Notorious MEV Bot Jaredfromsubway.eth Drained for $7.5M
MEV bot Jaredfromsubway.eth, responsible for ~70% of Ethereum sandwich attacks, was exploited for $7.5M via fake token approvals. The attacker created deceptive WETH, USDC, and USDT routes, tricking the bot into granting access before sweeping funds.
Quick Take
Attacker created fake WETH, USDC, USDT tokens and pools to deceive the bot.
The MEV bot granted approvals to attacker-controlled contracts for fake profitable trades.
Once approvals accumulated, attacker swept $7.5M in real assets from the bot.
Jaredfromsubway.eth is responsible for ~70% of monthly sandwich attacks on Ethereum.
Market Impact Analysis
NeutralThe exploit of a single MEV bot does not directly affect broader crypto market prices, though it may temporarily raise concerns about DeFi security.
Speculation Analysis
Key Takeaways
- A novel approval-based exploit drained $7.5 million from Ethereum MEV bot Jaredfromsubway.eth.
- The attacker tricked the bot into granting token approvals by creating fake WETH, USDC, and USDT pools.
- Accumulated approvals enabled a final sweep that moved all real assets to the attacker.
- Jaredfromsubway.eth is responsible for 70% of monthly sandwich attacks, costing traders $60 million yearly.
What Happened
Leading MEV bot Jaredfromsubway.eth suffered a $7.5 million loss after an attacker exploited its automated transaction system. The attacker deployed counterfeit tokens—fake WETH, USDC, and USDT—paired with a fabricated token (fCAP) to mimic lucrative MEV opportunities. The bot’s logic automatically granted token approvals to attacker-controlled contracts, which it normally uses to execute trades. Instead of consuming approvals during the swap, the attacker structured routes to leave them open. A final transaction swept all approved real assets from the bot’s wallet.
The Numbers
The $7.5 million drain underscores the bot’s massive scale. Research shows Jaredfromsubway.eth is linked to approximately 70% of all sandwich attacks on Ethereum, with monthly totals ranging from 60,000 to 90,000 incidents. These attacks cost DeFi traders an estimated $60 million annually. The bot had previously extracted hundreds of millions in MEV profits, making this exploit a rare reversal for one of crypto’s most dominant automated traders.
Why It Happened
The attack hinged on Jaredfromsubway.eth’s core mechanism: its automated system scans for profitable MEV and grants spending approvals to helper contracts to execute trades swiftly. The attacker designed a series of transactions that appeared as standard MEV bundles, prompting the bot to approve its own tokens to fake contracts. Because the approvals weren’t consumed in the deceptive trades, they accumulated until the attacker executed a mass transferFrom sweep. No smart contract vulnerability was exploited; instead, the bot’s own automation was weaponized against it.
Broader Impact
The incident may chill the rampant use of MEV bots, especially those with automated approval flows. Security researchers are now scrutinizing similar architectures. For DeFi users who have long complained about sandwich attacks, the news brings a sense of poetic justice, but it also highlights systemic risks in permissionless automation. Expect wallet and protocol developers to revisit approval management patterns to prevent analogous exploits.
What to Watch Next
- Whether Jaredfromsubway.eth resumes operations or alters its approval logic.
- Potential proposals for MEV bot security standards or new safe-approval patterns.
- Community reaction and possible regulatory attention on MEV extraction practices.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
