MEV bot Jaredfromsubway.eth lost over $7.5 million after DeFi exploit, Blockaid reported

One of the most prominent MEV bots in the crypto market, Jaredfromsubway.eth, suffered losses exceeding $7.5 million in a major exploit on Saturday. The attack reportedly stemmed from the manipulation of the bot’s automated trading infrastructure, a system that has generated substantial earnings for years.

How the attack unfolded

According to blockchain security firm Blockaid, the perpetrator deployed their own controlled contracts to deceive Jaredfromsubway.eth’s automated MEV execution system. These contracts enabled the bot to grant token spending approvals that were later abused, allowing the attacker to siphon off assets using these permissions.

MEV, or maximum extractable value, is a technique allowing bots or block producers to profit by monitoring unconfirmed blockchain transactions and rearranging their order. Jaredfromsubway.eth is a leading MEV bot, and its activities are sometimes viewed as a source of additional costs for decentralized finance (DeFi) participants.

Mini glossary: MEV refers to extra income extracted by block producers or bots by deciding the inclusion and ordering of transactions in a block. Sandwich attacks are a method in which a user’s transaction is sandwiched between two malicious trades, moving the price against the user’s interest.

Fake tokens and lingering permissions

Blockaid’s analysis revealed that the attacker created fake Wrapped Ether, fake USDC, and fake USDT trading routes, as well as fake Cap pairings. This elaborate setup convinced the bot system that lucrative trading opportunities existed. In response, the bot approved token spending permissions for actual assets to helper contracts under the attacker’s control.

Under normal circumstances, the bot’s spending permissions are consumed during the trading process. However, the attacker designed transaction routes to keep these permissions open. Once enough authorizations were accumulated, the attacker used the transferFrom method to withdraw WETH, USDC, and USDT directly from the bot’s contract in the final phase of the exploit.

Previous data and market reactions

Research from Cointelegraph previously indicated that sandwich attacks on the Ethereum network cause investors to lose around $60 million annually. The study found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks each month—approximately 70% of which were linked to Jaredfromsubway.eth.

Crypto investor and commentator David Gokhshtein weighed in on the incident, remarking that no one should take pleasure in this loss. However, he observed that users previously harmed by the bot’s activity may not sympathize with the recent news.

The post MEV bot Jaredfromsubway.eth lost over $7.5 million after DeFi exploit, Blockaid reported appeared first on COINTURK NEWS.