The Jaredfromsubway MEV bot — one of Ethereum's most aggressive sandwich attack operators — lost more than $7.5 million this week after an attacker exploited its automated approval system. The theft didn't involve a private key compromise or a bug in a popular DeFi protocol. Instead, the attacker spent weeks laying a trap that tricked the bot into granting token allowances that were later drained.
The weeks-long setup
According to on-chain records, the attacker deployed imitation tokens, liquidity pools, and supporting contracts that mimicked markets the bot normally trades against. These fake markets generated signals that looked profitable to the bot's automated system. Over time, the bot approved transactions that left unused ERC-20 allowances — standard permissions that let a contract spend tokens on the user's behalf.
How the drain worked
Once those allowances were in place, the attacker used the transferFrom function to move real assets out of the bot's contract. The haul included about 92 WETH, $143,000 in USDC, and $149,000 in USDT — totaling over $7.5 million at current prices. The attacker didn't need to crack the bot's keys or exploit a protocol flaw; they simply abused permissions the bot itself authorized.
Funds routed through Tornado Cash
Blockchain data shows that some of the stolen proceeds were subsequently sent through Tornado Cash, the crypto-mixing service. Using a mixer makes it harder to trace the funds, though it doesn't guarantee anonymity. The move suggests the attacker was trying to obscure the trail from the outset.
A costly blind spot for automated traders
The Jaredfromsubway bot has operated since 2023 and became one of the most dominant players in Ethereum's maximal extractable value (MEV) market. At its peak, it was responsible for roughly 70% of all Ethereum sandwich attacks — a practice that extracted an estimated $60 million annually from traders. The incident underscores a vulnerability inherent to automated trading systems: they must evaluate markets, authorize contracts, and execute transactions in seconds, often without the ability to distinguish genuine opportunities from carefully constructed decoys.
The operator of the bot has not publicly commented on whether it plans to adjust its trading algorithms. For now, the attack stands as a reminder that in MEV, the predator can become the prey.
