On June 20, 2026, the prominent Ethereum sandwich MEV bot JaredFromSubway.eth was drained of approximately 7.5 million dollars, with the operator claiming losses closer to 15 million in WETH, USDC, and USDT.
Unlike traditional exploits that rely on reentrancy, access control failures, or private key compromises, this attack cleverly abused the bot’s own autonomous opportunity detection and execution engine. The attacker fed the bot artificially profitable-looking trades over several weeks, tricking it into granting large token approvals to malicious contracts. This article delivers a technical deep dive for smart contract developers, MEV bot builders, and DeFi automation engineers.
Attack Architecture (Technical Breakdown)
The attacker executed a patient, multi-phase strategy. First, they deployed multiple fake ERC-20 tokens that closely mimicked WETH, USDC, and USDT, along with fake Uniswap-style liquidity pools engineered with manipulated price curves. They also deployed several helper contracts.
The core of the attack targeted the bot’s simulation engine. JaredFromSubway continuously scans for sandwich and arbitrage opportunities using eth_call or forked state simulations. The attacker crafted pools that consistently returned highly profitable simulation results tailored to the bot’s internal heuristics. This triggered the bot’s execution logic to generate approved transactions for the attacker-controlled contracts.
In the early phase, small approvals were consumed immediately to build trust. In later stages, the bot left large standing approvals, including one notable case of roughly 92 WETH to a helper contract at 0x4ee0…313ce. Once sufficient approvals accumulated, the attacker deployed a sweep contract that used transferFrom calls to drain funds from the bot’s operational wallets. The stolen assets were partially routed through Tornado Cash.
Critical Vulnerabilities Exposed
The primary weakness was overly permissive approval logic. Many MEV bots still grant unlimited approvals to untrusted or newly encountered contracts during opportunity execution. A common vulnerable pattern seen in such bots looks like this:
Another major issue was weak simulation validation. While the bot performed profitability simulations, it lacked sufficient on-chain verification layers to detect fake pools and suspicious contracts. The system did not properly differentiate between genuine opportunities and adversarial setups designed specifically to trigger approvals. The bot also lacked proper separation between scouting, validation, and execution phases.
Defensive Architecture Recommendations
Developers building similar systems should implement strict approval management. Instead of using unlimited approvals, always reset approvals first and grant only the exact amount required. Here is a recommended ApprovalManager pattern:
Add multi-stage validation before any approval is granted. Here is an improved execution flow in TypeScript:
Architect the bot with clear separation of concerns: scouting module (read-only), validator module (heuristics), executor module (minimal approvals), and monitoring module. Implement circuit breakers and use multisig wallets with timelocks for large funds. Prefer EIP-2612 permit signatures for time-bound approvals.
Monitoring & Recovery Mechanisms
Real-time monitoring is essential. Track all approval events using a custom subgraph or off-chain indexer and set up alerts for large approvals. The JaredFromSubway operator offered a 50% white hat bounty for the return of 2150 ETH within 48 hours. Building similar bounty mechanisms with timelocks is recommended.
Conclusion & Action Items
This incident represents a new class of attacks called Economic Simulation Attacks against autonomous on-chain agents.
Immediate checklist for MEV and automated trading bot developers:
- Audit every approved call and remove unlimited approvals.
- Introduce multi-layer validation before granting any spending permission.
- Implement proper approval tracking with automatic revocation logic.
- Separate simulation, validation, and execution modules clearly.
- Add circuit breakers and emergency pause functionality.
- Regularly test your system against adversarial pool simulations. By applying these patterns, developers can significantly reduce the risk of similar sophisticated approval exploits.
Top comments (0)