One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years.
According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV (maximal extractable value) execution system bot into granting token approvals that were later used to drain funds.
“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said on X.
It’s a rare setback for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users.
Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.
How Jaredfromsubway.eth was exploited
“This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” Blockaid chief technology officer Raz Niv told Cointelegraph.
Over several weeks, the attacker deployed 66 fake token contracts that mimicked the names and interfaces of Wrapped ETH (WETH), USDC (USDC), and USDt (USDT) and then paired that with fake liquidity pools, said Niv.
The fakes were designed to look like profitable trades, the kind MEV bots are programmed to chase. This lulled Jaredfromsubway’s bot into doing what it was designed to do, approving certain attacker-controlled helper contracts to spend real money on its behalf.
“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” he added.
“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”
Some of the stolen funds have already been sent to crypto mixing service Tornado Cash, according to onchain data.
In May, Ethereum co-founder Vitalik Buterin was sandwich attacked by Jaredfromsubway.eth while swapping 26,544 DigitalBits (worth $2.11 at the time of writing). The losses were minimal, but they show that even the smallest transactions can be a target for MEV bots.
“We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news,” crypto investor and commentator David Gokhshtein said.
Magazine: The end of anon? AI could unmask crypto’s hidden identities
