MEV bot operator Jaredfromsubway.eth has reportedly lost more than $7.5 million after an attacker used a “counter-MEV” strategy to trick the bot into authorizing spending approvals that were
MEV bot operator Jaredfromsubway.eth has reportedly lost more than $7.5 million after an attacker used a “counter-MEV” strategy to trick the bot into authorizing spending approvals that were later used to drain its funds. The incident, discovered on Saturday, highlights a growing security risk for automated trading systems: even bots built to exploit market opportunities can be turned against themselves.
Blockaid said the compromise stemmed from attacker-controlled contracts manipulating Jaredfromsubway.eth’s automated MEV execution logic into issuing token approvals. Those approvals—part of the bot’s normal workflow—were then leveraged to transfer assets out of the bot’s treasury.
MEV bots operate by monitoring unconfirmed transactions and attempting to reorder or manipulate trades to extract profit. In practice, this behavior often translates into an “invisible tax” for some DeFi users, especially during sandwich attacks—where an attacker places trades around a target transaction to capture value from price movement.
Cointelegraph Research previously estimated that sandwich attacks on Ethereum have produced around $60 million in annual losses for traders. That same research reportedly found 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025, with roughly 70% associated with Jaredfromsubway.eth. Against that backdrop, the Saturday incident is notable precisely because it shows an automated profit-seeking system can be engineered to fail in a way that benefits an adversary.
Blockaid emphasized that this was not a traditional victim-side vulnerability. In a statement on X, the company said the event was neither a classic phishing attack nor a standard smart-contract exploit of the victim contract.
According to Blockaid, the attacker exploited an aspect of how Jaredfromsubway.eth executes MEV strategies. The goal was to steer the bot’s “trust-minimized” automation—its automated, contract-driven decision logic—toward approvals that the attacker could later use to move funds.
Blockaid chief technology officer Raz Niv described the technique as a counter-MEV honeypot attack. Rather than attacking the bot’s private keys directly, the approach aimed to influence what the bot would do once it encountered transactions and on-chain artifacts that looked like opportunities aligned with its programmed objectives.
In a conversation with Cointelegraph, Niv said the attacker deployed fake token contracts over a period of weeks. He stated that there were 66 counterfeit token contracts designed to mimic well-known assets, including Wrapped ETH, USDC, and USDt. These fakes were paired with fake liquidity pools intended to make the ecosystem appear to offer profitable trades.
The counterfeit setup was engineered to resemble the kinds of transactions MEV bots typically chase. By presenting plausible trading conditions, the attacker “lured” Jaredfromsubway.eth into executing its normal logic—specifically, approving certain attacker-controlled helper contracts to spend funds on the bot’s behalf.
“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” Niv said.
“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”
The attack’s structure matters for investors and builders because it demonstrates a common automation pitfall: when systems rely on broad or reusable token allowances to operate efficiently, a malicious actor may focus on obtaining those allowances rather than breaking the underlying execution engine.
MEV activity is often discussed in terms of profitability and market mechanics, but the Jaredfromsubway.eth incident shifts attention to operational security. Even if a bot’s trading logic is intended to be automated and “trust-minimized,” that automation still has to interact with external contracts and grant permissions in order to operate.
The broader implication is that attackers can design environments that comply with the bot’s assumptions while quietly redirecting the outcome. In this case, the environment included fake token contracts and pools meant to look legitimate enough to trigger approvals—turning expected functionality into an exit path.
The timing and visibility of the story also add context. Earlier this year, Cointelegraph reported that Ethereum co-founder Vitalik Buterin was sandwiched by Jaredfromsubway.eth while swapping 26,544 DigitalBits, which was worth $2.11 at the time of writing. The harm in that example was reportedly minimal, but it illustrated that MEV bots may target transactions of any size. Saturday’s loss claim suggests the inverse is also true: high-profile MEV infrastructure can be targeted using the same automation pathways it uses to function.
Crypto investor and commentator David Gokhshtein reacted publicly to the news on X, framing it as a response to a bot that has benefited from sandwiching before—though he also cautioned against celebration.
For now, the key questions are how widespread similar approval-based counter-MEV tactics could be and whether bot operators will adjust their permissioning and contract interaction patterns to reduce exposure to authorization-driven drains. The next signal to monitor will be whether Blockaid’s described counter-MEV honeypot approach becomes a repeatable playbook—or prompts faster defensive changes across automated MEV systems.
This article was originally published as ‘Sandwich attack’ bot Jaredfromsubway.eth linked to $7.5M theft on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
