Recently, a significant incident shook the cryptocurrency world. A trading bot on Ethereum, known as JaredFromSubway, fell victim to a cleverly orchestrated scam that cost its operator around 13.5 million euros (15 million dollars). This situation highlights not only the vulnerabilities of automated trading systems but also the inherent risks in the cryptocurrency sector.
A crypto trading robot stolen for 13.5 million euros
The bot JaredFromSubway was known for its aggressive arbitrage methods, exploiting pending transactions in Ethereum’s mempool to capitalize on price fluctuations. By using proven techniques, such as the sandwich, it managed to generate substantial profits by acting before and after targeted transactions. However, its execution speed, which was supposed to be its main asset, turned out to be its fatal weakness.
The attacker’s exploitation methods
According to an analysis by the security firm Blockaid, the attack against JaredFromSubway was meticulously planned. Initially, the attacker submitted harmless transactions to observe how the bot operated, without mobilizing any funds. This allowed for an examination of how the bot validated opportunities and what types of contracts it approved.
Creation of fake tokens and pools
Once this reconnaissance work was done, the attacker set up fake tokens and liquidity pools that resembled real MEV opportunities sufficiently to deceive the bot. By validating these fake contracts, JaredFromSubway granted the attacker spending permissions, thereby allowing them to siphon off funds without raising immediate suspicion.
The consequences of the attack
In total, JaredFromSubway‘s contract was drained of a staggering 13.5 million euros, equivalent to assets such as WETH, USDC, and USDT. The bot’s operator, realizing the extent of the loss, offered a recovery bounty initially set at around 2.7 million euros, which was later increased to 6.8 million euros. Despite these efforts, no response was received from the attacker.
The implications for the security of MEV bots
This type of incident raises serious questions about the security of MEV bots. Although extremely advanced technologically, these tools remain exposed to attacks that target how they operate rather than classic software vulnerabilities. When systems are designed to trust market signals blindly, they become vulnerable to carefully orchestrated manipulations.
Ongoing discussions about the ethics of recovery
While the incident revealed gaps in security systems, it also highlighted a more complex dynamic: the fact that the operator, who had accumulated millions by “stealing” from other users in the past, is now trying to recover their funds through a bounty. Negotiations are ongoing with parties claiming to be ethical hackers, but so far, no solution has been found.
Conclusion on the risks of the sector
This drama underscores not only the vulnerabilities of automated trading systems in crypto but also the broader challenges facing the sector. The inherent risks of using trading robots highlight the importance of increased vigilance and a deep understanding of the tools and mechanisms at play in the cryptocurrency ecosystem. To learn more about investing in cryptocurrencies, you can refer to this comprehensive guide.
