The famous MEV bot Jaredfromsubway.eth lost $7.5 million in a sophisticated attack.

One of the most famous MEV bots on the Ethereum network, Jaredfromsubway.eth, has suffered catastrophic losses — over $7.5 million. The attack was unconventional: the attacker did not directly hack the victim's contracts but instead created a complex trap using dozens of fake tokens.
As established by experts at Blockaid, the attack scheme was meticulously planned. The hacker deployed fake token contracts disguised as popular assets — WETH, USDC, and USDT. These tokens were linked to fake liquidity pools that simulated profitable opportunities for sandwich attacks. MEV bots, including Jaredfromsubway.eth, typically respond to such signals to extract profit at the expense of regular traders.
The attack mechanism involved the bot's automated execution system, upon seeing a "profitable" trade, granting the attacker's auxiliary contracts permission to spend real assets. After that, the hacker activated all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been sent to the Tornado Cash mixer, as confirmed by data from the analytics platform Arkham.
Scale and Context
This attack is a serious blow to the reputation of one of the largest players in the MEV space. By my estimates, Jaredfromsubway.eth generated a significant portion of all sandwich attacks on the Ethereum network. According to recent data, from November 2024 to October 2025, the network recorded between 60,000 and 90,000 such operations monthly, with about 70% of them linked specifically to this bot. Annual trader losses from sandwich attacks on Ethereum amount to approximately $60 million.
Notably, in June 2024, Jaredfromsubway.eth briefly became the largest gas consumer on Ethereum, highlighting its dominant position. Now, we see that even the most experienced MEV operators are not immune to attacks built on social engineering and manipulation of automated systems.
My comment: This incident is a clear signal for the entire market. MEV bots, long considered invulnerable "whales" of DeFi, are actually vulnerable to carefully planned phishing schemes. Now more than ever, it is crucial for operators of such bots to implement more sophisticated systems for verifying the authenticity of pools and contracts, rather than relying solely on "profitability" signals. The market is becoming increasingly sophisticated, and old protection methods no longer work.