One of the most prominent MEV bots on the Ethereum network, Jaredfromsubway.eth, suffered a loss of $7.5 million after falling victim to an elaborate fake transaction scheme orchestrated by attackers. Initial investigations indicate that the attack targeted the bot’s automated trading logic with a sophisticated counter-MEV strategy, misleading the bot into authorizing contracts under the attackers’ control by creating the illusion of a profitable trading opportunity.
Blockaid’s findings
Blockchain security firm Blockaid announced that its detection systems had identified the exploit affecting the MEV bot on Ethereum. According to Blockaid, the attack was made possible by tricking the bot’s automated execution system into approving tokens for smart contracts controlled by the attackers, effectively granting them access to withdraw funds.
Blockaid emphasized that the breach did not stem from a typical vulnerability in the smart contract, but rather targeted the bot’s trading logic, presenting fraudulent opportunities as profitable trades and prompting it to authorize contracts managed by the attackers.
Blockaid also reported that the perpetrators had set up a complex network of 66 fake tokens and liquidity pools. These counterfeit assets included imitations of WETH, USDC, and USDT, paired with CAP tokens. The company’s analysis concluded that this structure was designed to mimic the MEV signals that bots seek, thus triggering the bot’s automatic approval mechanism.
Glossary: MEV (Maximal Extractable Value) refers to extra revenue earned from ordering transactions within a blockchain. In a sandwich attack, a user’s trade is bracketed by buy and sell orders placed before and after their transaction, manipulating the price so the attacker profits and the user gets a worse deal.
Blockaid’s Chief Technology Officer, Raz Niv, commented that ironically, the process opened the door to the attacker, granting them access to millions of dollars in the bot’s treasury. Data from Etherscan confirmed total losses at approximately $7.5 million, with part of the stolen assets subsequently laundered through Tornado Cash.
Why is Jaredfromsubway.eth significant?
Jaredfromsubway.eth is widely recognized as one of the most prolific sandwich bots, earning profits by inserting and bracketing trades on decentralized exchanges. This incident marks a rare setback for the bot, which typically dominates MEV activities on the network.
Research shows that Ethereum investors lose around $60 million each year due to sandwich attacks. Network data from November 2024 to October 2025 indicates an average of 60,000 to 90,000 sandwich attacks each month, with Jaredfromsubway.eth responsible for about 70% of this volume.
Past incidents and the broader picture
In May, the bot had previously targeted a transaction involving 26,544 DigitalBits made by Vitalik Buterin. Though the financial impact was limited, the incident demonstrated how MEV bots closely monitor even the smallest profit opportunities. Etherscan records reveal that ahead of Buterin’s transaction, the bot moved roughly $1.14 million in WETH through both SushiSwap and Uniswap V2, impacting XDB prices in two different liquidity pools within the same block.
Crypto investor and commentator David Gokhshtein pointed out that this development should not be celebrated, even as those who have previously been targeted by the bot might understandably feel little sympathy.
Previously, EigenPhi highlighted how transaction slippage creates room for actors like Jaredfromsubway.eth to drive up prices, forcing users to transact at a higher cost. As of May, total MEV extraction on Ethereum had surpassed $1.2 billion, with approximately 51% attributed to sandwich attacks. Vitalik Buterin has recently advocated for an encrypted mempool approach on the Ethereum roadmap to curb harmful MEV practices.
