MEV bot Jaredfromsubway.eth drained of $7.5M
Jaredfromsubway.eth lost $7.5M after its automation granted approvals to attacker contracts created as 66 fake tokens with bogus liquidity pools.
Jaredfromsubway.eth, a prominent MEV sandwich bot, was drained of more than $7.5 million on Saturday after its automated execution system granted token approvals to attacker-controlled contracts. The attacker executed the final sweep in a single transaction that emptied holdings of ETH, USDC and USDT.
Security firm Blockaid reported that the attacker deployed 66 counterfeit token contracts over several weeks. The tokens imitated Wrapped ETH, USDC and USDT and were paired with fake liquidity pools that presented apparently profitable trades. Those signals triggered the bot’s automation to approve helper contracts the bot would normally trust to execute transactions.
Raz Niv, chief technology officer at Blockaid, described the incident as a “counter-MEV honeypot attack” that targeted the bot’s automated decision logic. He said the attacker used the bot’s approvals to give attacker-controlled contracts spending rights and then called all 66 backdoors in one transaction to sweep the funds.
Jaredfromsubway.eth uses mempool monitoring to detect and manipulate the order of pending transactions and has been a leading source of sandwich attacks, a technique that places buy and sell orders around a target trade to capture profit. The bot has generated large returns for its operators over several years.
Previous research estimated that sandwich attacks on Ethereum cause roughly $60 million in trader losses annually and reported between 60,000 and 90,000 sandwich attacks per month in a recent year, with about 70% tied to Jaredfromsubway.eth during that period.
Crypto investor David Gokhshtein commented, “We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news.”
Investigations into the exact mechanics of the exploit, the attacker’s identity and whether related contracts or additional funds were affected are ongoing. Security teams recommend reviewing automation approval policies and monitoring for unusual token deployments and liquidity pairs.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
