Infamous MEV Bot Jaredfromsubway.eth Falls Victim to $7.5M Exploit
Between November 2024 and October 2025, Jaredfromsubway.eth was behind 70% of all sandwich attacks executed on the Ethereum network.
Jaredfromsubway.eth, among the most profitable MEV bots operating in the cryptocurrency space, has suffered a loss exceeding $7.5 million after a malicious actor exploited the very automated systems that have generated hundreds of millions in profits throughout its operation.
Blockaid reported that the Saturday incident occurred when contracts under the attacker's control deceived Jaredfromsubway.eth's automated MEV execution infrastructure into authorizing token permissions that were subsequently leveraged to extract funds.
"This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract," Blockaid said on X.
The exploit represents an unusual reversal of fortune for MEV (maximal extractable value) bots such as Jaredfromsubway.eth, which function as automated programs that track pending transactions across blockchain networks and reorder them for profit extraction, operating as an "invisible tax" imposed on decentralized finance participants.
Research conducted by Cointelegraph previously determined that sandwich attacks executed on Ethereum have generated approximately $60 million in yearly losses for market participants. The same research revealed that during the period spanning November 2024 through October 2025, monthly sandwich attacks ranged from 60,000 to 90,000 incidents, with approximately 70% of these attacks traced back to Jaredfromsubway.eth.
How Jaredfromsubway.eth was exploited
According to Blockaid's analysis, the malicious actor deployed counterfeit wrapper tokens and liquidity pools, which included fraudulent Wrapped Ether (fWETH), fraudulent USDC (fUSDC) and fraudulent USDt (fUSDT) pathways matched with fraudulent Cap (fCAP).
These counterfeit assets were engineered to mimic lucrative trading opportunities, precisely the type that the MEV bot's programming is designed to pursue. The bot subsequently performed its intended function, granting authorization to specific attacker-controlled helper contracts to spend legitimate funds on the bot's behalf.
Under typical circumstances, the bot would consume the approval throughout the transaction, however, in this particular instance, the attacker engineered pathways that permitted the approvals to remain active.
After accumulating sufficient approvals, the malicious actor executed a "final sweep" to extract WETH, USDC and USDT from the Jaredfromsubway.eth MEV bot contract through transferFrom.
"The attacker exploited the bot's mechanism: its automated system detected what looked like profitable MEV opportunities and generated approvals to attacker-controlled helper contracts."
"We shouldn't be happy about this; no one should celebrate ... but if you've ever been sandwiched by this ... I'm pretty sure you're not upset about this news," crypto investor and commentator David Gokhshtein said.