Ethereum MEV bot loses $7.5 million in allowance drain

Kiswahili

Jaredfromsubway.eth, a prominent Ethereum MEV bot, lost more than $7.5 million after approving attacker-controlled contracts that enabled an allowance drain. The incident occurred through a series of fake trading routes set up over several weeks. Security firm Blockaid identified the exploit as targeting the bot's automated approval logic rather than private keys or protocol flaws.

The bot, active since 2023 and responsible for roughly 70 percent of Ethereum sandwich attacks, approved transactions that appeared profitable. These approvals allowed the attacker to later transfer wrapped Ether, USDC, and USDT from associated contracts.

On-chain records show transfers of about 92 WETH, $143,000 in USDC, and $149,000 in USDT to an attacker-controlled address. Some funds were routed through Tornado Cash. Yearn Finance developer Banteg described the operation as an allowance drain executed via a coordinating contract.

The attack exploited ERC-20 permissions that remained active after initial test transactions. Blockaid noted that the setup involved imitation tokens and liquidity pools mimicking real markets.

Sandwich attacks linked to the bot have imposed an estimated $60 million in annual costs on Ethereum traders. The bot accounted for 7 percent of total gas usage on the network in a recent 24-hour period.

Makala yanayohusiana

Illustration of a hacked Polymarket wallet showing $520,000 being drained on the Polygon blockchain.
Picha iliyoundwa na AI

Polymarket internal wallet drained of over $500,000

Imeripotiwa na AI Picha iliyoundwa na AI

A private key compromise led to a drain of more than $520,000 from a Polymarket-linked wallet on the Polygon blockchain on May 22. The prediction market platform confirmed that user funds and core contracts remained unaffected.

DeFi losses fall 80 percent but multi-chain bugs emerge

Decentralized finance recorded far fewer losses in recent years, according to new industry data. Total incidents dropped from $2.62 billion in 2022 to $534 million in 2024. A single November 2025 exploit across six networks illustrated the remaining threat.

Echo protocol hit by 76 million dollar admin key exploit

Imeripotiwa na AI

Echo Protocol, a Bitcoin DeFi platform, reported a hack that allowed unauthorized minting of $76 million in eBTC on its Monad deployment. The exploit stemmed from a compromised admin key. Some funds were traced to Tornado Cash, with 955 eBTC still held by the attacker.

Crypto

Ethereum proposal could redirect up to 10% of staking rewards

Crypto

Thorchain halts trading after suspected 10 million exploit

Crypto

Judge allows Arbitrum DAO to transfer $71 million in ETH to Aave

$292 million Kelp DAO exploit exposes DeFi vulnerabilities

A $292 million exploit on Kelp DAO has shaken decentralized finance (DeFi) lending markets, prompting industry insiders to call for stronger security measures. Despite the setback, experts view it as a temporary hurdle rather than a barrier to institutional adoption. Wall Street firms continue advancing into onchain finance amid the fallout.

North Korean hackers steal $6 billion in crypto since 2017

Imeripotiwa na AI

North Korean state-backed hackers have stolen more than $6 billion in cryptocurrency since 2017, accounting for 76% of all crypto hack losses in 2026. The groups, including Lazarus and DPRK, drained $577 million from DeFi platforms in April alone. TRM Labs highlighted a shift to sophisticated tactics, including in-person social engineering.

Bitcoin and ethereum etf outflows accelerate amid altcoin rotation

Institutional investors pulled nearly $2.7 billion from spot Bitcoin and Ethereum exchange-traded funds over the past two weeks. The outflows coincided with inflows into newer single-asset funds tracking Hyperliquid’s HYPE token, XRP, and Solana.

Kelp blames LayerZero for approving $292 million hack setup

Imeripotiwa na AI

Kelp DAO has accused LayerZero personnel of approving the 1-of-1 verifier setup blamed for a $292 million exploit on its rsETH bridge. The protocol plans to migrate from LayerZero's OFT standard to Chainlink's CCIP. The hack has been linked to North Korea's Lazarus Group.

Jumatatu, 22. Mwezi wa sita 2026, 16:04:19

Taiko halts Ethereum layer-2 after bridge exploit

Jumanne, 9. Mwezi wa sita 2026, 05:16:17

Humanity Protocol loses $36 million in laptop key breach

Jumatatu, 8. Mwezi wa sita 2026, 10:38:11

MetaMask launches self-custodial AI agent wallet

Jumapili, 7. Mwezi wa sita 2026, 14:01:53

Ethereum tests $1,500 level amid ETF outflows

Jumatatu, 1. Mwezi wa sita 2026, 06:33:11

Whitehat unlocks 1003 ETH from 2016 HongCoin ICO

Jumapili, 24. Mwezi wa tano 2026, 23:03:04

Ethereum tests neutrality model amid selloff and foundation exits

Jumamosi, 16. Mwezi wa tano 2026, 17:25:48

Thorchain opens refund portal after $10 million exploit

Jumamosi, 9. Mwezi wa tano 2026, 18:48:20

LayerZero admits mistake in $292 million Kelp exploit

Jumanne, 5. Mwezi wa tano 2026, 15:01:02

Drift Protocol unveils recovery plan after $295 million hack

Jumatatu, 4. Mwezi wa tano 2026, 03:24:17

Aave fights to unfreeze $71 million amid Kelp DAO hack court battle

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa