Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap
An attacker drained roughly $7.5 million from the JaredFromSubway MEV bot, considered one of Ethereum’s most lively sandwich-attack methods, after tricking it into approving token spending it by no means ought to have granted.
Security agency Blockaid, which flagged the incident, stated the bot was not hit by a smart-contract bug, a phishing assault, or a private-key leak. Instead, the attacker turned the bot’s personal profit-seeking logic towards it.
How the MEV Bot was Tricked
The JaredFromSubway MEV bot runs an automatic technique that scans Ethereum’s mempool for worthwhile trades. The apply is called maximal extractable value.
The bot front-runs and back-runs different trades to seize the worth distinction, a tactic referred to as a sandwich assault.
It grew to become notorious in April 2023. In at some point, it burned over $1 million in gasoline, almost 8% of all Ethereum gas spending.
The attacker spent weeks deploying 66 counterfeit token contracts. The fakes imitated Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).
To the bot, these contracts appeared just like the routes it was constructed to chase. It took the bait and authorized spending to attacker-controlled helper contracts. One approval alone handed over greater than 92 WETH.
A last contract then used these open allowances to sweep actual funds from the bot.
A Reverse-MEV Trap
The lure turned the bot’s velocity and aggression right into a weak spot. Hunting MEV bots is just not new. In 2023, a rogue validator drained about $25 million from MEV sandwich bots.
“attacker-controlled contracts tricking an automatic MEV execution system into granting token approvals, later used to empty funds,” Blockaid indicated.
Sandwich assaults like these have lengthy drawn criticism for appearing as an invisible tax on on a regular basis merchants.
The bot’s operator put the loss nearer to $15 million. They additionally provided a $1 million bounty for the return of the funds. Blockaid and PeckShield valued the on-chain drain at about $7.5 million in WETH, USDC, and USDT.
The operator recovering something could now rely upon the attacker accepting that supply.
The submit Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap appeared first on BeInCrypto.
