The MEV bot JaredfromSubway.eth, known as one of Ethereum’s most aggressive sandwich attackers, was drained of at least $7.5 million in a counter-exploit between June 20 and 21, 2026. Blockchain analytics firm Chainalysis and security company BlockSec confirmed the incident, with estimates of the loss ranging up to $15 million.
The attacker deployed 66 fake token contracts that mimicked real assets on decentralized exchanges. The bot, which had been operating since 2023, routinely scanned the mempool for profitable sandwich opportunities and automatically granted token-spending approvals to what it perceived as legitimate trading pairs. Because the bot never revoked these approvals, it accumulated unlimited permissions over time.
Once enough authorizations were gathered, a tripwire contract executed, emptying the bot’s wallet of Ether and stablecoins in a single coordinated transaction. The attacker immediately converted all stablecoins to ETH to prevent issuers from freezing funds, then split the proceeds across multiple wallets before sending them through Tornado Cash, a decentralized mixing protocol, to break on-chain traceability.
Chainalysis’s Reactor tool tracked the movement, concluding that the bot prioritized execution speed over security, skipping basic checks on block explorers like Etherscan that would have revealed the fraudulent contracts. As of the report, none of the stolen funds have been recovered.
