jaredfromsubway.eth, Ethereum's most active sandwich-trading bot, lost approximately $7.5 million in WETH, USDC and USDT over the weekend after an attacker exploited its automated trading logic through a single transaction on Saturday. Security firm Blockaid attributed the loss to a counter-MEV honeypot attack involving 66 fake token contracts that manipulated the bot into granting token approvals to malicious helper contracts. The incident marks a rare case of a predatory MEV bot becoming a victim, with the bot previously tied to roughly 70% of Ethereum sandwich attacks—a practice estimated to cost traders around $60 million annually.
Attacker Deployed 66 Fake Token Contracts Over Several Weeks
Over several weeks, the attacker deployed 66 counterfeit token contracts mimicking Wrapped ETH, USDC and USDT, each paired with fake liquidity pools engineered to appear as profitable trades. Those signals tricked the bot's automated execution system into granting token approvals to helper contracts it would normally trust.
The attacker first tested routes where the approvals were immediately consumed, then refined the method to leave allowances open and unrevoked, creating a standing vulnerability. With spending rights secured across all 66 backdoors, the attacker called them in one transaction to drain the bot. Because the approvals were granted by the bot itself, the transfers required no stolen keys and no flaw in any underlying protocol.
Raz Niv, chief technology officer at Blockaid, characterised the incident as a "counter-MEV honeypot attack" that targeted the bot's automated decision logic. The bot's operator claimed losses closer to $15 million, a figure that has not been independently confirmed.
Bot Tied to 70% of Ethereum Sandwich Attacks
jaredfromsubway.eth has long drawn scrutiny for sandwich attacks, in which a bot front-runs and back-runs a pending trade to skim value from ordinary users. On-chain research has tied it to roughly 70% of sandwich attacks between November 2024 and October 2025, part of a practice estimated to cost Ethereum traders around $60 million a year.
The bot has ranked among the network's heaviest gas spenders for years, a footprint that made it one of the most closely tracked addresses on Ethereum.
FAQ
What happened to the jaredfromsubway.eth bot over the weekend?
The jaredfromsubway.eth bot lost approximately $7.5 million in WETH, USDC and USDT on Saturday after an attacker used 66 fake token contracts to trick the bot into granting token approvals to malicious helper contracts, which were then used to drain the funds in a single transaction.
How did the attacker exploit the bot's automated trading system?
Over several weeks, the attacker deployed 66 counterfeit token contracts paired with fake liquidity pools that mimicked profitable trades. The bot's automated execution system granted token approvals to helper contracts, creating standing vulnerabilities that the attacker later exploited in one sweep transaction without requiring stolen private keys or protocol flaws.
What role has jaredfromsubway.eth played in Ethereum sandwich attacks?
On-chain research has tied the bot to roughly 70% of sandwich attacks on Ethereum between November 2024 and October 2025. Sandwich attacks are estimated to cost Ethereum traders around $60 million a year, and the bot has ranked among the network's heaviest gas spenders for years.
