Skip to content
Est. MMXXVIVol. VI · № 298RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 297Other

jaredfromsubway.eth MEV Bot Honeypot Drain

A counter-MEV honeypot tricked Ethereum's most active sandwich bot, jaredfromsubway.eth, into approving 66 fake-token contracts, draining about $7.5M in WETH, USDC and USDT.

Date
Victim
jaredfromsubway.eth
Chain(s)
Ethereum
Status
Funds Stolen

On June 20, 2026, jaredfromsubway.eth — long the most active "sandwich" MEV bot on Ethereum — was drained for approximately $7.5 million in an ironic counter-MEV honeypot that turned the bot's own trading logic against it. Rather than exploit a contract bug or steal a key, the attacker spent weeks staging fake markets that lured the bot into granting token approvals it could never get back.

What happened

The operator deployed 66 counterfeit token contracts that mimicked the names and interfaces of WETH, USDC and USDT, then paired them with fake liquidity pools. To the bot's opportunity-detection engine, the routes looked like the profitable sandwich trades it is built to front-run and back-run, so it approved 66 attacker-controlled helper contracts to spend its real tokens. In small test runs the approvals were consumed inside the trade as expected; but in larger bait transactions the attacker structured the routes so the approvals stayed open. On-chain data showed a single sweep at 18:49 UTC moving 1,474.58 WETH, about 2.87 million USDC and roughly 2 million USDT to an attacker address. Security firm Blockaid, which surfaced the drain, characterized it as a counter-MEV honeypot — explicitly not phishing, a private-key compromise, or a smart-contract bug. An X account posing as the bot's operator claimed a $15 million loss and dangled a $1 million bounty, but on-chain observers flagged it as an impersonator; the credible figure is the ~$7.5M Blockaid traced.

Aftermath

The loss fell entirely on a single automated MEV bot — neither Ethereum's base layer nor any consumer-facing DeFi protocol was affected. No funds were recovered, and the bot's real operator confirmed only that fake pools and tokens had tricked it into approving helper contracts. The episode drew unusual schadenfreude across the community, given that jaredfromsubway.eth had itself extracted hundreds of millions from ordinary traders via sandwich attacks.

Why it matters

This is a clean example of automated agents being weaponized through their own incentives: a bot that blindly trusts any "profitable" route is only as safe as its weakest filter, and unlimited token approvals turn a single bad trade into a total drain. It rhymes with Banana Gun, where a trading bot's automation became the attack surface, and with Sushi's RouteProcessor2, where open approvals — not a protocol exploit — were the mechanism of loss. As more capital is delegated to autonomous on-chain agents, honeypots that bait machine logic rather than human victims become a distinct and growing class of attack.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/tech/2026/06/21/ethereum-s-biggest-sandwich-bot-drained-of-usd7-5-million-in-ironic-exploit
  2. [02]thedefiant.iohttps://thedefiant.io/news/hacks/jaredfromsubway-eth-mev-bot-drained-7-5-million-counter-mev-honeypot
  3. [03]unchainedcrypto.comhttps://unchainedcrypto.com/sandwich-bot-jaredfromsubway-eth-loses-7-5-million-to-its-own-trading-logic/
  4. [04]blog.thirdweb.comhttps://blog.thirdweb.com/jaredfromsubway-eth-mev-bot-exploited-for-7-5m-what-builders-need-to-know/
  5. [05]theblock.cohttps://www.theblock.co/post/405464/notorious-jaredfromsubway-mev-bot-drained-for-roughly-7-5-million-in-counter-mev-honeypot
  6. [06]bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/

Related filings