An automated trading program on Ethereum known as Jaredfromsubway.eth has lost more than $7.5 million in digital assets after falling victim to a sophisticated phishing scheme that exploited token approval mechanics rather than private key access or code vulnerabilities.
Blockchain data shows the wallet was drained on June 21, with assets including WETH and USDC transferred out through malicious contracts. Following the incident, the wallet owner offered a 50% bounty on the stolen 2,150 ETH if returned within 48 hours, warning that legal action would otherwise follow.
How the attack worked
The breach was carried out over several weeks through a carefully staged deception designed to manipulate the bot’s automated trading logic. The attacker deployed 66 counterfeit token contracts mimicking well-known assets such as WETH, USDC, and USDT, then paired them with fake liquidity pools to create seemingly profitable trading opportunities.
The trading program, designed to execute sandwich trades by quickly identifying profitable routes, interacted with these pools and granted token approvals to the malicious contracts. These approvals allowed the attacker to later transfer funds without triggering typical security alarms.
Rather than exploiting a flaw in code, the attacker exploited how the system evaluated profitability and trust. Early transactions behaved normally, reinforcing legitimacy before larger withdrawals were executed while approvals remained active.
Why token approvals are a critical risk
The incident has renewed attention on Ethereum’s ERC-20 token approval system, which allows smart contracts to move tokens on behalf of a wallet after permission is granted.
These permissions often remain active indefinitely unless manually revoked. In many cases, systems grant large or unlimited allowances to save time and transaction costs, creating a persistent risk if the approved contract later turns out to be malicious or compromised.
Security analysts note that automated trading strategies are particularly exposed because they prioritize speed and may skip deeper validation checks, making them vulnerable to convincing but fake liquidity environments.
Growing security concerns across crypto markets
The case highlights a broader issue across cryptocurrency markets, where approval-based exploits continue to rise. Global losses from crypto-related fraud were estimated at $17 billion in 2025, with more than $11 billion reported to the FBI’s Internet Crime Complaint Center.
Experts stress that controlling a wallet involves more than safeguarding private keys. Active approvals can effectively grant operational control of funds, making them an equally important attack surface.
Steps being taken to reduce risk
Security professionals recommend limiting approvals to only what is necessary, separating operational wallets from long-term storage, and routinely reviewing and revoking unused permissions using decentralized tools.
Basic precautions still matter, including sending small test transactions before committing larger amounts and isolating funds used for active trading from those held in cold storage.
Wallet developers are also working to improve transparency around transaction signing. New approaches aim to present permission data in human-readable formats so traders can clearly understand what they are authorizing.
One emerging solution is the ERC-7730 “Clear Signing” standard, which seeks to align what users see during approval with what actually happens on-chain. The initiative is gaining traction among major platforms such as Uniswap, Aave, and Circle.
A reminder for automated systems
The Ethereum incident demonstrates that even fully automated systems are not immune to manipulation when operating in deceptive environments. The attack did not rely on breaking security controls but on exploiting overlooked permissions that remained active after their intended use.
It underscores a persistent risk in decentralized finance: approvals granted today can become vulnerabilities tomorrow if left unchecked.
Want to better protect your assets from phishing schemes? Learn key safeguards in this crypto safety guide today.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
