Blockaid revealed that an attacker deceived Jaredfromsubway.eth into sanctioning fraudulent trading paths, subsequently using these permissions to extract WETH, USDC, and USDT.
By Shaurya Malwa Jun 21, 2026, 7:12 a.m. 3 min readMake preferred on ShareShare this articleCopy linkX (Twitter)LinkedInFacebookEmailMake preferred on SummaryShow- An attacker successfully extracted over $7.5 million from the notorious Ethereum MEV bot jaredfromsubway.eth by exploiting its automated trading mechanisms rather than through conventional phishing or contract vulnerabilities.
- In a series of weeks, the attacker misled the bot into approving harmful helper contracts through fake tokens and liquidity pools that imitated assets like WETH, USDC, and USDT, ultimately using these permissions to siphon funds, some of which were routed through Tornado Cash.
- This event highlights the scale and dangers associated with the industrialized nature of sandwich-bot operations—jaredfromsubway.eth has been involved in approximately 70% of Ethereum's sandwich attacks, which collectively cost traders around $60 million annually—demonstrating that even machine-speed systems can be exploited.
Jaredfromsubway.eth, a well-known MEV bot on Ethereum, suffered a theft exceeding $7.5 million after an attacker cleverly turned its own automated trading logic to their advantage.
This bot is infamous for executing sandwich attacks, a method of maximizing extractable value (MEV) where automated traders identify pending transactions, purchase ahead of them, allow the victim to trade at a worse rate, and then sell immediately after.
This process effectively imposes a hidden tax on users, which accumulates over numerous transactions.
Sandwich attacks are generally viewed in the crypto community as predatory behavior rather than traditional exploits, as they extract value from users, inflate gas fees, and do not provide benefits to the network or its users.
Security firm Blockaid reported that the incident on Saturday was not a standard phishing scheme or a straightforward flaw in the victim's contract. Instead, the attacker focused on the bot’s decision-making framework.
The attacker devised a strategy over several weeks, deploying numerous fake token contracts and misleading liquidity pools—essentially a collection of tokens held on a decentralized exchange—that appeared to present lucrative trading opportunities. Some of these imitated well-known assets such as wrapped ether (WETH) and dollar-pegged stablecoins USDC and USDT.
This bait effectively worked. The bot recognized what seemed to be MEV opportunities and generated approvals for the attacker-controlled helper contracts to utilize tokens on its behalf. These approvals were initially used in previous trades, but the attacker later established routes where the approvals remained open.
This left the attacker with ongoing permission to withdraw funds. They then exploited these open approvals to transfer WETH, USDC, and USDT out of Jaredfromsubway.eth’s contracts, resulting in a loss exceeding $7.5 million.
Some of the misappropriated funds were subsequently traced to Tornado Cash, as on-chain data analyzed by CoinDesk indicated.
The irony of the situation was striking.
Jaredfromsubway.eth has been a prominent emblem of toxic MEV on Ethereum, with sandwich attacks costing traders about $60 million each year, recording between 60,000 to 90,000 attacks monthly from November 2024 to October 2025.
operational since early 2023.In May, CoinDesk reported that the same bot had even executed a sandwich on a minor swap initiated by Ethereum co-founder Vitalik Buterin, putting up $1.14 million to frontrun Buterin's trade to earn just $4 (after fees, the bot made a few dollars on this specific transaction).
The trade itself was minimal, and the loss was negligible, yet it illustrated the extent to which the bot had industrialized its operations, scanning the mempool for virtually any transaction it could maneuver around.
While the incident does not lessen the harmful impact of sandwich attacks, it does emphasize the risks associated with operating systems that authorize transactions at machine speed based on pattern recognition and profit signals.
Jaredfromsubway.eth has profited for years from traders unaware of its presence. Ironically, on Saturday, the bot itself was caught off guard by a trade.
Latest Crypto News- 1Bitcoin holds near $64,000 as a renewed Hormuz threat clouds US-Iran ceasefire talks1 hour ago
- 2AI is making crypto security cheaper, faster and harder to ignore17 hours ago
- 3How STRC lost its par: The timeline behind Strategy's preferred-stock meltdown19 hours ago
- 4Schwab to join prediction markets race with S&P 500 event-based options: WSJJun 19, 2026
- 5GoMining challenges Jack Dorsey's Square with payments system designed around bitcoinJun 19, 2026
- 6Franklin Templeton proposes new ETFs that turn corporate dividends into bitcoinJun 19, 2026
- 7Smart-contract and DeFi coins lead losses as bitcoin wilts for 4th straight dayJun 19, 2026
- 8Digital credit market hit by huge selloff as Strive CEO blames leverage liquidationsJun 19, 2026
- 9Microsoft found malware that hijacks crypto wallets and spreads through USB sticksJun 19, 2026
- 10XRP falls 3% after losing $1.15 support as breakout attempt fadesJun 19, 2026
CEX Volumes Drop to Lowest Since September 2024 as RWA Perps Hit Record High
CEX Volumes Drop to Lowest Since September 2024 as RWA Perps Hit Record High
In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.
By CoinDesk ResearchJun 15, 2026In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.
Why it matters:
In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.
View Full ReportMore From Tech