Giant's Collapse: MEV Bot Jaredfromsubway.eth Loses Over $7.5 Million in Sophisticated Attack
One of the most well-known MEV bots on the Ethereum network — Jaredfromsubway.eth — lost over $7.5 million as a result of a targeted cyberattack. This incident reveals new vulnerabilities in automated systems for extracting maximum extractable value (MEV).
The attack was carried out in an unconventional manner. The attacker did not directly hack the bot's contracts but created a network of dozens of fake tokens disguised as WETH, USDC, and USDT. These tokens were tied to fake liquidity pools that visually mimicked profitable trading opportunities.
The automated system of Jaredfromsubway.eth, configured to seek out and execute sandwich attacks, fell for this bait. The bot granted the attacker's auxiliary contracts permissions to manage real assets. Once the permissions were granted, the attacker activated all the embedded backdoors in a single transaction and drained the wallet. Part of the stolen funds has already been sent to the Tornado Cash mixer, as confirmed by blockchain analysts.
Scale of the Threat and Consequences
This case is not just about the loss of a single bot. It highlights the evolution of attacks on MEV infrastructure. The market for sandwich attacks on Ethereum is estimated at approximately $60 million in annual losses for traders. Notably, from November 2024 to October 2025, about 70% of all such operations on the network (between 60,000 and 90,000 per month) were linked specifically to Jaredfromsubway.eth.
Recall that back in June 2024, this bot was the largest consumer of gas on Ethereum, demonstrating its dominant position in this segment. Now, it has itself become a victim, serving as a powerful signal to the entire community.
My analysis: This incident is a classic example of how the complexity and automation of MEV strategies create new attack vectors. Attackers have shifted from hacking protocols to manipulating the logic of the bots themselves. For MEV bot operators, this means the need to implement deeper checks on liquidity pools and tokens, as well as to limit automatic permissions. The MEV market is entering a new phase where the security of one's own infrastructure becomes no less important than the profitability of strategies.