Security firm Blockaid identified the breach as a calculated manipulation of the bot’s execution flow rather than a traditional smart-contract bug. The attackers deployed 66 fake token contracts mimicking legitimate assets, paired with synthetic liquidity pools designed to appear as profitable MEV opportunities. When the bot engaged with these routes, it granted spending permissions that the attackers later exploited to siphon funds directly from the contract.
The scale of the loss remains a point of contention. While Blockaid’s on-chain analysis places the theft at approximately $7.5 million, the pseudonymous operator behind JaredFromSubway claimed a significantly higher loss of $15 million. The operator has since issued a $1 million bounty for the return of the assets, though no recovery has been confirmed. Etherscan data confirms the movement of funds from the bot’s address to an attacker-controlled wallet starting with 0x3e37, highlighting the risks inherent in rapid, automated trade execution.
Comments (0)
No comments yet. Be the first!