The largest Ethereum MEV bot lost $7.5 million in a sophisticated attack

The well-known MEV bot Jaredfromsubway.eth, which long dominated sandwich attacks on Ethereum, lost assets worth more than $7.5 million. The incident occurred as a result of a sophisticated attack targeting the bot's automated transaction execution system.
How the Attack Was Carried Out
According to an analysis by Blockaid, the attacker did not use classic phishing methods or vulnerabilities in the victim's smart contracts. Instead, they deployed dozens of fake token contracts, disguised as popular stablecoins — WETH, USDC, and USDT. These contracts were linked to fake liquidity pools that mimicked profitable trades attractive to MEV bots.
The scheme was designed to deceive Jaredfromsubway.eth's automated system, tricking it into granting permissions to spend real assets to the attacker's auxiliary contracts. After obtaining approvals, the attacker activated all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been sent to the Tornado Cash mixer, as confirmed by Arkham blockchain analytics data.
Scale and Consequences
Notably, Jaredfromsubway.eth was one of the most active MEV bots on the Ethereum network. From November 2024 to October 2025, the network recorded between 60,000 and 90,000 sandwich attacks monthly, with about 70% of them attributed to this bot. Annual trader losses from such operations are estimated at $60 million.
Recall that in June 2024, this same bot temporarily became the largest gas consumer on the Ethereum network, highlighting its scale and impact on the blockchain.
My comment: This incident is a vivid example of how even the most advanced and profitable automated systems can be deceived through social engineering at the smart contract level. The attack demonstrates that the security of MEV bots remains a critical issue, and their operators need to implement more sophisticated mechanisms for verifying the authenticity of tokens and liquidity pools, rather than relying solely on automatic triggers.