MEV Bot Jaredfromsubway.eth Exploited, Loses $7.5M in ETH
Caroline Bishop Jun 21, 2026 01:16
Jaredfromsubway.eth, a notorious Ethereum MEV bot, was exploited for $7.5M. The attack highlights risks in automated trading systems.
Jaredfromsubway.eth, one of Ethereum’s most infamous MEV bots, lost over $7.5 million on June 20 after an attacker exploited flaws in its automated trading system. The bot, linked to the majority of Ethereum sandwich attacks, fell victim to a sophisticated counter-MEV strategy involving fake token contracts and liquidity pools.
The attack, detailed by blockchain security firm Blockaid, targeted the bot’s decision-making logic. Over several weeks, the attacker deployed 66 fake token contracts resembling Wrapped ETH (WETH), USDC, and USDT, paired with fake liquidity pools. These setups tricked the bot into approving malicious contracts, effectively handing over control of its treasury. In a single transaction, the attacker swept the bot’s funds, draining ETH, USDC, and USDT worth millions.
Blockaid CTO Raz Niv described the incident as "a counter-MEV honeypot attack" designed to exploit the very mechanics that make MEV bots profitable. The attacker simulated trades that appeared advantageous, baiting the bot into executing approvals. Ironically, this automation—optimized for profit extraction—became its downfall.
MEV Bots: Profits and Pitfalls
MEV (Maximal Extractable Value) bots like Jaredfromsubway.eth monitor Ethereum’s public mempool for pending transactions. They capitalize on opportunities such as arbitrage, liquidations, and sandwich attacks. In the latter, bots manipulate transaction order to profit from price movements, often at the expense of unsuspecting DeFi users.
Research from Cointelegraph indicates sandwich attacks on Ethereum cause approximately $60 million in annual losses for traders. Between November 2024 and October 2025, an estimated 70% of these attacks were attributed to Jaredfromsubway.eth, which reportedly executed up to 90,000 attacks per month.
Critics argue that such bots represent "toxic MEV," an exploitative form of profit-taking that undermines user trust in DeFi. While the Ethereum community debates solutions—like encrypted mempools and protocol-level reforms—events like this highlight the vulnerabilities in automated trading systems.
Market Context and Implications
This incident comes amidst broader discussions about MEV and its impact on Ethereum’s ecosystem. Since Ethereum’s transition to proof-of-stake in September 2022, MEV extraction has become more formalized, with tools like MEV-Boost and proposer-builder separation (PBS) enabling validators to maximize their rewards. Cumulative MEV extracted on Ethereum now exceeds $1.1 billion.
Ethereum (ETH) itself is trading at $1,735.09 as of June 21, up 1.75% in 24 hours, according to market data. While this exploit didn’t directly impact ETH price, it underscores the ongoing risks in DeFi and could drive regulatory scrutiny or technical reforms aimed at curbing predatory MEV practices.
Interestingly, this isn’t the bot’s first high-profile moment. In May 2026, it sandwich-attacked Ethereum co-founder Vitalik Buterin during a $4 token swap, demonstrating that even small transactions aren’t safe from MEV bots’ predatory tactics.
While many in the crypto community avoid celebrating hacks, some users see this as karmic justice for a system that has cost traders millions. "If you’ve ever been sandwiched by this bot, you’re probably not upset about this news," commented crypto influencer David Gokhshtein.
What’s Next?
This exploit is a wake-up call for automated trading programs and the DeFi ecosystem at large. It also serves as a stark reminder that no system—no matter how profitable or sophisticated—is immune to attack. For traders and developers, the focus must now shift to enhancing security and mitigating the harmful impact of MEV.
Image source: Shutterstock.jpg)
