Picture of the author

区块Explorer

06/21 10:31

Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap

An attacker drained roughly $7.5 million from the JaredFromSubway MEV bot, one of Ethereum’s most active sandwich-attack systems, after tricking it into approving token spending it never should have granted.

Security firm Blockaid, which flagged the incident, said the bot was not hit by a smart-contract bug, a phishing attack, or a private-key leak. Instead, the attacker turned the bot’s own profit-seeking logic against it.

How the MEV Bot was Tricked

The JaredFromSubway MEV bot runs an automated strategy that scans Ethereum’s mempool for profitable trades. The practice is known as maximal extractable value.

The bot front-runs and back-runs other trades to capture the price difference, a tactic called a sandwich attack.

It became infamous in April 2023. In one day, it burned over $1 million in gas, nearly 8% of all Ethereum gas spending.

I remember in 2023 jaredfromsubway was making ~$1M per day front running memecoin traderswas truly fascinating https://t.co/udufw39Zry pic.twitter.com/KL5q4ZIfrq

— good (@thenarrator) June 20, 2026

The attacker spent weeks deploying 66 counterfeit token contracts. The fakes imitated Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).

#PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT. The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash pic.twitter.com/qY6IVDdnGJ

— PeckShieldAlert (@PeckShieldAlert) June 20, 2026

To the bot, these contracts looked like the routes it was built to chase. It took the bait and approved spending to attacker-controlled helper contracts. One approval alone handed over more than 92 WETH.

A final contract then used those open allowances to sweep real funds from the bot.

A Reverse-MEV Trap

The trap turned the bot’s speed and aggression into a weakness. Hunting MEV bots is not new. In 2023, a rogue validator drained about $25 million from MEV sandwich bots.

“attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds,” Blockaid indicated.

Sandwich attacks like these have long drawn criticism for acting as an invisible tax on everyday traders.

The bot’s operator put the loss closer to $15 million. They also offered a $1 million bounty for the return of the funds. Blockaid and PeckShield valued the on-chain drain at about $7.5 million in WETH, USDC, and USDT.

The operator recovering anything may now depend on the attacker accepting that offer.
#2026 World Cup Posting Challenge on HTX Square#TradFi Trading Strategies Sharing Challenge#1$ Margin Trade
2Chia sẻ

Tất cả bình luận0Mới nhấtPhổ biến

avatar
Mới nhấtPhổ biến