Notorious Ethereum MEV Bot Drained of $7.5M Through Fake Token Trap

• Jaredfromsubway.eth lost roughly $7.5 million through a fake token scheme.
• Attackers created 66 counterfeit contracts that mimicked major crypto assets.
• Security researchers say open token approvals enabled the final drain.
• Stolen funds were converted to ETH, with part sent to Tornado Cash.

Notorious Ethereum MEV bot jaredfromsubway.eth lost approximately $7.5 million after attackers used fake token contracts to deceive its automated trading system. According to blockchain security firm Blockaid, the exploit relied on counterfeit liquidity pools and manipulated token approvals that ultimately allowed the attacker to withdraw millions in crypto assets.

The incident quickly attracted attention across the crypto sector because jaredfromsubway.eth ranks among Ethereum’s most active sandwich bots. According to onchain analyst Specter, the wallet linked to the bot lost more than $7 million in a single transaction conducted on Saturday.

Blockchain data shows the attacker withdrew 1,474.58 WETH, nearly $2.9 million in USDC, and around $2 million in USDT. Blockaid estimated the total value of the stolen assets at roughly $7.5 million.

Importantly, investigators found no evidence of a private key compromise. They also ruled out phishing attacks and vulnerabilities in major DeFi protocols. Instead, researchers concluded that the attacker manipulated the bot’s automated trading process.

Also Read: Aerodrome Finance (AERO) Price Prediction 2026–2030: Can AERO Hit $2 Soon?

Fake Contracts Created a Convincing Trap

According to Blockaid, the attacker spent several weeks building a network of 66 counterfeit token contracts. These contracts imitated popular assets such as WETH, USDC, and USDT. Additionally, the attacker deployed fake liquidity pools that appeared legitimate to the bot’s trading algorithms. As a result, the system identified the routes as potentially profitable opportunities.

During early transactions, the setup behaved as expected and even generated small gains. Consequently, the bot continued interacting with the malicious contracts without detecting a threat. However, larger transactions produced a different outcome. According to a forensic report published by pseudonymous developer banteg, the contracts switched behavior when specific conditions were met.

Community Alert:Blockaid Exploit Detection system detected an exploit involving the @jaredsmev MEV bot on Ethereum.The incident resulted from attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.…

— Blockaid (@blockaid_) June 20, 2026

Smaller transactions consumed token approvals normally. Larger transactions, however, left those approvals active. Therefore, the attacker retained permission to access significant amounts of the bot’s assets. The report identified 16 active WETH allowances totaling approximately 1,474.58 WETH. Those approvals closely matched the amount withdrawn during the final exploit.

Subsequently, the attacker executed a coordinated withdrawal operation. A master contract triggered 66 child contracts simultaneously, allowing each contract to pull funds up to its approved limit and transfer them to the attacker’s wallet.

Attacker Converts Funds After the Exploit

According to onchain tracker Lookonchain, the attacker converted the stolen assets into approximately 4,427 ETH. Additionally, blockchain records show that 1,000 ETH later moved to Tornado Cash.

Meanwhile, an X account claiming to represent jaredfromsubway.eth offered a $1 million bounty for information leading to the recovery of the funds. However, several onchain observers questioned the account’s authenticity. No verified statement has emerged from the actual operator.

The exploit marks a significant setback for one of Ethereum’s most recognizable MEV participants. Jaredfromsubway.eth gained prominence through sandwich trading strategies and once ranked among the network’s largest daily gas spenders.

Conclusion

The attack demonstrates how sophisticated actors can exploit automated trading systems through deceptive contract structures. By creating convincing fake markets and securing token approvals, the attacker successfully drained millions from one of Ethereum’s most active MEV bots.

Also Read: XRP Ledger Roadmap Expands as Expert Highlights Five Major Upgrades

The post Notorious Ethereum MEV Bot Drained of $7.5M Through Fake Token Trap appeared first on 36Crypto.