One of the most successful MEV bots in crypto, Jaredfromsubway.eth, was depleted for over $7.5 million, and the attacker took advantage of the bot’s automated systems, the same ones that have made him hundreds of millions over the years.
According to Blockaid, Saturday’s incident resulted from attacker-controlled contracts that tricked Jaredfromsubway.eth’s automated MEV (maximum extractable value) bot into granting token approvals, which were later used to drain funds.
“This is not a classic phishing attack or a traditional smart contract vulnerability in the victim’s contract” – Blockaid he said on X
This is a scarce defeat for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their orders to profit, a kind of “invisible tax” imposed on DeFi users.
Cointelegraph research previously found that sandwich attacks on Ethereum resulted in approximately $60 million in annual losses for investors. The study also found that between November 2024 and October 2025, between 60,000 and 90,000 sandwich attacks occurred per month, of which approximately 70% were linked to Jaredfromsubway.eth.
How Jaredfromsubway.eth was used
“This was an anti-MEV honeypot attack because it specifically targeted the automated, trust-minimizing decision-making logic that MEV bots use,” Blockaid Chief Technology Officer Raz Niv told Cointelegraph.
Over the course of several weeks, the attacker deployed 66 phony token contracts that mimicked the names and interfaces of Wrapped ETH (WETH), USDC (USDC) and USDt (USDT), and then linked them to phony liquidity pools, Niv said.
The fakes were supposed to look like profitable trades, i.e. those that MEV bots are programmed to perform. This lulled the Jaredfromsubway bot into doing what it was designed to do, which was to approve some attacker-controlled helper contracts to spend real money on its behalf.
“Ironically, in the process, he provided the attacker with the keys to millions in the bot’s vault,” he added.
“Then, in one transaction, the attacker triggered all 66 backdoors and transferred all ETH, USDC and USDT to these addresses, amounting to millions of dollars.”
Some of the stolen funds have already been sent to the Tornado Cash cryptocurrency mixing service, According to to onchain data.
In May, Ethereum co-founder Vitalik Buterin was subjected to a sandwich attack by Jaredfromsubway.eth while exchanging 26,544 DigitalBits (worth $2.11 at the time of writing). The losses were minimal, but they show that even the smallest trades can be targeted by MEV bots.
“We shouldn’t be happy about this; no one should be celebrating… but if you’ve ever encountered this… I’m pretty sure you’re not worried about this news” – cryptocurrency investor and commentator David Gokhshtein he said.
Warehouse: End of anon? Artificial intelligence can unmask the hidden identity of cryptocurrencies
