Jaredfromsubway.eth, one of crypto's most successful MEV bots, was drained for more than $7.5 million after an attacker turned the bot's automated execution logic against it. The attack used a counter-MEV honeypot methodology that exploited the bot's automated decision-making system by tricking it into granting token approvals to attacker-controlled contracts. MEV bots monitor pending blockchain transactions and attempt to profit by controlling transaction order, often through sandwich attacks and other maximal extractable value strategies on Ethereum.
The incident marks a rare public setback for a bot that has become closely associated with sandwich attacks on Ethereum. For DeFi users, MEV bot activity can operate like an invisible cost attached to onchain trading.
Attacker Deployed Counter-MEV Honeypot Using 66 Fake Token Contracts
The attack did not rely on a standard phishing flow or a direct bug in the bot's smart contracts. Instead, attacker-controlled contracts tricked Jaredfromsubway.eth's automated system into granting token approvals that were later used to drain funds from the bot's treasury.
"This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract," Blockaid said.
Over several weeks, the attacker deployed 66 fake token contracts that copied the names and interfaces of Wrapped ETH, USDC and USDT. Those fake tokens were then paired with fake liquidity pools designed to appear like profitable trading opportunities.
Blockaid chief technology officer Raz Niv described the incident as a counter-MEV honeypot. "This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize," he said.
As Jaredfromsubway.eth interacted with the fake environment, it approved attacker-controlled helper contracts to spend real assets on its behalf. Those approvals gave the attacker a path to the bot's treasury.
"Ironically, in the process, it provided the attacker the keys to millions in the bot's treasury," Niv said.
The attacker then executed a single transaction calling all 66 backdoors, sweeping ETH, USDC and USDT from the affected addresses. Onchain data showed that some of the stolen funds were later sent to Tornado Cash, a crypto mixing service often used to obscure fund movement.
Jaredfromsubway.eth Associated with 70% of Sandwich Attacks Between November 2024 and October 2025
Jaredfromsubway.eth has long been one of the most visible examples of MEV activity on Ethereum. Research has estimated that sandwich attacks on Ethereum have caused about $60 million in annual losses for traders. Between November 2024 and October 2025, sandwich attacks reportedly ranged between 60,000 and 90,000 per month, with roughly 70% associated with Jaredfromsubway.eth.
In most DeFi hacks, users or protocols are the direct victims. In this case, the target was a bot widely viewed as extracting value from ordinary traders. The incident does not remove the broader MEV problem, but it shows that the same automation used to capture profit can create concentrated exposure when bots interact with hostile contracts.
The attack also highlights that bots create predictable behavioral patterns that attackers can study. When those patterns involve approvals, routing logic or repeated interaction with unknown contracts, the bot itself can become a target.
Ethereum co-founder Vitalik Buterin was previously sandwich attacked by Jaredfromsubway.eth while swapping a small amount of DigitalBits, showing that even low-value transactions can be targeted by MEV systems. The loss was minimal, but the example captured how indiscriminate these bots can be.
Crypto investor and commentator David Gokhshtein framed the public reaction in blunt terms. "We shouldn't be happy about this; no one should celebrate … but if you've ever been sandwiched by this … I'm pretty sure you're not upset about this news," he said.
Blockaid CTO Describes Attack as Targeting Automated Trust-Minimized Decision-Making Logic
The attacker built a trap around the bot's own incentive model. MEV bots are designed to identify and execute profitable opportunities quickly, with limited human review. In this case, that automated decision-making became the attack surface.
Blockaid chief technology officer Raz Niv said the incident specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize. The setup gave the bot what looked like trades worth chasing, leading it to grant approvals that ultimately provided access to millions in the bot's treasury.
The incident is likely to push MEV operators to review how automated systems handle approvals, token verification and liquidity-pool validation. Fake token names and familiar interfaces are not enough to establish trust, especially when bots move at speeds that leave little room for manual checks.
FAQ
What happened to the Jaredfromsubway.eth MEV bot?
Jaredfromsubway.eth was drained for more than $7.5 million after an attacker used a counter-MEV honeypot attack. The attacker deployed 66 fake token contracts over several weeks that mimicked Wrapped ETH, USDC and USDT, tricking the bot into granting token approvals to attacker-controlled contracts. The attacker then executed a single transaction calling all 66 backdoors to sweep funds from the bot's treasury.
How much MEV activity was associated with Jaredfromsubway.eth?
Between November 2024 and October 2025, sandwich attacks on Ethereum reportedly ranged between 60,000 and 90,000 per month, with roughly 70% associated with Jaredfromsubway.eth. Research has estimated that sandwich attacks on Ethereum have caused about $60 million in annual losses for traders.
What did Blockaid say about the attack method?
Blockaid stated that this was not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract. Blockaid chief technology officer Raz Niv described the incident as a counter-MEV honeypot attack that specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize.
