MEV bot Jaredfromsubway.eth lost over $7.5 million after DeFi exploit, Blockaid reported

One of the most prominent MEV bots in the crypto market, Jaredfromsubway.eth, suffered losses exceeding $7.5 million in a major exploit on Saturday. The attack reportedly stemmed from the manipulation of the bot’s automated trading infrastructure, a system that has generated substantial earnings for years.How the attack unfoldedFake tokens and lingering permissionsPrevious data and market reactions How the attack unfoldedAccording to blockchain security firm Blockaid, the perpetrator deployed their own controlled contracts to deceive Jaredfromsubway.eth’s automated MEV execution system. These contracts enabled the bot to grant token spending approvals that were later abused, allowing the attacker to siphon off assets using these permissions.Blockaid emphasized that the incident was neither a classic phishing attack nor a traditional smart contract vulnerability in the victim’s code.MEV, or maximum extractable value, is a technique allowing bots or block producers to profit by monitoring unconfirmed blockchain transactions and rearranging their order. Jaredfromsubway.eth is a leading MEV bot, and its activities are sometimes viewed as a source of additional costs for decentralized finance (DeFi) participants.Mini glossary: MEV refers to extra income extracted by block producers or bots by deciding the inclusion and ordering of transactions in a block. Sandwich attacks are a method in which a user’s transaction is sandwiched between two malicious trades, moving the price against the user’s interest. Fake tokens and lingering permissionsBlockaid’s analysis revealed that the attacker created fake Wrapped Ether, fake USDC, and fake USDT trading routes, as well as fake Cap pairings. This elaborate setup convinced the bot system that lucrative trading opportunities existed. In response, the bot approved token spending permissions for actual assets to helper contracts under the attacker’s control.Under normal circumstances, the bot’s spending permissions are consumed during the trading process. However, the attacker designed transaction routes to keep these permissions open. Once enough authorizations were accumulated, the attacker used the transferFrom method to withdraw WETH, USDC, and USDT directly from the bot’s contract in the final phase of the exploit.The attacker specifically targeted the bot’s internal mechanisms, tricking it into recognizing profitable MEV opportunities and approving spending rights to attacker-controlled helper contracts.Previous data and market reactionsResearch from Cointelegraph previously indicated that sandwich attacks on the Ethereum network cause investors to lose around $60 million annually. The study found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks each month—approximately 70% of which were linked to Jaredfromsubway.eth.Crypto investor and commentator David Gokhshtein weighed in on the incident, remarking that no one should take pleasure in this loss. However, he observed that users previously harmed by the bot’s activity may not sympathize with the recent news.Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.