MEV bot Jaredfromsubway.eth lost over $7.5 million in a sophisticated attack.

The well-known MEV bot Jaredfromsubway.eth, operating on the Ethereum network, has suffered significant losses: attackers withdrew assets worth over $7.5 million. This event has once again drawn attention to the vulnerabilities of automated trading systems.
How the attack occurred
According to data from the analytical platform Blockaid, the attack was not a classic phishing scheme or a traditional smart contract vulnerability. Instead, the attackers deployed dozens of fake token contracts disguised as popular stablecoins — WETH, USDC, and USDT. These contracts were linked to counterfeit liquidity pools that mimicked profitable trades.
MEV bots like Jaredfromsubway.eth typically respond to such setups to execute sandwich attacks. However, in this case, the scheme was reversed: the bot was forced to grant the attacker's auxiliary contracts permission to spend real assets. Then, in a single transaction, all backdoors were activated, and the funds were withdrawn.
Consequences and scale
Part of the stolen coins has already been moved through the Tornado Cash mixer, making them difficult to trace. This incident highlights the growing sophistication of attacks on MEV infrastructure.
It is worth noting that sandwich attacks remain a serious problem for the Ethereum ecosystem. According to my estimates, traders' annual losses from such operations amount to about $60 million. From November 2024 to October 2025, the network recorded between 60,000 and 90,000 such operations per month, with approximately 70% of them linked specifically to Jaredfromsubway.eth. In June 2024, this bot even became the largest gas consumer on the network, indicating its dominant role in this segment.
My analysis: This case is a vivid example of how even the most advanced MEV bots can be deceived by carefully planned traps. The market must recognize that automation brings not only profits but also risks. Investors and developers should reconsider security mechanisms, especially regarding token permissions, to avoid similar incidents in the future.