區塊先生 🐡 ⚠️ (rock #58)
區塊先生 🐡 ⚠️ (rock #58)|Jun 21, 2026 02:12
JaredFromSubway MEV Bot Attacked! Background: JaredFromSubway is the most notorious MEV sandwich bot on Ethereum, active since 2023. It specializes in monitoring the mempool to execute sandwich attacks (front-running buys and back-running sells), profiting off users' slippage. Over the years, it has raked in tens of millions of dollars . The bot holds a massive amount of funds in its contracts to execute trades automatically, making it the "top dog" of sandwich attacks on DEXs. Attack Details: 1. **The Trap **: The attacker deployed fake wrapper tokens (fWETH, fUSDC, fUSDT) and fake liquidity pools, creating what appeared to be "highly lucrative arbitrage opportunities." 2. **The Bot Took the Bait**: The bot's program detected these "opportunities" and began preparing to execute the related transactions. 3. **Self-Authorization ✅**: To complete the transactions, the bot automatically called `approve()`, granting its WETH, USDC, and USDT to the attacker's contract as the spender. 4. **Dangling Approvals ⚠️**: During early small-scale tests, the approvals were used up, but the bot left behind large "dangling approvals" that were not revoked in time. 5. **Massive Drain **: The attacker used `transferFrom` to drain approximately 1,474 WETH + 2.87M USDC + 2M USDT in one go, worth around $7.5M–$15M. They converted it into 4,400 ETH, part of which was laundered through Tornado Cash. **Outcome**: The bot's holdings plummeted from ~$25M to $4.4M, and the community is calling it a case of "the hunter becoming the hunted" . Justice served! **Core Issue**: The bot wasn’t hacked at the contract level. Instead, its automated logic and poor approval management were exploited by the attacker. **Lesson Learned**: Even the most advanced MEV bots need to prioritize revoking approvals and managing risks! Even bots can "approve their own robbery."
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads