Skip to main content

MEV Bot Using Jaredfromsubway.eth Drains $7.5M in Exploitation



A leading Ethereum MEV bot, Jaredfromsubway.eth, has reportedly been drained of more than $7.5 million after an attacker exploited weaknesses in the bot’s automated execution workflow. The incident highlights a critical, often underappreciated risk for MEV infrastructure: once a bot is trusted with permissions, attackers only need to trick it into granting the right approvals to move funds.



According to Blockaid, the attacker used attacker-controlled contracts to manipulate Jaredfromsubway.eth’s automated MEV execution system into issuing token approvals that were later used to drain funds. Blockaid described the event as neither a classic phishing attempt nor a straightforward smart-contract vulnerability in the bot’s victim contracts.



Key takeaways



  • Blockaid attributes the theft to malicious approvals: attacker-controlled contracts induced Jaredfromsubway.eth to authorize spending before sweeping funds.

  • The attack was “counter-MEV” in design, targeting the bot’s trust-minimized decision logic and execution pipeline rather than attempting to directly compromise the bot’s private keys.

  • Fake token and liquidity artifacts played a central role, with the attacker deploying dozens of contracts designed to resemble major Ethereum assets and venues.

  • The event reinforces systemic MEV exposure—even bots that target profitable opportunities can become liabilities if they approve the wrong spending permissions.



What Blockaid says happened


In its account of the incident, Blockaid said the attacker’s main move was to exploit how automated MEV bots operate: by monitoring activity and then executing trades based on what appear to be profitable on-chain opportunities. In this case, the “profitable” paths were set up by the attacker using contracts that behaved like bait.



Blockaid noted that the event on Saturday did not resemble a typical phishing scenario, and it was not characterized as a traditional smart-contract bug in the bot’s victim logic. Instead, the focus was on the automated execution system itself—specifically the token approval steps that enable a bot to interact with assets and helper contracts during MEV operations.



A “honeypot” aimed at the bot’s approvals


Blockaid’s chief technology officer, Raz Niv, told Cointelegraph that the attack functioned as a counter-MEV honeypot. The strategy, he explained, was to target the bot’s trust-minimized decision-making logic—the part that determines which trades to pursue and which contracts to empower.



Over several weeks, the attacker allegedly deployed 66 fake token contracts designed to imitate familiar assets such as Wrapped ETH (WETH), USDC, and USDT, pairing them with fake liquidity pools. The goal was to create the appearance of trade opportunities that automated systems like Jaredfromsubway.eth are programmed to seek.



Once the bot interacted with these counterfeit contracts, Jaredfromsubway.eth reportedly approved certain attacker-controlled helper contracts that would later be used to move real funds. As Niv put it, the bot effectively handed over “the keys” to its treasury—an important reminder that approvals can be as dangerous as vulnerabilities when automation is involved.



“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”


Why this matters beyond one wallet


MEV bots are typically described as automation that scans unconfirmed or pending activity and then reorders or manipulates transactions to extract profit. In doing so, they can impose an “invisible tax” on DeFi users—an issue that has drawn substantial research attention over the years.



Earlier Cointelegraph Research found that sandwich attacks on Ethereum caused roughly $60 million in annual losses for traders, with the analysis also reporting 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025. That same research said around 70% of those attacks were associated with Jaredfromsubway.eth.



This new development turns the spotlight from the bot’s profit extraction methods to the security assumptions that power those same operations. When an MEV system depends on automated approvals and execution pathways, attackers may not need to break cryptography or exploit a bug in victim contracts. They may only need to engineer on-chain interactions that cause the bot to authorize spending to attacker-controlled addresses.



MEV’s reach has been wider than people realize


While this reported drain is by far the most serious outcome, Cointelegraph noted another instance involving Jaredfromsubway.eth: in May, Ethereum co-founder Vitalik Buterin was sandwich attacked while swapping 26,544 DigitalBits (worth $2.11 at the time of Cointelegraph’s writing). The losses in that case were reportedly small, but it underscored that MEV bots can target even relatively modest transactions.



The broader point for market participants is that MEV activity is not limited to high-profile trades. It can reach across liquidity conditions and transaction sizes, depending on how opportunities appear to bots in real time. For users and integrators, that reality has been part of the ongoing debate around fairness, transparency, and how encrypted transaction infrastructure changes the incentives for adversaries.



It’s also a reminder that the line between attacker and victim in MEV is frequently thinner than the public narrative suggests. The same operational patterns that enable profit extraction can be subverted—particularly when bots must make rapid execution decisions and grant permissions without full guarantees about the counterparties they’re dealing with.



Going forward, investors, DeFi users, and builders should watch for two signals: whether this incident triggers wider scrutiny of how MEV bots handle approvals and “helper” contracts, and whether similar “counter-MEV honeypot” tactics appear against other automated systems. The technical details of token-approval misuse are often portable, and the next exploit may be less about one bot’s identity and more about the shared automation patterns that many MEV tools rely on.



https://www.cryptobreaking.com/mev-bot-using-jaredfromsubway-eth/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=MEV%20Bot%20Using%20Jaredfromsubway.eth%20Drains%20$7.5M%20in%20Exploitation%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Mastercard Launches AI Agent Pay System With Ripple and Solana Help

Mastercard has launched Agent Pay for Machines, a payments system built for autonomous software agents. The service allows AI agents to send and receive payments without direct human action. It brings Ripple, Coinbase, and Solana Foundation into Mastercard’s push for automated digital commerce. Ripple Brings XRPL and RLUSD to Mastercard’s Agent Pay System Mastercard introduced Agent Pay for Machines on June 10 as a tool for machine-led payments. The system targets high-volume and low-value transactions across business and consumer use cases. It also supports automated settlement between software agents and connected machines. Ripple will support the system through the XRP Ledger and its RLUSD stablecoin. The company said that settlement will become more important as automated commerce grows. It also sees blockchain rails as useful for fast and rule-based payments. RippleX senior vice president Markus Infanger said XRPL and RLUSD support enterprise-grade agent payments. He said the tool...
Post a Comment
Read more

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...
Post a Comment
Read more