The well-known Ethereum MEV bot jaredfromsubway.eth was recently compromised by attackers who exploited its automated trading logic, resulting in a loss of over $7.5 million. Security firm Blockaid stated that this incident was neither a traditional contract vulnerability nor a common phishing attack; rather, attackers used counterfeit tokens and liquidity pools to trick the bot into granting token authorization to a malicious auxiliary contract.

The attack was planned over several weeks.

According to Blockaid, the attackers deployed dozens of fake token contracts and fake liquidity pools over several weeks. These objects were packaged as seemingly profitable trading opportunities, and some even mimicked common assets such as WETH, USDC, and USDT.

Once the bot on jaredfromsubway.eth identifies these "opportunities," it automatically generates authorizations that allow related auxiliary contracts to use funds on its behalf. In early tests, these authorizations were used instantly during the transaction process; however, in a later design, attackers constructed paths where the authorizations remained valid.

Open licensing was used to transfer assets.

Once the authorizations persisted, the attackers gained continuous access to the funds. They then used these open authorizations to transfer WETH, USDC, and USDT from contracts controlled by jaredfromsubway.eth, totaling over $7.5 million.

On-chain data reviewed by CoinDesk shows that some of the stolen funds were subsequently transferred to Tornado Cash. The report did not mention whether the funds have been frozen or recovered.

• Assets involved: WETH, USDC, USDT
• Losses: Over $7.5 million
• Partial destination of funds: Tornado Cash

MEV robots are hit by automation logic.

jaredfromsubway.eth is one of the most well-known mezzanine attack bots on Ethereum. A mezzanine attack involves a bot buying a stock before the user completes their transaction, then quickly selling it at a lower price to profit from the difference. While the loss per transaction may be small, it can create a hidden cost for the user in the long run.

The report cited data showing that between November 2024 and October 2025, Ethereum experienced approximately 60,000 to 90,000 mezzanine attacks per month, resulting in annualized losses of approximately $60 million for traders. About 70% of these attacks were related to jaredfromsubway.eth.

CoinDesk previously reported that this bot even performed a mezzanine operation on a small exchange by Ethereum co-founder Vitalik Buterin. At the time, it invested approximately $1.14 million in the frontrunner trade, ultimately only gaining about $4. This reflects the system's high level of automation, involving a wide-ranging scan of the mempool for insertable transactions.

This incident did not change the harm that mezzanine attacks cause to users, but it revealed another layer of risk: when a trading system relies on machine speed, pattern recognition, and automatic authorization of profit signals, this mechanism itself can also be exploited in reverse.