Jaredfromsubway.eth, one of Ethereum’s most prolific MEV bots, has fallen victim to a sophisticated attack that drained more than $7.5 million from its accounts. The incident is notable not for exploiting a traditional smart contract vulnerability, but for turning the bot’s own automated trading logic against it, according to security firm Blockaid.
The bot, which has earned notoriety for conducting sandwich attacks on Ethereum traders, was tricked into approving malicious helper contracts over several weeks. An attacker deployed dozens of fake token contracts and liquidity pools that mimicked legitimate assets like wrapped ether (WETH), USDC and USDT. When jaredfromsubway.eth’s automated system detected what appeared to be profitable trading opportunities, it generated approvals for the attacker-controlled contracts to spend tokens on its behalf.
The attacker’s strategy was methodical. In initial tests, the approvals were used immediately as part of the trades. But later, the attacker created trading routes where the approvals remained open, giving them standing permission to pull funds directly from the bot’s contracts. Using these open approvals, the attacker transferred WETH, USDC and USDT out of jaredfromsubway.eth’s accounts. Some of the stolen funds were subsequently routed through Tornado Cash, according to onchain data reviewed by CoinDesk.
The irony of the situation is difficult to overlook. Jaredfromsubway.eth has been responsible for roughly 70 percent of all sandwich attacks on Ethereum since early 2023. Sandwich attacks, a form of maximal extractable value or MEV, involve an automated trader spotting a pending transaction, buying ahead of it, allowing the victim to trade at a worse price, then selling immediately after. The practice functions as a hidden tax on users and has cost Ethereum traders approximately $60 million annually, with between 60,000 and 90,000 attacks occurring monthly between November 2024 and October 2025.
See also: These Hackers Drained $76 Million from Echo Protocol by Minting Unlimited eBTC
The bot’s predatory behavior has been so industrialized that it even sandwiched a small swap by Ethereum co-founder Vitalik Buterin in May. The bot spent $1.14 million to frontrun Buterin’s trade to profit just $4 after fees, demonstrating how aggressively the system scanned the mempool for any transaction it could insert itself around.
This follows a pattern seen in related coverage of major protocol exploits where attackers have found creative ways to drain significant value from blockchain systems. The jaredfromsubway.eth incident, however, represents a unique case where the victim was not a protocol or user, but rather a predatory bot itself.
Blockaid emphasized that Saturday’s incident was neither a standard phishing attack nor a simple bug in the victim contract. Instead, the attacker specifically targeted the bot’s decision-making system by exploiting how it evaluates and approves transactions based on pattern recognition and profit signals. The attack demonstrates a critical vulnerability in systems that operate at machine speed without sufficient safeguards.
See also: A Crypto bridge was quietly drained of $11.6 million and nobody noticed until it was too late
Security researchers have noted that the incident raises important questions about the risks inherent in automated trading systems that approve transactions based on algorithmic signals. While the bot’s loss does not reduce the harm caused by sandwich attacks to regular traders, it illustrates how industrialized systems built on pattern recognition can themselves become targets for sophisticated attackers.
According to CoinDesk’s reporting, the attack unfolded over several weeks, suggesting the attacker conducted extensive reconnaissance and testing before executing the final drain. The methodical nature of the exploit contrasts sharply with typical flash loan attacks or simple rug pulls, indicating a deep understanding of how the bot’s approval mechanisms functioned.
Jaredfromsubway.eth spent years profiting from traders who did not see the bot coming. On Saturday, the bot did not see the attack coming either. The incident serves as a reminder that even the most sophisticated automated systems on Ethereum remain vulnerable to creative exploitation, particularly when attackers understand the underlying logic driving transaction approval and execution.
More Reads:
Bitcoin Weekly Analysis: Consolidation at $64,222 Tests Institutional Resolve Amid Fed Policy Uncertainty
AI-Powered Security Tools Are Reshaping Crypto’s Standards for Code Audits
If you’re reading this, you’re already ahead. Stay there, by joining the…
Dipprofit’s private Telegram community
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
