HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

MEV Bot Hacked, $15 Million Stolen via Fake Trading Opportunities

The JaredFromSubway Ethereum MEV bot lost about $15 M after an attacker used fabricated pools to trick the bot into granting token approvals to malicious contracts. The theft highlights gaps in access‑control and automated permission processes that SOC 2 compliance programs must monitor and evidence.

LiveThreat™ Intelligence · 📅 June 23, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
bleepingcomputer.com

MEV Bot Hacked, $15 Million Stolen via Fake Trading Opportunities

What Happened — The JaredFromSubway Ethereum MEV bot lost roughly $15 million after an attacker injected fabricated trading pools and tokens, tricking the bot into granting ERC‑20 token approvals to malicious helper contracts. The bot’s automated logic then transferred WETH, USDC and USDT out of its contract via the transferFrom function.

Why It Matters for Compliance & Audit Readiness

  • Shows a breakdown in logical‑access and change‑management controls that SOC 2 requires to be documented, monitored, and evidenced.
  • Underscores the need for continuous control monitoring of automated permission‑granting mechanisms, aligning with CC6.1 (Logical Access) and CC6.2 (System Operations) criteria.
  • Illustrates why a control‑mapping framework and immutable audit logs are essential evidence during a SOC 2 audit. (Relevant Verisq capability: CONTROL_MAPPING)

Who Is Affected — Crypto‑exchange operators, DeFi protocol developers, fintech firms that rely on automated trading bots, and any organization exposing smart‑contract APIs.

Recommended Actions

  • Map the bot’s approval workflow to SOC 2 logical‑access controls and enforce least‑privilege principles.
  • Implement immutable logging of all contract‑approval events and integrate them into a continuous‑compliance monitoring platform.
  • Conduct a formal control‑gap assessment and remediate the approval logic before the next audit cycle. Source: https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/

Technical Notes — The attacker leveraged fabricated liquidity pools and ERC‑20 token contracts to manipulate the bot’s opportunity‑detection algorithm, resulting in unauthorized approve calls and subsequent transferFrom withdrawals. No public CVE; the vulnerability resides in business‑logic and contract‑level permission design. Source: https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/

📰 Original Source
https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →