The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities.

The drain was detected on Saturday by blockchain security firm Blockaid, and today, JaredFromSubway confirmed that the attacker used fake pools and tokens to trick the bot into approving helper contracts.

According to Blockaid, the attacker deployed contracts designed to appear as profitable MEV opportunities to JaredFromSubway’s automated execution system.

The bot automatically analyzed routes and trade opportunities that seemed financially rewarding. It then generated the transactions needed to execute them,…