MEV bot Jaredfromsubway.eth lost $7.5 million in a sophisticated attack through fake liquidity pools.
The well-known MEV bot Jaredfromsubway.eth, operating on the Ethereum network, lost assets worth over $7.5 million. According to my data, the incident occurred not due to a standard smart contract vulnerability or phishing, but as a result of a complex manipulation scheme targeting the bot's automated execution system.
Security experts from Blockaid noted that the attacker deployed dozens of fake token contracts disguised as WETH, USDC, and USDT, and linked them to fake liquidity pools. These constructs mimicked profitable trading opportunities that MEV bots typically respond to in order to execute sandwich attacks. The attacker deceived the system into granting spending allowances for real assets to auxiliary contracts, then triggered all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been transferred to Tornado Cash.
It is important to emphasize that this case is not a classic attack on the victim's smart contract. Rather, it is an attack on the decision-making logic of the MEV bot itself, making it particularly dangerous for such automated systems.
Arkham data confirms that the attacker operated through controlled contracts rather than directly. Interestingly, estimates suggest that annual trader losses in Ethereum from sandwich attacks amount to about $60 million. Meanwhile, from November 2024 to October 2025, the network recorded between 60,000 and 90,000 such operations per month, with approximately 70% of them linked to Jaredfromsubway.eth. Notably, in June 2024, this bot was the largest gas consumer on the Ethereum network.
My analysis: This attack demonstrates a fundamental vulnerability of MEV bots: their algorithms, designed to seek arbitrage, can be deceived by artificially created signals. In an environment where such bots control a significant portion of network activity, these incidents undermine trust in automated strategies and require a reassessment of data verification mechanisms at the smart contract level.