USDJaredFromSubway MEV Bot Drained in $7.5M Counter-MEV Trap
Ethereum sandwich bot’s own approval logic became the attack surface
TL;DR
- JaredFromSubway, a notorious Ethereum MEV bot, was drained for roughly $7.5 million after being baited by attacker-controlled contracts.
- Blockaid said the incident was not phishing, not a private-key compromise and not a flaw in a widely used DeFi protocol.
- The attacker used fake tokens, fake liquidity pools, staged test profits and exposed approvals before moving funds into ETH and Tornado Cash.
Trade smarter on Jupiter, Solana’s leading DEX built for fast execution and deep liquidity.
Swap tokens at competitive rates, route across multiple liquidity sources automatically, and access perpetuals, DCA, and advanced trading tools — all in one place!
The Ethereum MEV bot known as jaredfromsubway.eth was drained for roughly $7.5 million on Saturday after a counter-MEV honeypot tricked the bot into leaving token approvals exposed, according to Blockaid and onchain analysts. The incident targeted the bot’s own automated trading logic, not its private keys, and turned one of Ethereum’s best-known sandwich bots into the victim of a carefully staged exploit.
The affected bot was identified as jaredfromsubway.eth, tagged by Etherscan as “jaredfromsubway: MEV Bot 2.” The bot has reportedly been sandwiching Ethereum traders since early 2023 and is widely associated with an aggressive form of Maximal Extractable Value, or MEV, in which automated systems profit from transaction ordering.
MEV, a term coined in 2019, refers to profits that validators and other network participants can generate by reordering transactions before finalization. A sandwich attack is a related trading strategy where a bot places trades before and after a pending user transaction, worsening the user’s execution price while capturing value from the price movement. JaredFromSubway’s name also refers to Jared Fogle, the disgraced former Subway spokesman and convicted child sex offender, while doubling as a dark joke about sandwich attacks.
Blockaid Says the Bot Was Baited Into Unsafe Approvals
Blockaid said the attack was not a phishing attack, not a private-key compromise and not a flaw in a widely used DeFi protocol. Instead, Blockaid said attacker-controlled contracts induced the bot’s execution system to grant token approvals that were later abused to move real funds. The key failure was that the bot approved contracts controlled by the attacker and failed to close those permissions before the final sweep.
The attacker built the setup over several weeks, according to Blockaid. The scheme used counterfeit assets and fake liquidity pools that were designed to appear like profitable MEV routes. The bot’s system scans Ethereum for profitable trades, and the fake routes were engineered to look like opportunities the bot was designed to chase. Small test transactions behaved normally and produced small real profits, helping make the routes appear trustworthy before larger bait transactions left approvals open.
Blockaid said some earlier transactions revoked permissions after completion, while later attacker-crafted transactions did not. That approval gap became the exploit path. Blockaid summarized the failure with the line: “That left attacker-controlled spenders armed.” The description points to a permission-management issue inside the bot’s automated execution flow rather than a broad compromise of Ethereum infrastructure or a mainstream DeFi application.
PeckShield also noted that after stealing wrapped Ethereum and stablecoins, part of the funds was swapped and partially deposited into Tornado Cash. Lookonchain tracked the Tornado Cash movement. The attacker’s identity remained unclear, and it also remained unclear whether other contracts or additional funds were affected beyond the traced loss range.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Fake Tokens, Armed Contracts and the Final Sweep
Blockaid said the attacker deployed 66 counterfeit token contracts designed to imitate WETH, USDC and USDT. Those counterfeit tokens were paired with fake liquidity pools and used to simulate MEV opportunities. The structure let the attacker feed the bot controlled trades before switching to transactions that left spend permissions intact. The incident showed that an automated system built to exploit public transaction flow can be exploited when its strategy logic is predictable and its approval handling is weak.
Pseudonymous developer banteg published a forensic analysis on Sunday describing the setup as a “block-armed switch.” According to banteg, the same child-contract design acted like a normal principal-consuming wrapper in small “unarmed” test batches, then behaved like a fake mint in larger “armed” batches that left approvals untouched. The distinction mattered because the bot’s earlier behavior appeared normal until the attacker used the remaining approvals.
banteg identified 16 live WETH allowances of about 92.16 WETH each. Those allowances matched the WETH swept during the final drain. The final transaction was not a normal trade. A coordinator contract called “withdraw” on every child contract at once, with each child contract pulling the bot’s balance up to its open allowance before forwarding funds to the attacker.
The receiving address was flagged as an EIP-7702-delegated account. EIP-7702 came from Ethereum’s 2025 Pectra upgrade and allows a standard wallet to run contract code. The exploit therefore combined counterfeit tokens, fake pools, staged test profits, persistent approvals, child contracts and delegated account behavior into a single attack path aimed at the bot’s execution system.
Bounty Claims and Public Reaction
The bot’s operator is pseudonymous and has not made a verified public statement through a confirmed public social media account. A 2023 interview with a representative of the bot claimed the operator had no public social media accounts. That identity gap became important after an X account using the jaredfromsubway.eth name and the handle @jaredsmev claimed the bot had lost $15 million and offered a $1 million bounty for the return of funds.
Multiple onchain commentators flagged @jaredsmev as a likely impersonator rather than the actual bot operator. The account had changed usernames eight times, most recently in June 2026, and its public profile reportedly showed a history of promotional posts, including a token shill and a giveaway offer. No security firm traced a loss larger than the lower confirmed range, so the larger loss claim remained unsupported by the available evidence.
Separately, an onchain message attributed to the bot’s operator offered a “50% white hat bounty” for the return of 2,150 ETH, valued at roughly $3.7 million at the time. The message gave the attacker 48 hours to return the funds and threatened legal remedies and law enforcement involvement if the funds were not returned. The demand drew skepticism because part of the stolen funds had already moved through Tornado Cash.
Public reaction leaned heavily into the irony of a sandwich bot becoming the target. A public X post said, “Finally, someone punished the infamous sandwich attacker,” and added, “People don't die without experiencing what they've inflicted on others.”
X user zubic mocked the situation, saying, “You can't make this up” zubic also said there was “virtually no chance” the exploiter would accept the bounty and “also no chance” Jared would pursue legal action.
JaredFromSubway had already drawn attention as a major Ethereum gas spender before the exploit. A “Jared 2.0” version surfaced in 2024 and processed more than 85,000 transactions. At one point, the operator ranked as Ethereum’s single largest daily gas spender. The bot also drew attention in May for sandwiching a small swap by Ethereum co-founder Vitalik Buterin, using more than $1.14 million in WETH to front-run a trade worth only a few dollars.
The clean distinction is that this was not a generic protocol exploit or a confirmed compromise of the operator’s keys. Blockaid described a counter-MEV honeypot that weaponized the bot’s approval logic against it. Verified onchain movements and named security firm estimates point to a loss of roughly $7.5 million, while larger social media claims remain disputed or unsupported.
FAQ
What was JaredFromSubway?
JaredFromSubway was a notorious Ethereum MEV bot associated with sandwich attacks.
What caused the loss?
Blockaid said attacker-controlled contracts induced unsafe token approvals.
Was it a phishing attack?
No. Blockaid said it was not phishing or a private-key compromise.
Who is the attacker?
The attacker’s identity remained unclear as of publication.
This article has been refined and enhanced by ChatGPT.
