The notorious MEV bot Jaredfromsubway.eth on the Ethereum network has lost assets exceeding $7.5 million due to a hacking incident.
🚨Community Alert:
— Blockaid (@blockaid_) June 20, 2026
Blockaid Exploit Detection system detected an exploit involving the @jaredsmev MEV bot on Ethereum.
The incident resulted from attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.…
According to Blockaid, the attacker operated through controlled smart contracts and deceived the automated execution system of the bot into approving tokens that were then used to withdraw funds.
"This is not a classic phishing attack or a traditional smart contract vulnerability in the victim's contract," the company's experts clarified.
They noted that the perpetrator deployed dozens of fake token contracts disguised as WETH, USDC, and USDT, linking them to fraudulent liquidity pools. These setups appeared as profitable trades, which MEV bots typically target for sandwich attacks.
This scheme led Jaredfromsubway.eth to grant the attacker's auxiliary contracts permission to spend real assets. The attacker then triggered all backdoors in a single transaction and withdrew the funds. Some of the coins have already been transferred to Tornado Cash, according to data from Arkham.
Estimates from Cointelegraph suggest that annual losses for traders on Ethereum due to sandwich attacks amount to approximately $60 million. From November 2024 to October 2025, the network recorded between 60,000 and 90,000 such operations monthly, with around 70% linked to Jaredfromsubway.eth.
Source: Cointelegraph.It is worth noting that in June 2024, this MEV bot was the largest gas consumer on Ethereum at one point.