Key facts
- The MEV bot jaredfromsubway.eth was drained of approximately $7.5 million in WETH, USDC, and USDT.
- The attack was executed by an attacker who tricked the bot's automated trading system into approving attacker-controlled contracts.
- The attacker created a honeypot using 66 counterfeit token contracts and fake liquidity pools.
- The stolen funds were swapped into approximately 4,427 ETH, with 1,000 ETH deposited into Tornado Cash.
- The bot operator is pseudonymous and has not made a verified public statement.
The notorious MEV bot jaredfromsubway.eth was drained of approximately $7.5 million in a sophisticated attack that exploited a honeypot strategy. The attacker tricked the bot's automated trading system into approving contracts that allowed for the theft of WETH, USDC, and USDT.
According to onchain analysts, the attacker deployed 66 counterfeit token contracts and fake liquidity pools over several weeks, mimicking profitable opportunities for the bot. The bot's execution system granted approvals to attacker-controlled helper contracts. While small test transactions yielded minor profits, larger bait transactions were structured to leave these approvals open.
A forensic report described the mechanism as a "block-armed switch," where initial small "unarmed" test batches provided minor profits, but larger "armed" batches acted as a fake mint, leaving approvals untouched. The final transaction was a direct sweep, where a coordinator contract called "withdraw" on the child contracts, pulling the bot's balance up to its open allowance and forwarding it to the attacker's address.
The attacker then swapped the stolen assets into roughly 4,427 ETH, worth approximately $7.7 million. Subsequently, 1,000 ETH was deposited into the mixer Tornado Cash. The receiving address was identified as an EIP-7702-delegated account, a feature from Ethereum's upcoming Pectra upgrade.
An X account using the jaredfromsubway.eth name, @jaredsmev, claimed the bot lost $15 million and offered a bounty, but onchain commentators flagged it as an impersonator. Security firms have not traced losses exceeding $7.5 million. The jaredfromsubway.eth bot has been a prominent figure in Ethereum's MEV economy since early 2023, known for its prolific sandwich attacks.