
jaredfromsubway.eth lost $15M in an MEV logic trick. Aztec, Labubu, Taiko, and Namada added $4M more. The attacks target operational flaws, not just code bugs.
Alpha Score of 65 reflects moderate overall profile with strong momentum, strong value, weak quality, moderate sentiment.
Attackers stole $19 million from five crypto projects over the past seven days. The largest single hit targeted jaredfromsubway.eth, one of Ethereum's biggest MEV operators, which lost about $15 million.
The attack did not exploit a typical smart contract bug. The attacker created fake wrapped assets and fed them into liquidity pools to trick the MEV bot into approving a fake sandwich trade. Once the bot authorized the transaction, the attacker drained its funds. The method targeted the bot's automated trading logic, not the underlying protocol code.
Aztec suffered two distinct exploits in three days. The first involved a mismatch between transaction counts and committed rollup data. The second hit the Private Rollup Bridge, stealing about $2.5 million through a flaw in the escape hatch mechanism. The consecutive incidents show where vulnerabilities appear at the intersection of on-chain and off-chain verification.
On the BNB Chain, Labubu lost about $1.15 million after a suspicious token parameter modification created severe pool imbalances. The exploit followed an ownership change. Some analysts suspect insider involvement, though no direct evidence has emerged.
Taiko disclosed a hack that compromised its chain-state verification system, costing roughly $1 million. The project told users to withdraw from affected bridges immediately. Namada, a privacy-focused blockchain, lost about $600,000 from its MASP infrastructure through a vulnerability in shielded-transaction handling.
These incidents share a common thread. Attackers are moving beyond simple coding errors. They target operational assumptions and automated logic. The jaredfromsubway.eth exploit did not break a smart contract. It abused how the bot interpreted market signals. Aztec's problems emerged from the handoff between rollup layers. Labubu's exploit depended on a governance parameter change.
The total of $19 million is not huge by crypto standards. The speed and variety matter more. Five different projects in one week, each with a distinct attack vector, suggests attackers are probing weak points across the DeFi stack. Defenders now have to guard not only contract code but also the systems that depend on it.
For traders, the immediate risk concentrates in projects that rely on complex MEV infrastructure or multi-layer verification. Withdrawals from affected bridges like Taiko's may spread if other protocols pause operations. Security due diligence now requires operational stress tests on automated trading systems and governance mechanisms, not just code audits.
For a broader look at how these events affect market structure, see our crypto market analysis.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.