Why Was Jaredfromsubway.eth Targeted?
One of crypto’s most successful MEV bots, Jaredfromsubway.eth, was drained for more than $7.5 million after an attacker turned the bot’s own automated execution logic against it.
The incident marks a rare public setback for a bot that has become closely associated with sandwich attacks and other maximal extractable value strategies on Ethereum. MEV bots monitor pending blockchain transactions and attempt to profit by controlling transaction order, often by inserting trades before and after user swaps. For DeFi users, that activity can operate like an invisible cost attached to onchain trading.
The attack did not rely on a standard phishing flow or a direct bug in the bot’s smart contracts. Instead, attacker-controlled contracts tricked Jaredfromsubway.eth’s automated system into granting token approvals. Those approvals were later used to drain funds from the bot’s treasury.
“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said.
How Did the Counter-MEV Attack Work?
The attacker built a trap around the bot’s own incentive model. MEV bots are designed to identify and execute profitable opportunities quickly, with limited human review. In this case, that automated decision-making became the attack surface.
Blockaid chief technology officer Raz Niv described the incident as a counter-MEV honeypot. “This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” he said.
Over several weeks, the attacker deployed 66 fake token contracts that copied the names and interfaces of Wrapped ETH, USDC and USDT. Those fake tokens were then paired with fake liquidity pools designed to appear like profitable trading opportunities.
The setup gave the bot what looked like trades worth chasing. As Jaredfromsubway.eth interacted with the fake environment, it approved attacker-controlled helper contracts to spend real assets on its behalf. Those approvals gave the attacker a path to the bot’s treasury.
“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” Niv said.
The attacker then executed a single transaction calling all 66 backdoors, sweeping ETH, USDC and USDT from the affected addresses. Onchain data showed that some of the stolen funds were later sent to Tornado Cash, a crypto mixing service often used to obscure fund movement.
Investor Takeaway
The attack shows that MEV infrastructure can carry its own hidden security risks. Systems built to react faster than human traders can also be manipulated when attackers understand the assumptions behind their automated execution logic.
Why Does This Matter for DeFi Users?
Jaredfromsubway.eth has long been one of the most visible examples of MEV activity on Ethereum. Research has estimated that sandwich attacks on Ethereum have caused about $60 million in annual losses for traders. Between November 2024 and October 2025, sandwich attacks reportedly ranged between 60,000 and 90,000 per month, with roughly 70% associated with Jaredfromsubway.eth.
That history explains why the exploit drew unusual attention. In most DeFi hacks, users or protocols are the direct victims. In this case, the target was a bot widely viewed as extracting value from ordinary traders. The incident does not remove the broader MEV problem, but it shows that the same automation used to capture profit can create concentrated exposure when bots interact with hostile contracts.
The attack also highlights a deeper issue in DeFi execution. Bots do not only compete with each other for profitable transactions. They also create predictable behavioral patterns that attackers can study. When those patterns involve approvals, routing logic or repeated interaction with unknown contracts, the bot itself can become a target.
The reputational effect may be larger than the dollar loss. Jaredfromsubway.eth has generated large profits over time, but the exploit weakens the idea that advanced MEV operators are structurally safer than the users they trade against.
What Comes Next for MEV Security?
The incident is likely to push MEV operators to review how automated systems handle approvals, token verification and liquidity-pool validation. Fake token names and familiar interfaces are not enough to establish trust, especially when bots move at speeds that leave little room for manual checks.
For DeFi protocols, the episode may add pressure to improve MEV protection for users. Sandwich attacks remain a persistent cost for traders, and the scale of Jaredfromsubway.eth’s historical activity shows how much value can be extracted from public mempools and predictable transaction flows.
The exploit also adds a new layer to the debate over MEV ethics. Ethereum co-founder Vitalik Buterin was previously sandwich attacked by Jaredfromsubway.eth while swapping a small amount of DigitalBits, showing that even low-value transactions can be targeted by MEV systems. The loss was minimal, but the example captured how indiscriminate these bots can be.
Crypto investor and commentator David Gokhshtein framed the public reaction in blunt terms. “We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news,” he said.
The attack does not end MEV, and it does not change the incentives that drive bots to compete for transaction ordering. It does, however, show that highly profitable automation can be exploited when attackers design traps around the logic that makes those bots successful.
