A sophisticated exploit targeting the Ethereum automation address Jaredfromsubway.eth has resulted in losses exceeding $7.5 million, according to blockchain analysts. The attack did not rely on a traditional software flaw but instead used a coordinated counter-MEV honeypot strategy to manipulate the bot’s trading behavior.
How the attack unfolded
Security data shows the attacker spent weeks preparing the operation by deploying 66 fake token contracts and liquidity pools designed to imitate widely used assets such as WETH, USDC, and USDT. These fake markets created convincing price discrepancies, effectively baiting the bot into executing trades.
During these interactions, the bot unknowingly approved a malicious auxiliary contract controlled by the attacker. Because the permissions were never revoked, the attacker was later able to trigger a transaction that drained all funds from the address in a single move.
Blockchain records confirm that roughly $7.5 million in ETH and stablecoins was removed and subsequently routed through multiple wallets and obfuscation services to hide the trail.
A major player in Ethereum trading
Jaredfromsubway.eth had been one of the most active automated arbitrage systems on Ethereum. It was widely known for executing large volumes of sandwich attacks, a trading strategy that profits from placing orders around other transactions within the same block.
Network data shows that between November 2024 and October 2025, Ethereum processed between 60,000 and 90,000 sandwich attacks each month, with about 70% linked to this single system. At its peak, the bot reportedly generated hundreds of thousands of dollars in daily revenue.
The system even interacted with high-profile transactions. In May 2025, a trade involving Ethereum co-founder Vitalik Buterin was front-run by the same bot using its established logic. Analysts estimate the bot generated tens of millions of dollars in total profits over its lifetime.
Fake account adds confusion
Following the exploit, a social media account on X renamed itself to Jaredfromsubway.eth and falsely claimed to offer a $1 million bounty for recovering the funds. Developers quickly warned that the account was not مرتبط with the compromised address and could be part of a scam.
A new type of threat
Analysts emphasize that this attack represents a shift in blockchain security risks. Rather than exploiting buggy code, the attacker targeted the bot’s predictable decision-making process. The system was effectively tricked into acting against its own interests.
The case highlights how automated trading systems, especially those interacting with unknown contracts, can be vulnerable to behavioral manipulation. As MEV strategies continue to dominate on-chain activity, the concentration of funds in such systems may increasingly make them attractive targets.
The incident underscores a growing reality in crypto markets: systems designed to exploit trading opportunities can themselves be exploited when their logic becomes predictable.
Learn how exchanges reduce hack risk—explore Toobit’s protective crypto safety standards every trader should know before your next automated strategy.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
