The largest Ethereum MEV bot lost $7.5 million due to a sophisticated trap involving fake tokens.

The Ethereum ecosystem has once again become the stage for a sophisticated cyberattack. A well-known MEV bot operating under the pseudonym Jaredfromsubway.eth, specializing in sandwich attacks, lost assets worth over $7.5 million. The incident occurred as a result of a targeted exploitation of the bot's own trusted architecture.
How the Attack Was Organized
According to blockchain analysts, the attacker did not directly hack smart contracts or use classic phishing. Instead, a network of dozens of fake token contracts was deployed, disguised as popular liquid assets — WETH, USDC, and USDT. These contracts were linked to fake liquidity pools that mimicked profitable trading opportunities.
The automated system of Jaredfromsubway.eth, configured to search for arbitrage opportunities, responded to the false signals. During the "execution of trades," the bot granted the attacker's auxiliary contracts permission to spend real tokens. After receiving the approvals, the attacker activated all backdoors in a single transaction and withdrew the funds. Part of the stolen coins has already been sent to the Tornado Cash mixer.
Scale of the Threat and Context
This case highlights the vulnerability of even the most advanced algorithmic strategies. According to my estimates, annual trader losses from sandwich attacks on the Ethereum network amount to approximately $60 million. Notably, from November 2024 to October 2025, between 60,000 and 90,000 such operations were recorded monthly, with about 70% of them linked to Jaredfromsubway.eth. In June 2024, this bot even became the largest gas consumer on the network.
My analysis: This incident is not just a hacker attack but a demonstration of a new class of threats to the MEV ecosystem. Attackers are moving from contract hacking to manipulating the behavioral logic of the bots themselves. This forces developers to reconsider not only the code but also the principles of trust in external data and simulations. In the near future, we will likely see stricter requirements for liquidity pool verification and the implementation of more complex token authenticity verification mechanisms.