis also reporting 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025. That same research said around 70% of those attacks were associated with Jaredfromsubway.eth.

This new development turns the spotlight from the bot’s profit extraction methods to the security assumptions that power those same operations. When an MEV system depends on automated approvals and execution pathways, attackers may not need to break cryptography or exploit a bug in victim contracts. They may only need to engineer on-chain interactions that cause the bot to authorize spending to attacker-controlled addresses.

MEV’s reach has been wider than people realize

While this reported drain is by far the most serious outcome, Cointelegraph noted another instance involving Jaredfromsubway.eth: in May, Ethereum co-founder Vitalik Buterin was sandwich attacked while swapping 26,544 DigitalBits (worth $2.11 at the time of Cointelegraph’s writing). The losses in that case were reportedly small, but it underscored that MEV bots can target even relatively modest transactions.

The broader point for market participants is that MEV activity is not limited to high-profile trades. It can reach across liquidity conditions and transaction sizes, depending on how opportunities appear to bots in real time. For users and integrators, that reality has been part of the ongoing debate around fairness, transparency, and how encrypted transaction infrastructure changes the incentives for adversaries.

It’s also a reminder that the line between attacker and victim in MEV is frequently thinner than the public narrative suggests. The same operational patterns that enable profit extraction can be subverted—particularly when bots must make rapid execution decisions and grant permissions without full guarantees about the counterparties they’re dealing with.

Going forward, investors, DeFi users, and builders should watch for two signals: whether this incident triggers wider scrutiny of how MEV bots handle approvals and “helper” contracts, and whether similar “counter-MEV honeypot” tactics appear against other automated systems. The technical details of token-approval misuse are often portable, and the next exploit may be less about one bot’s identity and more about the shared automation patterns that many MEV tools rely on.

MEV bot operator Jaredfromsubway.eth has reportedly lost more than $7.5 million after an attacker used a “counter-MEV” strategy to trick the bot into authorizing spending approvals that were later used to drain its funds. The incident, discovered on Saturday, highlights a growing security risk for automated trading systems: even bots built to exploit market opportunities can be turned against themselves.

Blockaid said the compromise stemmed from attacker-controlled contracts manipulating Jaredfromsubway.eth’s automated MEV execution logic into issuing token approvals. Those approvals—part of the bot’s normal workflow—were then leveraged to transfer assets out of the bot’s treasury.

Key takeaways

• Blockaid attributes the $7.5M+ loss to fake contracts that induced Jaredfromsubway.eth to grant token approvals used for a subsequent sweep.
• The attack was not framed as classic phishing or a flaw in the victim contract itself, but as a targeted manipulation of the bot’s automated decision-making.
• Blockaid’s technical description includes 66 counterfeit token contracts paired with fake liquidity pools to appear like profitable trades.
• The incident underscores that MEV strategies can create predictable authorization paths that attackers may try to repurpose.
• Earlier Cointelegraph Research linked Jaredfromsubway.eth with a large share of sandwich attacks, showing how high-profile MEV actors can become high-value targets.

A rare turnabout for a prominent MEV bot

MEV bots operate by monitoring unconfirmed transactions and attempting to reorder or manipulate trades to extract profit. In practice, this behavior often translates into an “invisible tax” for some DeFi users, especially during sandwich attacks—where an attacker places trades around a target transaction to capture value from price movement.

Cointelegraph Research previously estimated that sandwich attacks on Ethereum have produced around $60 million in annual losses for traders. That same research reportedly found 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025, with roughly 70% associated with Jaredfromsubway.eth. Against that backdrop, the Saturday incident is notable precisely because it shows an automated profit-seeking system can be engineered to fail in a way that benefits an adversary.

Blockaid: the exploit used approvals, not a direct “victim contract” bug

Blockaid emphasized that this was not a traditional victim-side vulnerability. In a statement on X, the company said the event was neither a classic phishing attack nor a standard smart-contract exploit of the victim contract.

According to Blockaid, the attacker exploited an aspect of how Jaredfromsubway.eth executes MEV strategies. The goal was to steer the bot’s “trust-minimized” automation—its automated, contract-driven decision logic—toward approvals that the attacker could later use to move funds.

Blockaid chief technology officer Raz Niv described the technique as a counter-MEV honeypot attack. Rather than attacking the bot’s private keys directly, the approach aimed to influence what the bot would do once it encountered transactions and on-chain artifacts that looked like opportunities aligned with its programmed objectives.

The “66 backdoors” narrative: fake tokens and liquidity pools

In a conversation with Cointelegraph, Niv said the attacker deployed fake token contracts over a period of weeks. He stated that there were 66 counterfeit token contracts designed to mimic well-known assets, including Wrapped ETH, USDC, and USDt. These fakes were paired with fake liquidity pools intended to make the ecosystem appear to offer profitable trades.

The counterfeit setup was engineered to resemble the kinds of transactions MEV bots typically chase. By presenting plausible trading conditions, the attacker “lured” Jaredfromsubway.eth into executing its normal logic—specifically, approving certain attacker-controlled helper contracts to spend funds on the bot’s behalf.

“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” Niv said.

“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”

The attack’s structure matters for investors and builders because it demonstrates a common automation pitfall: when systems rely on broad or reusable token allowances to operate efficiently, a malicious actor may focus on obtaining those allowances rather than breaking the underlying execution engine.

Why this matters for DeFi and automated trading

MEV activity is often discussed in terms of profitability and market mechanics, but the Jaredfromsubway.eth incident shifts attention to operational security. Even if a bot’s trading logic is intended to be automated and “trust-minimized,” that automation still has to interact with external contracts and grant permissions in order to operate.

The broader implication is that attackers can design environments that comply with the bot’s assumptions while quietly redirecting the outcome. In this case, the environment included fake token contracts and pools meant to look legitimate enough to trigger approvals—turning expected functionality into an exit path.

The timing and visibility of the story also add context. Earlier this year, Cointelegraph reported that Ethereum co-founder Vitalik Buterin was sandwiched by Jaredfromsubway.eth while swapping 26,544 DigitalBits, which was worth $2.11 at the time of writing. The harm in that example was reportedly minimal, but it illustrated that MEV bots may target transactions of any size. Saturday’s loss claim suggests the inverse is also true: high-profile MEV infrastructure can be targeted using the same automation pathways it uses to function.

Crypto investor and commentator David Gokhshtein reacted publicly to the news on X, framing it as a response to a bot that has benefited from sandwiching before—though he also cautioned against celebration.

What to watch next

For now, the key questions are how widespread similar approval-based counter-MEV tactics could be and whether bot operators will adjust their permissioning and contract interaction patterns to reduce exposure to authorization-driven drains. The next signal to monitor will be whether Blockaid’s described counter-MEV honeypot approach becomes a repeatable playbook—or prompts faster defensive changes across automated MEV systems.

One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years. 

According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV execution system into granting token approvals that were later used to drain funds.

“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said on X.

It’s a rare comeuppance for MEV (maximal extractable value) bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users. 

Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.

How Jaredfromsubway.eth was exploited

The attacker created fake wrapper tokens and pools, including fake Wrapped Ether (fWETH), fake USDC (fUSDC) and fake USDt (fUSDT) routes paired with fake Cap (fCAP), Blockaid explained. 

The fakes were designed to look like profitable trades, the kind the MEV bot is programmed to chase. It then did what it was designed to do, approving certain attacker-controlled helper contracts to spend real money on its behalf. 

While in normal cases, the bot would use up the approval during the trade, in this case, the attacker crafted routes that allowed the approvals to stay open. 

Once enough approvals were in place, the attacker conducted a “final sweep” to pull WETH, USDC and USDT from the Jaredfromsubway.eth MEV bot contract via transferFrom. 

“The attacker exploited the bot’s mechanism: its automated system detected what looked like profitable MEV opportunities and generated approvals to attacker-controlled helper contracts.”

“We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news,” crypto investor and commentator David Gokhshtein said.

Magazine: The end of anon? AI could unmask crypto’s hidden identities