MEV Bot Hacked, $15 Million Stolen via Fake Trading Opportunities
What Happened — The JaredFromSubway Ethereum MEV bot lost roughly $15 million after an attacker injected fabricated trading pools and tokens, tricking the bot into granting ERC‑20 token approvals to malicious helper contracts. The bot’s automated logic then transferred WETH, USDC and USDT out of its contract via the transferFrom function.
Why It Matters for Compliance & Audit Readiness —
- Shows a breakdown in logical‑access and change‑management controls that SOC 2 requires to be documented, monitored, and evidenced.
- Underscores the need for continuous control monitoring of automated permission‑granting mechanisms, aligning with CC6.1 (Logical Access) and CC6.2 (System Operations) criteria.
- Illustrates why a control‑mapping framework and immutable audit logs are essential evidence during a SOC 2 audit. (Relevant Verisq capability: CONTROL_MAPPING)
Who Is Affected — Crypto‑exchange operators, DeFi protocol developers, fintech firms that rely on automated trading bots, and any organization exposing smart‑contract APIs.
Recommended Actions —
- Map the bot’s approval workflow to SOC 2 logical‑access controls and enforce least‑privilege principles.
- Implement immutable logging of all contract‑approval events and integrate them into a continuous‑compliance monitoring platform.
- Conduct a formal control‑gap assessment and remediate the approval logic before the next audit cycle. Source: https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/
Technical Notes — The attacker leveraged fabricated liquidity pools and ERC‑20 token contracts to manipulate the bot’s opportunity‑detection algorithm, resulting in unauthorized approve calls and subsequent transferFrom withdrawals. No public CVE; the vulnerability resides in business‑logic and contract‑level permission design. Source: https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/