The hunter becomes the hunted: the most profitable MEV Bot got exploited
- Core Insight: The well-known MEV bot Jaredfromsubway.eth lost over $7.5 million due to a carefully crafted "anti-MEV honeypot attack." The incident reveals the vulnerability of on-chain automated strategies, showing that even top-tier arbitrageurs can become targets.
- Key Elements:
- The attacker deployed 66 fake token contracts and liquidity pools disguised as major assets like WETH and USDC weeks in advance, constructing a "profitable arbitrage spread" path to lure the MEV bot into executing trades.
- During the trading process, the bot granted approval to an auxiliary contract controlled by the attacker and failed to revoke it in time, leading to the direct transfer of approximately $7.5 million worth of ETH, USDC, and USDT assets in a single transaction.
- Jaredfromsubway.eth was one of the most active MEV bots on Ethereum, generating hundreds of thousands of dollars in daily revenue at its peak, and had successfully front-run a transaction by Vitalik Buterin.
- Between November 2024 and October 2025, Ethereum experienced 60,000 to 90,000 sandwich attacks per month, with approximately 70% of those related to strategies employed by Jaredfromsubway.eth.
Original by Odaily Planet Daily (@OdailyChina)
Author: Azuma (@azuma_eth)
Jaredfromsubway.eth, a well-known MEV Bot address long active on the Ethereum network, suffered a highly targeted on-chain attack on Saturday, resulting in losses exceeding $7.5 million.
According to investigations by Blockaid and multiple on-chain analysis firms, this incident was not a traditional phishing attack or smart contract exploit, but rather a "counter-MEV honeypot attack" specifically designed to exploit the behavioral logic of MEV Bots.
Over the past few weeks, the attacker methodically deployed 66 counterfeit token contracts and fake liquidity pools. These assets were meticulously disguised on-chain as mainstream stable assets like WETH, USDC, and USDT, constructing seemingly legitimate arbitrage trading paths.
The attack chain unfolded progressively: Fake liquidity pools generated signals of "arbitrageable price spreads"; the MEV bot automatically identified the arbitrage opportunity and executed the trade; during the transaction, the bot granted approval to an auxiliary contract controlled by the attacker; the approval was not revoked in time, creating persistent permission exposure; ultimately, the attacker invoked a pre-set backdoor logic in a single transaction, directly transferring assets including ETH, USDC, and USDT held by the MEV bot address.
On-chain data reveals that the total value of assets stolen from Jaredfromsubway.eth has exceeded $7.5 million. The attacker has since split and transferred some of the assets, further obfuscating the flow of funds through mixing tools.
Who is Jaredfromsubway.eth? The Most Notorious MEV Bot Address
The reason this attack has garnered so much attention is that the victim, Jaredfromsubway.eth, is itself the most active, profitable, and notorious MEV Bot on the Ethereum network (arguably without exception).
So-called "MEV attacks" essentially refer to a category of on-chain arbitrage based on controlling "transaction ordering rights." In the Ethereum network, transactions first enter the mempool to await packaging into a block. Block builders or searchers can extract additional profits by adjusting transaction order, inserting transactions, or reordering transactions within a block.
The most typical type of attack is the "Sandwich Attack" – where the attacker places buy and sell orders around a user's transaction, profiting from price slippage within a short time frame. This behavior is extremely common in high-liquidity DeFi trading pairs and forms one of the fundamental profit models in the MEV ecosystem.
Jaredfromsubway.eth is the most representative automated executor under this mechanism. Unlike traditional "single-point arbitrage bots," this MEV Bot operates more like a highly industrialized MEV execution system. It continuously monitors unconfirmed transactions in the mempool, identifies sandwichable transaction paths in real-time, and constructs trades, bids for Gas, and inserts orderings within extremely short time windows to systematically capture slippage profits.
Data from Cointelegraph Research shows that between November 2024 and October 2025, the Ethereum network experienced approximately 60,000 to 90,000 sandwich attacks per month, with about 70% linked to Jaredfromsubway.eth's strategy system.
In May of this year, Ethereum co-founder Vitalik Buterin's transaction of 26,544 DigitalBits (XDB) was also targeted and sandwiched by Jaredfromsubway.eth.
Regarding Jaredfromsubway.eth's historical revenue, there is no official statistic, but conservative estimates suggest the address has accumulated tens of millions of dollars in MEV profits during its active period. During peak times, its daily revenue reached hundreds of thousands of dollars, and it consistently held top positions in Ethereum's MEV rankings.
Escalating Crypto Security Threats: Even Top Predators Are Not Immune
While lamenting "the hunter has become the hunted," the attack on Jaredfromsubway.eth once again sounds the alarm about risks in the cryptocurrency space.
In past perceptions, MEV Bots like Jaredfromsubway.eth were on the "predator" side of the chain – they captured slippage and arbitrage opportunities from user transactions through automated strategies, holding an advantageous position within the ecosystem, and were arguably one of the most representative types of attackers in the crypto market.
This time, however, it became the target of design, manipulation, and ultimately harvesting. The attacker did not choose a traditional exploit path but instead constructed a long-running "behavioral trap," causing the MEV Bot's automated system, while fully complying with its own rules, to step by step toward a wrong decision.
It must be acknowledged that even a participant like Jaredfromsubway.eth, once the most adept at "exploiting the rules," is now exposed to more multi-dimensional attack vectors.
It is also worth noting that after the theft of Jaredfromsubway.eth, an unknown account on X with 94,000 followers changed its name to Jaredfromsubway.eth and falsely claimed to "offer a $1 million bounty for the full return of all funds."
Several developers have since issued risk warnings, emphasizing that this account is not the official account of Jaredfromsubway.eth (the MEV Bot team has no official account), and it is possible it will be used for scams. They urge users to remain vigilant.
