The attacker spent weeks constructing a scheme that involved deploying dozens of counterfeit token contracts and fake liquidity pools—collections of tokens locked on a decentralized exchange—that appeared to offer profitable trades. Some of these mimicked well‑known assets such as wrapped ether (WETH) and stablecoins USDC and USDT.
The bait worked as intended. Jaredfromsubway.eth’s bot identified what seemed to be MEV opportunities and automatically granted approvals for the attacker’s helper contracts to spend tokens on its behalf. While early tests used those approvals immediately, the attacker later created transaction routes that left the approvals open.
These lingering approvals gave the attacker continuous permission to move funds. Exploiting this, they transferred WETH, USDC and USDT out of Jaredfromsubway.eth’s contracts, draining more than $7.5 million.
On‑chain analysis by CoinDesk shows that a portion of the stolen assets was subsequently sent to Tornado Cash.
The irony of the situation was unmistakable.
Jaredfromsubway.eth has long been a prominent example of toxic MEV on Ethereum. Sandwich attacks are estimated to cost traders around $60 million annually, with 60,000 to 90,000 such attacks occurring each month between November 2024 and October 2025.
Also Read
- New Stablecoin Rules Force Issuers to Operate as Regulated Financial Institutions, Creating Barrier for Smaller Players
- AIChatbots and Delusional Beliefs: A New Framework for Understanding
- Ethereum’s Jaredfromsubway MEV bot drained after approving its own $7.5M theft
- Turkish lira stablecoins show why Europe’s regulated euro tokens may struggle
