One of the most prominent MEV (maximal extractable value) bots, Jaredfromsubway.eth, was drained for more than $7.5 million after an attacker manipulated the bot’s automated execution logic. Security firm Blockaid says the exploit relied on attacker-controlled contracts that tricked the bot into granting token approvals that were later used to withdraw funds.
Blockaid described the incident as neither a classic phishing attack nor a traditional smart-contract flaw in the victim contract. Instead, the attacker executed a counter‑MEV honeypot: they targeted the trust‑minimized, automated decision-making that MEV bots use to evaluate and chase profitable trades.
Over several weeks the attacker deployed 66 fake token contracts designed to mimic well-known tokens such as Wrapped ETH (WETH), USDC and USDT, and paired those tokens with counterfeit liquidity pools. These fabricated opportunities were crafted to look like the profitable trades MEV bots typically pursue, luring Jaredfromsubway.eth’s systems into interacting with attacker-controlled helper contracts and approving them to spend real assets on the bot’s behalf.
According to Blockaid’s account, those approvals effectively gave the attacker ‘‘the keys’’ to the bot’s treasury. In a single transaction the attacker invoked all 66 malicious backdoors and swept ETH, USDC and USDT from the compromised addresses, amounting to the multi‑million dollar loss. Some of the stolen funds have since been routed to the mixing service Tornado Cash, on‑chain data indicate.
This is a notable setback for an automated strategy that has been highly profitable: Cointelegraph Research previously found that sandwich attacks on Ethereum cause roughly $60 million in trader losses annually. Between November 2024 and October 2025 there were an estimated 60,000–90,000 sandwich attacks per month, and roughly 70% of those were associated with Jaredfromsubway.eth, underscoring how active the bot has been in extracting MEV.
The incident illustrates a new class of risk for automated MEV systems: adversaries can create deceptive market conditions that trigger benign automation to authorize harmful actions. Blockaid’s chief technology officer described the operation as a deliberate counter‑MEV strategy that exploited the bot’s decision processes rather than abusing a simple contract bug.
The event also highlights how even high‑profile MEV players can be targeted. Earlier this year, Ethereum co‑founder Vitalik Buterin experienced a sandwich attack by Jaredfromsubway.eth while swapping a modest amount of tokens, demonstrating that both large and small traders can be affected by MEV activity.
Observers cautioned against celebrating the attack; while some traders harmed by Jaredfromsubway.eth might feel vindicated, the episode raises broader concerns about automated trading safety, on‑chain governance, and the need for stronger protections against deceptive market constructs. Cointelegraph reports this story under its editorial standards and encourages readers to verify on‑chain data independently.
