Jaredfromsubway.eth MEV bot drained for $7.5M in counter-MEV trap

The MEV bot known on-chain as jaredfromsubway.eth — responsible for roughly 70% of Ethereum sandwich attacks over the last year — was emptied of more than $7.5M in WETH, USDC and USDT over the weekend, after an attacker spent weeks farming token approvals from the bot itself and then triggered every approval in a single sweep transaction. Security firm Blockaid, which first published the on-chain analysis, calls it a "counter-MEV honeypot attack." Some of the proceeds were routed through Tornado Cash.

What happened

Per the CoinDesk write-up published June 21 and the parallel breakdown on crypto.news, the attacker did not exploit a contract bug in the MEV bot. They exploited its automation.

Jaredfromsubway.eth's execution contract — a private, unverified Solidity backend that lives at 0x6b75d8af000000e20b7a7ddf000ba900b4009a80, the address Etherscan labels jaredfromsubway: MEV Bot — scans the mempool for sandwichable swaps and grants approve calls to "helper" contracts as part of its routing. The trade is supposed to be: open the approval, use it within the same transaction, end the block flat.

The attacker spent several weeks doing the legwork. They deployed 66 counterfeit token contracts that mimicked the look and behaviour of WETH, USDC and USDT, then paired them with fake liquidity pools that surfaced apparently profitable arbitrage routes the bot would want to sandwich. In early test trades, the bot opened approvals, used them inside the trade, and closed clean. Once the bot was conditioned to trust those helper contracts, the attacker changed the routing pattern so that the approvals stayed open after the trade settled.

Then, in a single transaction, the attacker called all 66 backdoors at once and pulled WETH, USDC and USDT out of jaredfromsubway.eth's contracts.

Raz Niv, CTO of Blockaid, told CoinDesk the bot itself had "no contract vulnerability" — the attacker simply got it to consent to its own draining, "and then in a single transaction the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses."

On-chain trail

• Victim contract (MEV bot backend): 0x6b75d8af…b4009a80 — Etherscan label jaredfromsubway: MEV Bot.
• Operator EOA (the ENS reverse-resolves here): 0xae2Fc483…5ba1FaE13 — jaredfromsubway.eth.
• Attacker funnel wallet: address starting with 0x3e37…, identified by Blockaid as the recipient of the sweep, with subsequent transfers totalling roughly 92 WETH, $143,000 USDC and $149,000 USDT moving out of a contract linked to the bot in the public on-chain record.
• Mixer leg: a portion of the drained funds were sent into Tornado Cash. The remainder sits in the attacker's downstream wallets at time of writing.

We could not independently confirm a single canonical "sweep" tx hash from the available reporting — the precise final transaction is what's being characterised as "one tx, 66 backdoors" but neither Blockaid nor the major outlets have yet published the hash. Track it from the contract's outflows above.

Numbers

- Total drained                   : ~$7.5M (Blockaid estimate)
   WETH                            : ~1,474.58 WETH
   USDC                            : ~2.87M USDC
   USDT                            : ~2.0M USDT
- Counterfeit ERC-20 contracts    : 66 (mimicking WETH/USDC/USDT)
- Setup window                    : several weeks of conditioning swaps
- Sweep                           : single transaction, 66 approval call-ins
- Mixer leg                       : partial routing through Tornado Cash
- Source of breakdown             : Blockaid (Raz Niv, CTO) + on-chain

The operator behind jaredfromsubway.eth publicly contested the total, putting the loss closer to $15M; Blockaid's figure of ~$7.5M is the one currently reflected in the on-chain breakdown and is what we use here.

Skeptical attribution

No named actor has been linked to the attacker wallet. The multi-week conditioning of the bot, the patience to wait for 66 routes to stay "trusted," and the deliberate Tornado-Cash exit are consistent with an operator who reads the mempool for a living. No public Chainalysis or TRM labelling at time of writing, and no overlap with known DPRK tooling has been called out in the analyses. Until a labeler attaches a name, this is best read as an unattributed MEV-vs-MEV operator, not a syndicate.

Impact

• Sandwich-attack supply on Ethereum. Jaredfromsubway.eth was responsible for roughly 70% of Ethereum sandwich attacks during the last public counting window (Nov 2024 – Oct 2025), per the data cited in CoinDesk. Sandwich attacks cost mempool users an estimated ~$60M/year. Whether the bot returns at full capacity is now an open question — but the playbook used against it is now public.
• MEV infrastructure as an attack surface. Searcher backends sign approvals in fast loops by design. This is the first widely-publicised case of an attacker treating those approval flows as a multi-week honeypot, not a one-shot front-run. Other MEV searchers running similar auto-approval logic should re-audit their helper-contract whitelists immediately.
• Mempool users sandwiched between November 2024 and June 2026. No mechanism in the current incident returns extracted value to victims. The drained funds went from jaredfromsubway.eth's backend to an external attacker, not back to the users who originally paid the sandwich tax.

What to watch

1. Jaredfromsubway.eth's response. The operator publicly disputed the loss figure but has not announced whether the searcher will continue operating from the same backend. The next sandwich activity originating from 0x6b75d8af…b4009a80 will answer that.
2. The Tornado Cash deposits' downstream withdrawals. The mixed funds will eventually exit. Watch addresses tagged against the deposit and any CEX freezes referencing the 0x3e37… attacker wallet.
3. A canonical sweep tx hash. Expect Blockaid, Lookonchain or Arkham to publish the single "called all 66 backdoors" transaction. That hash will be the cleanest receipt of the mechanism — and the easiest reproducible artefact for anyone wanting to study the trap.
4. Copycat traps against other top sandwich searchers. The other large Ethereum searchers — wallets like beaverbuild, rsync-builder-linked back-runners, and the second-tier sandwich bots — sign similar approve flows. They are the obvious next targets.

Context — predator becomes prey

This is the largest-publicised case to date of a sandwich bot being beaten by its own automation. The closest precedent is the 2023 drain of an MEV bot operator by a malicious validator who reordered the bot's own bundle and stole ~$25M — but that was an in-block, single-tx event exploiting builder trust. The jaredfromsubway.eth drain is different: it required weeks of patient setup and exploits the bot's learned approval behaviour rather than a single block's mechanics.

It also continues a 2026 pattern where MEV-relevant infrastructure — searchers, sequencer code paths, builder relays — becomes the target rather than the attacker. The Aztec Connect rollup processor $2.19M proof drain on June 16 hit a deprecated proving system; the Raydium $1.34M legacy AMM exploit on June 10 hit a five-year-old vault. The jaredfromsubway.eth drain hits an arguably more controversial piece of the stack — predatory MEV — but the lesson is the same: anything that approves automatically is a programme; programmes can be tricked.

Sources:

• CoinDesk — Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit (June 21, 2026).
• crypto.news — JaredFromSubway MEV bot gets drained in $7.5m approval trap.
• BeInCrypto — Ethereum's Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap.
• CryptoSlate — Ethereum's Jaredfromsubway MEV bot drained after approving its own $7.5M theft.
• On-chain reference: jaredfromsubway: MEV Bot — 0x6b75d8af…b4009a80 (Etherscan) and jaredfromsubway.eth — 0xae2Fc483…5ba1FaE13 (Etherscan).