4 hours ago
9
Key Takeaways
- The MEV bot Jaredfromsubway.eth suffered a loss exceeding $7.5 million over the weekend
- A malicious actor created 66 fraudulent token contracts across multiple weeks to deceive the automated system
- The bot was exploited into granting permissions to attacker-controlled contracts for fund transfers
- Blockchain security company Blockaid described the incident as a “counter-MEV honeypot attack”
- Portions of the pilfered assets have been transferred to Tornado Cash
A prominent crypto automation tool has fallen prey to its own methodology. The MEV bot operating under the address Jaredfromsubway.eth, which generated substantial profits by front-running other market participants, lost over $7.5 million this past Saturday.
Blockchain security company Blockaid verified the exploit.
The Mechanics Behind the Exploit
The perpetrator executed a patient, methodical approach spanning multiple weeks. They created 66 counterfeit token contracts mimicking legitimate assets including Wrapped ETH, USDC, and USDT. These fraudulent tokens were matched with deceptive liquidity pools engineered to appear as lucrative trading opportunities.
The automated system performed precisely as programmed. It identified what appeared to be a profitable arbitrage scenario and granted specific contracts authorization to access its treasury.
This authorization was the vulnerability the attacker exploited. Within a single blockchain transaction, all 66 malicious backdoors activated simultaneously, draining the bot’s entire holdings across ETH, USDC, and USDT.
“The irony is that through its own operational processes, it handed the attacker access to millions sitting in the bot’s wallet,” explained Blockaid’s Chief Technology Officer Raz Niv.
Blockaid emphasized this wasn’t a conventional security breach. “This differs from typical phishing schemes and traditional smart-contract exploits,” the company stated. The attack specifically targeted the automated reasoning mechanisms fundamental to MEV bot operations.
Understanding Jaredfromsubway.eth
MEV (Maximal Extractable Value) bots scan pending blockchain transactions and reorder their execution sequence for financial gain. This practice is often described as an “invisible fee” imposed on everyday users.
Sandwich attacks represent a widespread tactic. These bots detect incoming trades, insert their own transactions immediately before and after the target trade, and capture profits from the resulting price fluctuations.
From November 2024 through October 2025, Jaredfromsubway.eth executed approximately 70% of all sandwich attacks on the Ethereum network. Research from Cointelegraph indicates these attacks drain roughly $60 million annually from traders, with monthly attack volumes ranging from 60,000 to 90,000 during peak periods.
Last May, Ethereum creator Vitalik Buterin became a target of this identical bot during a modest DigitalBits token swap. While his monetary loss was negligible, the incident demonstrated that no transaction value is beneath targeting.
Onchain tracking reveals that portions of the stolen cryptocurrency have been routed through Tornado Cash, a privacy-focused mixing protocol.
Community sentiment regarding the incident has been divided. Crypto investor David Gokhshtein commented: “This isn’t something to celebrate; nobody should be cheering… but if this bot has ever sandwiched your trades… I suspect you’re not mourning this development.”
This exploit represents among the most substantial individual losses documented for any MEV bot to date.
✨ Limited Time Offer
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
English (US) ·