The largest Ethereum MEV bot lost $7.5 million in a sophisticated attack.

The legendary MEV bot Jaredfromsubway.eth, which long dominated the sandwich attack space on Ethereum, has suffered catastrophic losses. As a result of a hacker attack, its operator lost assets worth over $7.5 million.
Attack Mechanism: Deceiving the Automated System
According to an analysis conducted by security experts, the attacker did not hack the bot's smart contract itself in the classic sense. Instead, a complex multi-stage scheme was implemented.
The attacker deployed dozens of fake token contracts disguised as popular liquid assets: WETH, USDC, and USDT. These were linked to fake liquidity pools that visually mimicked profitable trading opportunities. It is precisely these "traps" that the automated system of the MEV bot, designed to execute sandwich attacks, responds to.
The deceived system, following its logic, granted the attacker's auxiliary contracts permissions to spend the bot's real assets. After receiving the approvals, the hacker activated all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been sent to the crypto mixer Tornado Cash to cover tracks.
Context and Market Implications
It is worth noting that Jaredfromsubway.eth was not just one of many bots—it was a giant in its niche. According to estimates, from November 2024 to October 2025, this bot accounted for about 70% of all sandwich attacks on the Ethereum network, with between 60,000 and 90,000 such attacks recorded monthly.
Annual trader losses from such manipulations on Ethereum are estimated at approximately $60 million. The Jaredfromsubway.eth incident is a stark example that even the most sophisticated and profitable algorithms are not immune to attacks built on social engineering and deception of automated systems.
Expert opinion: This attack is not just a hacker incident but a demonstration of a new evolution of threats in the DeFi world. Attackers are increasingly avoiding direct code attacks, preferring to manipulate the logic of bots and oracles. For the community, this is an alarming signal: even the "king" of sandwich attacks proved vulnerable. The market must adapt to new, more sophisticated phishing methods that target not users but the algorithms themselves.