For almost three years, a single automated program was the nightmare of anyone trading on Ethereum. It had no face, no known owner, and it never slept. It read every pending transaction and, the moment it smelled profit, it slipped in front of ordinary users to skim a few dollars off each swap.
People called it JaredFromSubway.eth, and its reputation had grown so bad that much of the crypto community treated it like an invisible tax, paid unwillingly by anyone who touched a decentralized exchange.
Last week the hunter became the prey. The bot was lured into a trap built with patience and stripped of cryptocurrency worth roughly 7.5 million dollars. What sent the story rippling through the ecosystem was not the amount, sizeable as it is, but the way it fell. Nobody breached its contract, nobody stole its private key, and nobody fooled it with a phishing link. It was caught by the very thing that made it so efficient, namely its own logic of chasing profit at machine speed.
How the bot was drained
Over the weekend of June 20 and 21, 2026, several blockchain researchers noticed unusual movements in the wallets tied to the bot. On-chain analyst Specter was among the first to flag the outflow publicly, and not long after, the security firm Blockaid confirmed that its exploit-detection system had caught a transaction pulling WETH, USDC and USDT out of the contracts controlled by JaredFromSubway.
The numbers came into focus quickly. The attacker took out roughly 1,474 WETH, that is wrapped Ether worth around 2.6 million dollars, alongside 2.87 million dollars in USDC and close to 2 million in USDT. The total crossed the 7.5 million dollar mark, and on the blockchain everything stays visible for anyone who wants to follow the trail. The draining transaction can be inspected on Etherscan, as can the bot’s address, labeled jaredfromsubway: MEV Bot 2 and active since August 2024.
According to the analysis published by Cryptology.ro, the only sponsor-free crypto news and analysis outlet in Romanian, the case stuck in people’s minds precisely because of its irony. The bot that had spent years profiting from other people’s inattention was brought down because it failed to ask enough questions when it stumbled onto opportunities that looked too good to be true. Anyone who also wants to keep an eye on the market can check the live crypto prices at any time.
Who is JaredFromSubway.eth
The name sounds almost comic, yet the reference behind it is grim. The operator chose the nickname as a sour nod to Jared Fogle, the former face of the Subway sandwich chain who was later convicted of sex crimes. Neither the fast-food company nor its former ambassador had anything to do with the bot’s activity, but the choice of name says something about the provocative tone of whoever ran the operation.
Beyond the nickname, JaredFromSubway was a genuine technical phenomenon. It first became known in the spring of 2023, when in a single day it burned more than a million dollars in gas fees, nearly eight percent of everything the Ethereum network spent on fees that day. Later analyses credited it with a huge slice of this kind of activity. Industry reports linked the bot to roughly 70 percent of the sandwich attacks that took place on Ethereum between November 2024 and October 2025. The bot caught in the trap was the second iteration, and the two versions together processed somewhere around 6.4 million transactions.
If anyone still doubted how opportunistic the program had become, May 2026 cleared that up. The bot sandwiched a tiny transaction made by Vitalik Buterin himself, the co-founder of Ethereum. It staked more than 1.14 million dollars in fees just to slip in front of a swap worth only a few dollars, and the net gain was, again, a matter of a few dollars. It no longer had any refined way of picking targets. It simply hunted everything, no matter how trivial.
What a sandwich attack actually is
The term MEV comes from maximal extractable value, the largest value that can be squeezed out of how transactions are ordered. On a transparent blockchain, transactions do not execute instantly. They sit in a waiting area called the mempool before they make it into a block, and whoever assembles the block decides which transactions go in and in what order. If you can see what others intend to do before their action becomes final, you can profit from that knowledge.
The sandwich attack is the best-known form of the strategy. The bot spots a large pending order, one that will push a token’s price in a predictable direction. It places itself in front of that order first, buys at the old price and nudges the quote upward. The victim’s transaction then executes at a worse price than expected. Right after, the bot sells at the inflated price and pockets the difference.
The cost of this behavior to Ethereum users has been estimated at around 60 million dollars a year, money taken not through a spectacular heist but a little at a time, from tens of thousands of people who never realized what happened.
How the honeypot trap worked
To bring down a system like this, the attacker did not go looking for a classic vulnerability. He studied the bot’s behavior and built it a fake environment where the program’s own logic would turn against it. Blockaid described the whole operation as a counter-MEV honeypot, a baited trap aimed squarely at those who hunt extractable value. Raz Niv, the firm’s chief technology officer, was blunt in explaining that this was not phishing, not a compromised private key, and not a bug in the victim contract’s code.
Setting it up took weeks of patience. The attacker created 66 fake token contracts designed to mimic the names and interfaces of real assets such as WETH, USDC and USDT. Each imitation was paired with a fake liquidity pool, and the trading routes were arranged so the bot’s automated system would read them as legitimate arbitrage opportunities. A coordinator contract kept track of the blocks prepared for the strike, while a central contract paid out small, real profits now and then, just enough to keep up the impression that everything was working.
The first phase was about building trust, odd as the word sounds applied to a machine. The bot was allowed to earn small but real profits on the fake pairs, and for a system that bases its decisions on simulating profit, that was enough to mark those routes as trustworthy. The second phase slipped in the poison, through routes that left the approvals unused.
Why ERC-20 approvals matter
On Ethereum, when a contract wants to use someone else’s tokens, it needs a permission known as an approval. It is a bit like giving someone access to part of your account, with the note that they can withdraw up to a certain amount. The catch is that the permission does not vanish on its own once the transaction is done. It stays open until someone explicitly revokes it.
The bot granted approvals to helper contracts controlled by the attacker, certain it would use them on the spot. On the test routes that is exactly what happened. On the poisoned routes, however, the approvals stayed active. A single such permission opened access to more than 92 WETH, and as the bot touched more and more fake pairs, the list of open approvals grew like a set of keys left in their locks.
The final blow came in one transaction. The attacker called the drain function on the coordinator contract, and each contract holding an open approval simply transferred the real tokens to the attacker, through the transferFrom command.
As Mihai Popa, crypto analyst and journalist at Cryptology.ro, noted, part of the stolen funds were later routed through the Tornado Cash mixer, the tool typically used to make it harder to trace money on-chain. The technical takeaway is one every bot developer should hold on to. Simulated profit is not enough to decide whether a route is safe.
How the ecosystem reacted
The most surprising reaction came from the bot’s own operator. Through an on-chain transaction, he sent the attacker a message written directly in the data field of the transfer. He acknowledged the strike had been well executed, then demanded back 2,150 ETH, roughly half the stolen sum, within 48 hours, under the threat of legal action. A program accused for years of pulling value out of other people’s pockets was now invoking the law to recover money it had lost in a trap.
On-chain messages also surfaced from people who presented themselves as victims of the bot’s operations. At least one user called the attacker a white-hat Robin Hood, a nod to the idea of an ethical hacker stealing from the powerful. The fact that almost nobody rushed to defend the bot shows how deep the resentment toward toxic MEV runs. As with any major crypto event, scammers appeared almost immediately, posting fake bounty offers, and the publication Cointelegraph even reshared one of them at one point before deleting the post.
What the case means for ordinary users
For someone who only buys and sells crypto now and then, the story might look like an internal feud between bots and hackers. The practical lessons, though, sit closer to home than that. The mechanism that brought the bot down, those open approvals, is a constant source of risk for individual users too. Every time we connect a wallet to a decentralized application and approve token spending, we leave a door ajar. If the application turns out to be malicious or gets compromised later, the permission can be turned against us.
Regularly checking and revoking active approvals remains one of the most useful digital hygiene habits around, and there are free tools that show exactly which contracts have access to our funds. There is a reassuring side, too. The same transparency that lets MEV bots profit from other people’s transactions also let researchers reconstruct the entire trap step by step in just a few hours. On an open system, nothing stays hidden for long, neither the predator’s gain nor its downfall.
A very modern parable
The JaredFromSubway story reads like a parable. A system that profited for years from other people’s inattention was undone by its own programmed greed. The attacker needed no brute force, only an understanding of an adversary that was predictable precisely because it was automated. The bot always did the same thing when it smelled profit, and that constant reflex became its fatal weakness.
The case is no isolated accident. Back in 2023, a rogue validator drained roughly 25 million dollars from several sandwich bots by abusing his privileged position in block building. The difference lies in the method. The 2026 attack needed no special privilege over the network, only patience, fake contracts and a fine grasp of how an arbitrage bot thinks. As more and more decisions are handed to automated agents, the attack surface is no longer just the code but the operating logic of these systems. The hunt will most likely continue, only now the predators have one more reason to eye every opportunity that looks too easy to be real.
FAQ
What is JaredFromSubway.eth? It is one of the best-known and most active MEV bots on Ethereum, specialized in sandwich attacks. It was linked to roughly 70 percent of such attacks between November 2024 and October 2025 and processed around 6.4 million transactions across its two iterations. The name is a reference to Jared Fogle, the former Subway spokesperson, with no connection to the fast-food company itself.
How much did the bot lose and which tokens were taken? The total loss exceeded 7.5 million dollars. The attacker extracted roughly 1,474 WETH, worth about 2.6 million dollars, along with 2.87 million dollars in USDC and close to 2 million dollars in USDT.
What is a counter-MEV honeypot attack? It is a trap built specifically to fool a bot that hunts extractable value. The attacker creates a fake environment of fake tokens and liquidity pools that look like profitable opportunities. The bot interacts with them believing it is doing normal arbitrage, but in the process it grants permissions the attacker then uses to drain its contracts.
How was the bot drained without breaking its contract? The weakness was not in the code but in the bot’s logic combined with how ERC-20 approvals work. The bot granted attacker-controlled contracts permission to spend its tokens. On test routes the approvals were consumed immediately, but on poisoned routes they stayed open. The attacker collected enough of these permissions and used them in a single transaction to move the real funds.
What is a sandwich attack? It is a form of MEV where a bot spots a large pending transaction, places itself in front of it to push the price, lets the victim’s trade execute at a worse rate, then sells right after to capture the difference. The practice costs Ethereum traders an estimated 60 million dollars a year.
What can ordinary users learn from this case? The biggest lesson concerns approvals granted to decentralized applications. Permissions left open are a constant source of risk, which is why regularly checking and revoking active approvals is a worthwhile habit. The case also shows that any automated system signing transactions based only on profit signals can be fooled by a convincing enough fake environment.
Based on the analysis originally published by Cryptology.ro.
