Top Highlights
- The attacker exploited the Jaredfromsubway MEV bot by creating fake tokens and liquidity pools, gaining open approvals, then draining millions of dollars.
- Despite bounty offers and negotiations, the attacker moved 2,000 ETH through Tornado Cash and sold 1,422 ETH for $2.4M, leaving only 5 ETH in their wallet.
- The bot’s operator offered increasing rewards (up to $3M) for the return of stolen funds, but the attacker seems uninterested in negotiations.
- Ongoing efforts include negotiations with a purported white-hat group and proposals to encrypt transaction mempools to prevent similar exploits.
Jaredfromsubway Hacker Ignores 50% Bounty, Routes Funds to Tornado Cash
Hacker Moves Funds Despite Bounty Offer
The hacker behind the Ethereum MEV bot exploit recently transferred a large amount of stolen funds. According to blockchain analysis, they moved about 2,000 ETH, valued at roughly $3.4 million, through Tornado Cash. Despite a public offer to return half of the stolen money for a bounty, the attacker did not respond to these offers. Instead, they acted on their own, selling 1,422 ETH for around $2.4 million in DAI. Only about 5 ETH remained in their wallet, indicating most funds have been moved or cashed out. This behavior suggests that the hacker may have little interest in negotiations or accepting rewards, even with incentives in place. The incident shows how a threat actor can ignore outreach and pursue their own objectives.
Details of the Exploit and Response
The exploit happened on June 20, according to security firm Peckshield. The attacker used fake tokens, including fWETH, fUSDC, and fUSDT, to trick the MEV bot. They created fake liquidity pools, making the system believe there were profitable opportunities. The bot’s automated system approved certain contracts, giving the attacker access to funds over time. When the hacker saw the moment to act, they used saved approvals to transfer tokens directly from the Jaredfromsubway contract. The bot’s owner initially offered a $1 million reward, later increasing it to $3 million, hoping to recover the stolen money. However, the attacker moved most funds to Tornado Cash and sold large amounts for profit, leaving only minimal ETH in their wallet. As of now, reports indicate ongoing negotiations with a white-hat group, though nothing has been confirmed.
Continue Your Tech Journey
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
Disclaimer
This content is for informational and entertainment purposes only and does not constitute financial or investment advice. Cryptocurrency is highly speculative and carries significant risk, including the potential loss of your entire investment. This information may be outdated or incomplete. Do not make financial decisions based on this information. Consult a licensed financial advisor before investing. This site does not offer, sell, or advise on cryptocurrency, securities or other regulated financial products in compliance with SEC and applicable laws. Please do your own research and seek professional advise.
CryptoV1
