Hunter Becomes the Hunted: The Most Profitable MEV Bot Gets Hacked

Odaily星球日报Publicado a 2026-06-21Actualizado a 2026-06-21

Resumen

The prominent Ethereum MEV bot address Jaredfromsubway.eth suffered a targeted on-chain attack, losing over $7.5 million. The incident was identified as a "counter-MEV honeypot attack," where the attacker deployed numerous fake token contracts and liquidity pools over several weeks, mimicking mainstream assets like WETH and USDC to create seemingly profitable arbitrage opportunities. The MEV bot, designed to automatically detect and execute such trades, interacted with the malicious setup. During the process, it granted approvals to attacker-controlled contracts, which were not promptly revoked. The attacker later exploited these persistent permissions in a single transaction, draining the bot's holdings of ETH, USDC, and USDT. Jaredfromsubway.eth is known as one of Ethereum's most active and profitable MEV bots, primarily executing "sandwich attacks" to extract value from user transactions. Its operations have been linked to a majority of such attacks on the network. This event highlights the evolving security threats in crypto, demonstrating that even sophisticated, rule-exploiting systems can become targets of carefully designed behavioral traps. Following the theft, an impersonator account on X falsely claimed to offer a bounty for the return of the funds, prompting warnings from developers.

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

The well-known MEV Bot address Jaredfromsubway.eth, long active on the Ethereum network, was targeted in a highly sophisticated on-chain attack on Saturday, resulting in losses exceeding $7.5 million.

According to investigations by Blockaid and several on-chain analytics firms, this incident was not a traditional phishing attack or smart contract exploit. Instead, it was a "counter-MEV honeypot attack" specifically designed to target the operational logic of MEV Bots.

Over the preceding weeks, the attacker had systematically deployed 66 counterfeit token contracts and fake liquidity pools. These assets were meticulously disguised on-chain as mainstream stablecoins like WETH, USDC, and USDT, creating seemingly legitimate arbitrage trading pathways.

The attack chain unfolded step by step — the fake liquidity pools generated signals for "arbitrageable price gaps"; the MEV bot automatically identified the arbitrage opportunity and executed trades; during the transaction, the robot granted authorization to an auxiliary contract controlled by the attacker; this authorization was not promptly revoked, leading to persistent exposure of permissions; Ultimately, in a single transaction, the attacker triggered a pre-embedded backdoor logic, directly draining the ETH, USDC, and USDT held in the MEV bot's address.

On-chain data shows that the total value of assets stolen from Jaredfromsubway.eth in this attack has exceeded $7.5 million. The attacker subsequently split and transferred portions of the funds, further dispersing the flow through mixing tools.

Who is Jaredfromsubway.eth? The Most Notorious MEV Bot Address

The reason this attack is so notable today is that the victim, Jaredfromsubway.eth, is itself one of the most active, profitable, and notorious MEV Bots on the Ethereum network (if not the most).

Essentially, "MEV attacks" are a category of on-chain arbitrage behaviors revolving around "transaction ordering rights." On the Ethereum network, transactions enter the mempool to await block inclusion before being confirmed. Block builders or searchers can extract extra profit by adjusting transaction order, inserting transactions, or rearranging transactions within a block.

The most typical attack type is the "Sandwich Attack" — the attacker inserts buy and sell operations immediately before and after a user's transaction, profiting from the price slippage within a very short time frame. Such behavior is extremely common in high-liquidity DeFi trading pairs and constitutes one of the most fundamental profit models within the MEV ecosystem.

Jaredfromsubway.eth is precisely the most representative automated executor of this mechanism. Unlike traditional "single-point arbitrage bots," this MEV Bot resembles a highly industrialized MEV execution system. It continuously monitors unconfirmed transactions in the mempool, identifies in real-time transaction paths susceptible to being sandwiched, and completes transaction construction, Gas bidding, and order insertion within an extremely short time window, systematically capturing slippage profits.

Data from Cointelegraph Research shows that from November 2024 to October 2025, approximately 60,000 to 90,000 sandwich attacks occurred monthly on the Ethereum network, with about 70% related to the strategic system of Jaredfromsubway.eth.

In May of this year, when Ethereum co-founder Vitalik Buterin exchanged 26,544 DigitalBits (XDB), his transaction was also targeted and sandwiched by Jaredfromsubway.eth.

Regarding Jaredfromsubway.eth's historical revenue, there is no official statistic, but conservative estimates suggest that the address has accumulated MEV profits reaching tens of millions of dollars during its active periods. During some peak periods, its daily earnings could reach hundreds of thousands of dollars, and it consistently ranked near the top of Ethereum's MEV leaderboards.

Crypto Security Threats Intensify: Even Top Predators Are Not Spared

While one might muse that "the eagle-hunter finally got pecked," the hacking of Jaredfromsubway.eth has also sounded another alarm regarding risks in the cryptocurrency space.

In past perceptions, MEV Bots like Jaredfromsubway.eth belonged to the "predator" side of the on-chain ecosystem — they continuously capture slippage and arbitrage opportunities within user transactions through automated strategies, positioning themselves advantageously, arguably representing one of the most iconic types of attackers in the cryptocurrency market.

But this time, it became the one that was designed, lured, and ultimately harvested. Moreover, the attacker did not choose a traditional exploit path. Instead, they constructed a long-running "behavioral trap," allowing the MEV Bot's automated system to make progressively flawed decisions while fully complying with its own rules.

It must be acknowledged that even participants like Jaredfromsubway.eth, once most adept at "gaming the system," are now exposed to a broader attack surface.

Additionally, it is worth noting that after Jaredfromsubway.eth was hacked, an unknown X account with 94,000 followers changed its name to Jaredfromsubway.eth and falsely claimed it would "offer a $1 million bounty for the full return of all funds."

Several developers issued risk warnings, emphasizing that this account is not the official Jaredfromsubway.eth account (the MEV Bot team has no official account). They cautioned that this account might be used for scams subsequently and urged users to remain highly vigilant.

Preguntas relacionadas

QWhat type of attack did the MEV bot Jaredfromsubway.eth fall victim to, according to the article?

AThe article states that the MEV bot Jaredfromsubway.eth was targeted by a 'counter-MEV honeypot attack.' This was not a traditional phishing or smart contract exploit, but a sophisticated attack specifically designed to exploit the MEV bot's behavioral logic.

QWhat was the estimated total loss suffered by Jaredfromsubway.eth in this incident?

AAccording to on-chain data cited in the article, the total value of assets stolen from Jaredfromsubway.eth exceeded 7.5 million US dollars.

QAccording to the article, what is a 'Sandwich Attack' in the context of MEV?

AA 'Sandwich Attack' is described as a typical type of MEV attack. In this strategy, the attacker inserts buy and sell orders before and after a target user's transaction, respectively, to profit from the price slippage within a very short time window.

QWhat significant event involving Vitalik Buterin is mentioned in relation to Jaredfromsubway.eth?

AThe article mentions that in May of this year (presumably 2025), Ethereum co-founder Vitalik Buterin was targeted by Jaredfromsubway.eth when exchanging 26,544 DigitalBits (XDB) tokens.

QFollowing the hack, what fake action was taken by an unknown X account, and what warning was given?

AAn unknown X account with 94,000 followers changed its name to Jaredfromsubway.eth and falsely announced a '1 million US dollar bounty for the full return of all funds.' Developers issued warnings that this is not the official account (as the MEV bot team has none) and cautioned users to remain vigilant as the account might be used for scams.

Lecturas Relacionadas

2026 Altcoin Season Guide: Current Values & Market Signals, Is It Time to Prepare for Altcoin Season?

Altcoin Season Guide 2026: Signals & Timing Analysis This guide explores the dynamics of an "altcoin season," defined as a 90-day period where at least 75% of the top 50 cryptocurrencies outperform Bitcoin (BTC). Historically signaling capital rotation from BTC to alternative assets ("alts"), these periods have evolved. Key differences for the 2026 market cycle include the "ETF Wall," where institutional capital via spot Bitcoin ETFs may remain concentrated in BTC, potentially slowing a broad altseason. A genuine, sustainable altseason now likely requires BTC profit-taking combined with new retail and on-chain liquidity entering the wider market. Analysts use tools like the Altseason Index (values >75 indicate an altseason) but also monitor key pairs like ETH/BTC and SOL/BTC for confirmation. Additional signals include a declining Bitcoin Dominance rate (ideally below 40-50%), accelerating altcoin total market cap growth, and surges in trading volume and social sentiment for alts. Modern altseasons are increasingly narrative-driven and selective, not uniform across all coins. Capital typically rotates in stages: from BTC to major altcoins (like ETH), then into leading narratives (e.g., AI, RWA, DePIN), and finally into mid/small-cap projects and meme coins. The peak phase is often marked by extreme greed, parabolic rises, and high leverage, serving as a cautionary signal. For preparation, investors are advised to build a quality watchlist based on fundamentals, product traction, and team strength. Strategies should include portfolio diversification, disciplined risk management (position sizing, stop-losses, stablecoin reserves), and capitalizing on sector rotations rather than chasing past winners. While precise timing is uncertain, historical patterns suggest strong altcoin rallies often follow Bitcoin halvings by 12-30 months. For the 2024 halving cycle, 2026-2027 could present favorable conditions if supported by macro liquidity, technological narratives, and a sustained drop in Bitcoin Dominance. A true, broad altseason is unlikely if Bitcoin experiences a sharp crash (>20%), as capital tends to flee the entire crypto market.

Foresight NewsHace 49 min(s)

2026 Altcoin Season Guide: Current Values & Market Signals, Is It Time to Prepare for Altcoin Season?

Foresight NewsHace 49 min(s)

This Might Be the Most Stunning Image at This Year's WAIC!

This article introduces Shangtang's newly released multimodal AI model, **SenseNova U1 Pro**, unveiled at WAIC 2026. The model is highlighted for its ability to generate **native 8K-resolution images** with exceptional detail and coherence, even in extremely wide-format compositions. It goes beyond simple image generation by employing a **"图文交错思维" (interleaved image-text reasoning)** workflow, where it can plan, sketch, refine, check, and correct its outputs to achieve a final, deliverable result. Key capabilities demonstrated include generating a long 8K scroll depicting the 9-year history of WAIC, a detailed 24 solar terms illustration, a complex academic poster, a琉璃 (colored glaze)-style landscape, and a ready-to-use movie poster. The model handles intricate prompts involving layout, text clarity, material textures, and stylistic consistency. The article draws a parallel between this evolution in image generation and the progression seen in AI coding—from simple code completion to autonomous project delivery. U1 Pro represents a shift from generating single images to providing **complete content delivery systems** for professional scenarios like infographics, urban planning, and commercial design. While challenges like generation time and professional workflow integration remain, the model signifies a move towards multimodal AI agents that are accountable for producing usable, high-quality outputs.

marsbitHace 2 hora(s)

This Might Be the Most Stunning Image at This Year's WAIC!

marsbitHace 2 hora(s)

How Did This Round of Deleveraging in the Korean Stock Market Occur?

This article details the timeline and mechanisms behind the deleveraging event in the South Korean stock market, focusing on the KOSPI index from late June to mid-July. The core trigger was the market's structure, heavily concentrated in Samsung Electronics and SK Hynix, which comprised over half of the KOSPI. The situation was amplified by the May 27th launch of single-stock double-leveraged ETFs on these two companies, which attracted massive retail investment and concentrated risk. The process unfolded in eight stages: 1. Initial price collapse on June 23rd after regulatory warnings, but without significant debt reduction. 2. A rebound from June 24-25 fueled by retail buying and ETF rebalancing, which actually increased leverage. 3. Foreign and institutional investors selling from June 26-30, with domestic retail investors becoming the marginal buyers, transferring risk to household balance sheets. 4. A shift in global semiconductor sentiment from July 1-3, causing leveraged ETFs to systematically sell during declines. 5. The market failing to rally on strong earnings (July 6-8), signaling a turn from technical correction to concerns over peak profitability. 6. A rise in forced liquidations and the cross-listing of SK Hynix ADRs, spreading leverage risks to US and Hong Kong markets (July 9-10). 7. A cascade of synchronized selling from various players on July 13th, followed by a mechanical, ETF-driven rebound. 8. Institutionalization of deleveraging on July 16th, marked by an interest rate hike and new regulatory restrictions on single-stock leveraged products. The author concludes this was not a simple semiconductor correction but a negative feedback loop involving foreign capital rebalancing, retail margin trading, daily ETF rebalancing, forced liquidations, shifting industry expectations, and tightening monetary and regulatory policy. Leveraged ETFs acted as a critical amplifier, not the initial spark. The price decline (-25%) far exceeded the reduction in margin debt (-11%), indicating the deleveraging was primarily expressed through asset prices rather than immediate balance sheet repair.

marsbitHace 2 hora(s)

How Did This Round of Deleveraging in the Korean Stock Market Occur?

marsbitHace 2 hora(s)

Trading

Spot
活动图片