Key Takeaways
- Over $7.5 million was stolen from MEV bot Jaredfromsubway.eth in a weekend attack
- The perpetrator created 66 fraudulent token contracts across multiple weeks to bait the bot
- The automated system was exploited into granting spending permissions to malicious contracts
- Blockchain security company Blockaid labeled it a “counter-MEV honeypot attack”
- Portions of the drained assets have been transferred to Tornado Cash
A prominent cryptocurrency bot has fallen victim to its own tactics. Jaredfromsubway.eth, an automated system that generated substantial profits by front-running traders, lost over $7.5 million in assets this past Saturday.
Blockchain security company Blockaid verified the incident.
Anatomy of the Exploit
The perpetrator executed a patient, calculated strategy spanning multiple weeks. They created 66 counterfeit token contracts mimicking legitimate assets like Wrapped ETH, USDC, and USDT. These tokens were matched with deceptive liquidity pools engineered to appear as lucrative trading opportunities.
The bot functioned according to its programming. It identified what appeared to be a profitable arbitrage opportunity and granted approval for specific contracts to access its treasury.
This approval mechanism proved fatal. In one coordinated transaction, all 66 malicious backdoors activated simultaneously, draining the bot’s holdings across ETH, USDC, and USDT.
“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” said Blockaid CTO Raz Niv.
Blockaid emphasized this wasn’t a conventional exploit. “This is not a classic phishing attack and not a traditional smart-contract vulnerability,” the firm stated. The attack specifically exploited the autonomous logic that powers MEV bot operations.
Understanding Jaredfromsubway.eth
Maximal Extractable Value (MEV) bots scan pending transactions on blockchain networks and reorder their execution sequence to capture profits. This practice is frequently described as an “invisible tax” imposed on ordinary users.
Sandwich attacks represent a prevalent MEV technique. When a bot detects an incoming trade, it positions its own transactions before and after the target, profiting from the resulting price fluctuations.
From November 2024 through October 2025, Jaredfromsubway.eth executed approximately 70% of all sandwich attacks on Ethereum. According to Cointelegraph Research, sandwich attacks drain roughly $60 million annually from traders, with monthly attack volumes ranging between 60,000 and 90,000 during peak periods.
Last May, Ethereum creator Vitalik Buterin became a target of this identical bot during a modest DigitalBits swap. While the monetary impact was negligible, the incident demonstrated that no transaction escapes scrutiny.
Onchain analytics confirm that portions of the stolen assets have been routed through Tornado Cash, a cryptocurrency tumbling protocol.
Community sentiment has been divided. Crypto investor David Gokhshtein commented: “We shouldn’t be happy about this; no one should celebrate… but if you’ve ever been sandwiched by this… I’m pretty sure you’re not upset about this news.”
This incident represents one of the most significant financial losses ever sustained by an MEV bot operation.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
