On June 20, an attacker used a series of contracts to cause the bot to grant token approvals that were later used to drain 4,427 ETH ($7.7 million). Some of the funds were then laundered through Tornado Cash.
Highly active MEV bot known as jaredfromsubway.eth drained for $7.7 million
On blockchains like Ethereum, a strategy known as "MEV" (short for "maximal extractable value") allows intermediaries to profit from manipulating the structure of blocks added to the chain — often reordering or "sandwiching" transactions in ways that extract profits. Automated software known as MEV bots make a business out of this strategy, and one of the most active is a bot called jaredfromsubway.eth — likely so named after one-time Subway spokesman and convicted sex offender Jared Fogle because of its strategy of "sandwiching" transactions by placing trades on both sides, causing the original trader to pay more.
Aztec Connect hacked for a second time in less than a week
Three days after Aztec Labs' deprecated Aztec Connect blockchain bridge was exploited for $2.1 million, the project has been hacked again for the same amount. Aztec Labs confirmed the second exploit, again trying to emphasize that the code was deprecated four years ago.
The hacks are part of a spate of exploits targeting legacy smart contracts belonging to projects including Raydium and DxSale. Although some projects have developed techniques to circumvent the immutable nature of blockchains and allow smart contracts to be upgraded or retired, many legacy contracts cannot be changed or shut down, leaving them vulnerable to attack indefinitely.
Deprecated project Aztec Connect exploited for $2.1 million
Aztec Connect, an abandoned defi privacy bridge from Aztec Labs, was drained of $2.1 million after an attacker exploited a bug in the project's smart contracts. Although the project was deprecated three years ago, funds remained in the legacy system. "Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us," the project posted on social media.
The theft is only the latest in a string of attacks targeting vulnerable legacy smart contracts, many of which cannot be deleted, paused, or changed due to blockchains' immutable nature. Raydium and DxSale are two other platforms that have recently suffered losses due to old, insecure code.
Raydium users lose $1.34 million after legacy smart contract exploited
An attacker exploited a legacy smart contract that had been used by the Raydium Solana DEX before it was deprecated in 2021. Though the contract was unused, there were still funds in the liquidity pools affected by the vulnerable contract. Using fake LP tokens, the exploiter was able to trick an old smart contract with insufficient validation into allowing them to withdraw assets.
Raydium has said it will compensate users who lost funds in the exploit.
RetoSwap users lose $2.7 million to Haveno vulnerability
The RetoSwap decentralized exchange for trading the Monero privacycoin was exploited after an attacker exploited a vulnerability in the Haveno Monero exchange protocol used by the project. Users lost an estimated $2.7 million when their transactions were routed to the attacker's wallet.
Because Monero is a privacycoin, a type of cryptocurrency that obscures transaction details including sender and receiver wallets, it is not feasible to trace the stolen assets.
THORchain exploited for $10.8 million
The THORchain cross-chain liquidity protocol was exploited for around $10.8 million across several blockchains: Bitcoin, Ethereum, BNB Chain, and Base. The protocol paused trading after observing the suspicious transactions. News of the hack caused the protocol's RUNE token to drop in price by more than 10%.
Transit Finance hacked for $1.88 million
Transit Finance was exploited for $1.88 million after an attacker exploited a "legacy contract" on the TRON blockchain that the project said was deprecated in 2022. "Historical vulnerabilities within it" were exploited, the project explained, allowing the attacker to steal $1.88 million.
Transit was previously exploited in 2022 for $21 million, although around 70% of the stolen assets were later returned.
TrustedVolumes suffers $6.7 million exploit
TrustedVolumes, a resolver and market maker used by 1inch and other defi platforms, suffered a $6.7 million exploit after an attacker was able to steal funds without proper validation. The thief then swapped the stolen wETH, USDT, wBTC, and USDC through ChangeNow and converted them to ETH to evade freezes.
Blockchain research firm Blockaid has linked the attacker to a similar exploit in March 2025 that saw $5 million drained from 1inch. This time, 1inch has asserted that although they use TrustedVolumes as a resolver, the exploit did not involve any of their systems.
Ekubo exploited for $1.4 million
The Ekubo automated market maker infrastructure project experienced a $1.4 million theft after attackers were able to take advantage of a smart contract that improperly verified permissions. They stole 17 wBTC ($1.4 million), which they swapped for ETH and laundered via Tornado Cash.
Wasabi Protocol exploited for more than $5 million
The Wasabi Protocol defi derivatives platform has been exploited for more than $5 million across multiple blockchains. The attack has been attributed by blockchain security firms to a compromised admin key, which allowed the attacker to upgrade contracts to steal assets.