Skip to content

Here’s what happened in crypto today

Chimera readability score 68 out of 100, Academic reading level.

Source: Taiko
Crypto security firm Blockaid said a flaw in how the Taiko bridge validated source signals caused the exploit, as message proofs were accepted as valid on Ethereum without corresponding legitimate proofs on the Taiko blockchain.
“This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault,” Blockaid said.
Blockaid estimated that at least $1 million had been stolen, while Lookonchain and PeckShield suggested the value of assets stolen could be as high as $1.7 million.
A Japanese corporate pension fund comprising about 1,200 small and medium-sized businesses plans to allocate roughly 1% of its assets to cryptocurrency during fiscal year 2026.
According to Nikkei, the Nationwide Business Corporate Pension Fund, based in Okayama, will invest in a passive fund managed by an unnamed “major“ hedge fund that holds multiple crypto assets. The pension fund reportedly manages about 21.3 billion yen in assets (about $130 million).
Japanese crypto news site CoinPost reported that the pension fund is adding crypto as part of an effort to diversify its exposure. It reportedly allocates 80% of its assets to yen, 15% to US dollars and 5% to other currencies.
The move suggests crypto is beginning to gain acceptance among some of Japan’s more conservative institutional investors as the country prepares to integrate digital assets more closely with traditional finance.
One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years.
According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV (maximal extractable value) execution system bot into granting token approvals that were later used to drain funds.
“This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” Blockaid chief technology officer Raz Niv told Cointelegraph.
It’s a rare setback for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users.
Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.
More on the subject

Facts Only

* Crypto security firm Blockaid identified a flaw in how the Taiko bridge validated source signals that caused an exploit.
* The exploit allowed attackers to register and retrieve fraudulent bridge messages.
* This resulted in unauthorized asset releases from an ERC20 vault.
* Blockaid estimated at least $1 million was stolen; Lookonchain and PeckShield suggested losses could reach $1.7 million.
* Attacker-controlled contracts tricked the automated MEV execution system of Jaredfromsubway.eth into granting token approvals.
* The exploit involved accepting message proofs on Ethereum without corresponding legitimate proofs on the Taiko blockchain.
* A Japanese corporate pension fund plans to allocate approximately 1% of its assets to cryptocurrency in fiscal year 2026.
* The pension fund reportedly manages about 21.3 billion yen in assets (about $130 million).
* The MEV bot Jaredfromsubway.eth was drained for more than $7.5 million.

Executive Summary

A security flaw in the Taiko bridge allowed an attacker to validate fraudulent source signals, enabling unauthorized asset releases from an ERC20 vault. This exploit led to at least $1 million being stolen, with estimates suggesting losses could reach $1.7 million according to Lookonchain and PeckShield. The incident involved attacker-controlled contracts tricking the automated MEV execution system of the Jaredfromsubway.eth bot into granting token approvals. The vulnerability stemmed from message proofs being accepted on Ethereum without corresponding legitimate proofs on the Taiko blockchain, which allowed attackers to register and retrieve fraudulent bridge messages. Separately, a Japanese corporate pension fund is considering allocating roughly 1% of its assets to cryptocurrency by fiscal year 2026, signaling growing institutional acceptance of digital assets in Japan.

Full Take

The incident demonstrates a critical failure at the intersection of trust-minimized DeFi protocols and automated execution systems. The core issue is not just a technical bug, but a systemic vulnerability where the trust layer (the Taiko bridge) failed to enforce legitimate proof validity across disparate chains, enabling sophisticated manipulation of smart contracts designed for automated decision-making. This suggests that "trustless" architectures can be compromised if the underlying source validation mechanisms are flawed, allowing counter-MEV attacks to redefine the rules of asset movement. The involvement of MEV bots highlights how automated systems—intended to maximize efficiency and profit—become powerful targets when their trust assumptions are exploited, turning autonomous logic into an exploitable vector. Furthermore, the shift in institutional investment patterns indicates that as traditional finance (pension funds) engages with decentralized assets, regulatory and security scrutiny must evolve beyond simple token mechanics to encompass the integrity of cross-chain validation mechanisms and automated protocol governance.
Patterns detected: ARC-0043 Motte-and-Bailey, ARC-0024 Ambiguity, ARC-0012 Jargon as Smokescreen

Sentinel — Human

Confidence

The article exhibits the structure and sourcing complexity typical of human-authored financial reporting, successfully integrating technical details with economic context.

Signals Detected
low severity: Moderate sentence length variance and natural flow; avoids the highly uniform rhythm often seen in pure LLM output.
low severity: Coherent framing that blends technical details (MEV, bridges) with macro-economic implications (institutional crypto adoption), suggesting a human narrative structure.
low severity: Effective use of multiple, specific attributions (Blockaid, Lookonchain, PeckShield, Nikkei, CoinPost) and precise statistical references ($1.7M, $60M losses, dates), indicating reliance on verifiable news sources.
low severity: Specific, non-generic claims (e.g., linking the MEV bot to a specific attack type and citing previous research findings) suggest integration of detailed, verifiable reports rather than pure fabrication.
Human Indicators
The text successfully weaves together disparate threads (blockchain exploits, institutional finance, MEV bot mechanics) using attributed sources specific to the crypto and financial news landscape. The flow is characteristic of professional investigative reporting.
The precise citation of past research findings ($60 million in annual losses, 60,000 sandwich attacks per month) indicates reference to external, sourced data rather than internally generated statistics.