Monitored by Woofun AI, the Ethereum-based MEV bot operated by JaredFromSubway suffered a significant breach resulting in the loss of approximately $7.5 million in digital assets. The attack vector involved the creation of deceptive token wrappers and liquidity pools designed to manipulate the bot's automated execution system, thereby granting the perpetrators unauthorized control over specific contract permissions.

Rather than exploiting a vulnerability within the smart contract code itself or relying on traditional phishing tactics, the attackers leveraged inherent flaws in the bot's mechanism for identifying arbitrage opportunities. By securing these permissions, they executed transferFrom functions to drain holdings of WETH, USDC, and USDT directly from the bot's wallet, highlighting critical risks in automated permission management.