Table of Contents
ToggleThe MEV bot, which makes a living by "taxing" retail investors, has now become the victim of a retail investor scam. JaredFromSubway, a well-known sandwich attack bot on the Ethereum blockchain, was recently wiped out of approximately $7.5 million worth of WETH, USDC, and USDT by an attacker who devised a sophisticated reverse trap.
Security company Blockaid immediately flagged the incident, emphasizing that the vulnerability did not stem from flaws in smart contract code, phishing, or private key leaks, but rather from attackers weaponizing the bot's own greedy logic to use against it.
66 fake contracts, a plan laid out over several weeks to achieve a single, decisive victory.
The attacker's preparations lasted for weeks. He deployed 66 fake token contracts, which precisely mimicked the appearance of three major assets: Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).
JaredFromSubway's core logic is to continuously scan the Ethereum memory pool, automatically identifying and following arbitrage paths for highly liquid tokens. These fake contracts appear identical to real paths to the bot, which "smells" the opportunity as usual and immediately approves the disbursement of tokens to an auxiliary contract controlled by the attacker.
Blockaid states, "An attacker-controlled contract tricked the automated MEV execution system into granting token authorizations, which were subsequently used to withdraw funds." A single authorization alone surrendered over 92 WETH. The final contract used these granted authorizations to wipe out all real assets from the bot's wallet in one go. On-chain transactions can be viewed on Etherscan .
From "harvester" to "harvested"
Since becoming active in early 2023, JaredFromSubway has executed hundreds of thousands of sandwich attacks, with peak gross revenue estimated at $34 million to $40 million. At the height of MEV's popularity, approximately 70% of all sandwich attacks on the Ethereum network each month originated from this bot.
Its notoriety even extended to Vitalik Buterin himself. In May 2026, JaredFromSubway launched a sandwich attack on Vitalik's token exchange, using over $1.14 million worth of WETH to sandwich it.
This reversal has a strong "Karma" connotation: the robot's competitive advantage lies in its speed and aggression, while the attackers have turned these two points into weaknesses. The faster the robot reacts, the sooner it falls into the trap.
This is not the first time a similar "MEV Bot hunting" incident has occurred. In 2023, a malicious validator used the same logic to steal about $25 million from multiple sandwich bots; this time the method is more sophisticated, using dozens of fake contracts instead of a single point of attack.
The extent of the losses is questionable; can the million-dollar reward be recovered?
Both Blockaid and PeckShield's on-chain analyses estimated the losses at approximately $7.5 million. However, the designer of JaredFromSubway later claimed that if indirect on-chain losses were included, the total losses would approach $15 million. He has offered a $1 million bounty on the condition that the attackers return the funds.
However, historically speaking, the chances of getting this money back are not high at present.
Related reports
Solana MEV Ecosystem Explained: Timeline, Types, Data, and Mitigation Mechanisms
