The well-known MEV bot Jaredfromsubway.eth on the Ethereum network lost assets worth over $7.5 million due to a hack.
🚨Community Alert:
Blockaid Exploit Detection system detected an exploit involving the @jaredsmev MEV bot on Ethereum.
The incident resulted from attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.…— Blockaid (@blockaid_) June 20, 2026
Â
According to Blockaid, the attacker used controlled smart contracts to deceive the bot’s automated execution system into approving tokens, which were then used to withdraw funds.
“This is not a classic phishing attack or a traditional smart contract vulnerability in the victim’s contract,” the company’s experts clarified.Â
They explained that the attacker deployed dozens of fake token contracts disguised as WETH, USDC, and USDT, linking them to fake liquidity pools. These setups appeared as profitable trades, typically targeted by MEV bots for sandwich attacks.
The scheme led Jaredfromsubway.eth to grant permissions to the attacker’s auxiliary contracts to spend real assets. The attacker then triggered all backdoors in a single transaction to withdraw the funds. Some of the coins have already been transferred to Tornado Cash, according to Arkham data.
Cointelegraph estimates that annual trader losses from sandwich attacks on Ethereum are approximately $60 million. From November 2024 to October 2025, the network recorded 60,000-90,000 such operations per month, with about 70% linked to Jaredfromsubway.eth.
In June 2024, this MEV bot was briefly the largest gas consumer on Ethereum.
