MEV giant Jaredfromsubway.eth lost $7.5 million in a sophisticated smart contract attack.

One of the most famous MEV bots in the Ethereum ecosystem, Jaredfromsubway.eth, fell victim to a targeted attack, losing assets worth over $7.5 million. This incident has drawn the attention of the entire crypto community and forced experts to reconsider their views on the security of automated trading systems.
As revealed by an analysis conducted by security specialists, the attack was unconventional. The attacker did not use classic phishing schemes or vulnerabilities in the victim's own contracts. Instead, they deployed dozens of fake token contracts disguised as popular stablecoins — WETH, USDC, and USDT. These contracts were linked to fictitious liquidity pools that mimicked profitable trading opportunities.
MEV bots, including Jaredfromsubway.eth, are configured to seek out such arbitrage opportunities and execute sandwich attacks. The fake pools looked so convincing that the bot's automated system granted permissions to spend real assets to the attacker's auxiliary contracts. After that, the attacker activated all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been sent to Tornado Cash, a popular mixer for concealing transaction traces.
This case is a serious wake-up call for all market participants. Sandwich attacks have long become a part of everyday life on Ethereum: estimates suggest that traders' annual losses from such operations amount to about $60 million. From November 2024 to October 2025, the network recorded between 60,000 and 90,000 sandwich operations monthly, with approximately 70% of them linked to Jaredfromsubway.eth. In June 2024, this bot even became the largest consumer of gas on the Ethereum network.
What happened clearly demonstrates that even the most experienced MEV players are not immune to attacks. The vulnerability lies not in the code, but in the very logic of interacting with untrusted contracts. In my opinion, after this incident, we will see stricter requirements for verifying the authenticity of liquidity pools and tokens by MEV bots, which may temporarily reduce their aggressiveness but will make the ecosystem safer in the long run.