An attacker drained roughly $7.5 million from the JaredFromSubway MEV bot this week, security firms Blockaid and PeckShield confirmed. The stolen haul included 1,474.58 WETH, 2.87 million USDC, and 2 million USDT. The bot’s operator, however, put the loss closer to $15 million — and has already offered a $1 million bounty for the return of the funds.
How the attacker tricked the bot
This wasn’t a smart-contract bug, a phishing link, or a leaked private key. Instead, the attacker spent weeks deploying 66 counterfeit token contracts that mimicked WETH, USDC, and USDT. Once the bot interacted with those fake tokens, the attacker triggered an approval — essentially tricking the bot into letting the attacker spend its real tokens. Blockaid described it as a patient, surgical social-engineering attack on an automated system.
The operator's $1 million counteroffer
After the heist, the attacker swapped the stolen assets for about 4,400 ETH and moved 1,000 ETH into Tornado Cash, the privacy mixer. The bot’s operator publicly offered a $1 million bounty for the return of the funds, but so far no deal has been struck. Security researchers are watching the remaining ETH — roughly 3,400 — for any movement.
A bot known for burning gas
JaredFromSubway isn’t your average MEV bot. It’s one of Ethereum’s most active sandwich-attack systems — the kind that front-runs and back-runs trades to extract profit. In April 2023, it famously burned over $1 million in gas in a single day, making headlines for its aggressive strategy. That same reputation likely made it a high-value target.
MEV bots remain a target
The attack echoes a similar incident in 2023, when a rogue validator drained about $25 million from MEV sandwich bots. That case also involved tricking the bots rather than exploiting code flaws. This week’s hit shows that even the most profitable MEV operators are vulnerable to off-chain social engineering — and that the attackers are getting more creative with fake contracts. The question now is whether the JaredFromSubway operator will pay up, or if the remaining ETH will also end up in a mixer.
