Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap

An attacker drained roughly $7.5 million from the JaredFromSubway MEV bot, one of Ethereum’s most active sandwich-attack systems, after tricking it into approving token spending it never should have granted.

Security firm Blockaid, which flagged the incident, said the bot was not hit by a smart-contract bug, a phishing attack, or a private-key leak. Instead, the attacker turned the bot’s own profit-seeking logic against it.

How the MEV Bot was Tricked

The JaredFromSubway MEV bot runs an automated strategy that scans Ethereum’s mempool for profitable trades. The practice is known as maximal extractable value.

The bot front-runs and back-runs other trades to capture the price difference, a tactic called a sandwich attack.

It became infamous in April 2023. In one day, it burned over $1 million in gas, nearly 8% of all Ethereum gas spending.

The attacker spent weeks deploying 66 counterfeit token contracts. The fakes imitated Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).

To the bot, these contracts looked like the routes it was built to chase. It took the bait and approved spending to attacker-controlled helper contracts. One approval alone handed over more than 92 WETH.

A final contract then used those open allowances to sweep real funds from the bot.

A Reverse-MEV Trap

The trap turned the bot’s speed and aggression into a weakness. Hunting MEV bots is not new. In 2023, a rogue validator drained about $25 million from MEV sandwich bots.

“attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds,” Blockaid indicated.

Sandwich attacks like these have long drawn criticism for acting as an invisible tax on everyday traders.

The bot’s operator put the loss closer to $15 million. They also offered a $1 million bounty for the return of the funds. Blockaid and PeckShield valued the on-chain drain at about $7.5 million in WETH, USDC, and USDT.

The operator recovering anything may now depend on the attacker accepting that offer.

The post Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap appeared first on BeInCrypto.

Source link