Today in crypto, one of Ethereum’s most notorious MEV bots, Jaredfromsubway.eth, was exploited for more than $7.5 million, while Taiko urged withdrawals after a $1.7 million exploit. Meanwhile, a Japanese corporate pension fund is reportedly planning to allocate 1% of its assets to crypto.
Taiko urges withdrawals as bridge exploit drains $1.7 million
Ethereum layer-2 blockchain Taiko urged its users on Monday to withdraw assets from the network’s bridges after an exploit on one of its bridge protocols saw attackers make off with $1.7 million.
Taiko said it had confirmed a compromise of its “chain state verification mechanism,” adding that the security “of all bridges deployed on Taiko can no longer be relied upon” and urged users to “withdraw their funds from all bridges deployed on Taiko immediately.”
Source: Taiko
Crypto security firm Blockaid said a flaw in how the Taiko bridge validated source signals caused the exploit, as message proofs were accepted as valid on Ethereum without corresponding legitimate proofs on the Taiko blockchain.
“This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault,” Blockaid said.
Blockaid estimated that at least $1 million had been stolen, while Lookonchain and PeckShield suggested the value of assets stolen could be as high as $1.7 million.
Japanese corporate pension fund plans 1% crypto allocation: Nikkei
A Japanese corporate pension fund comprising about 1,200 small and medium-sized businesses plans to allocate roughly 1% of its assets to cryptocurrency during fiscal year 2026.
According to Nikkei, the Nationwide Business Corporate Pension Fund, based in Okayama, will invest in a passive fund managed by an unnamed “major“ hedge fund that holds multiple crypto assets. The pension fund reportedly manages about 21.3 billion yen in assets (about $130 million).
Japanese crypto news site CoinPost reported that the pension fund is adding crypto as part of an effort to diversify its exposure. It reportedly allocates 80% of its assets to yen, 15% to US dollars and 5% to other currencies.
The move suggests crypto is beginning to gain acceptance among some of Japan’s more conservative institutional investors as the country prepares to integrate digital assets more closely with traditional finance.
Notorious MEV bot Jaredfromsubway.eth exploited for $7.5 million
One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years.
According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV (maximal extractable value) execution system bot into granting token approvals that were later used to drain funds.
“This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” Blockaid chief technology officer Raz Niv told Cointelegraph.
It’s a rare setback for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users.
Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.
GIPHY App Key not set. Please check settings