tradingkey.logo
tradingkey.logo
Search

After a $7.5 Million Loss, Can Ethereum Finally Fix MEV?

CryptopolitanJun 22, 2026 10:48 AM
facebooktwitterlinkedin
View all comments0

The operator behind Jaredfromsubway.eth, one of Ethereum’s most prolific automated trading bots, offered a 50% white hat bounty on June 22 after a hacker drained more than $7.5 million from the bot’s wallet using a carefully constructed on-chain honeypot. It proves that bots that exploit regular traders can also be a target for cyber criminals.

The bot’s operator, known by the on-chain identity ae13, posted a message directly to the attacker: “Well played. We are willing to offer a 50% white hat bounty if you return the ETH to us in the next 48 hours. We will pursue all available legal and law-enforcement options.” The bounty asks for the return of 2,150 ETH to a specified address.

How the exploit happened

Security firm Blockaid discovered the hack and stated that the attack was one where “attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.”

According to Odaily, the attacker had been laying traps for weeks. In this attack, the attacker deployed 66 false token contracts and liquidity pools that were used to impersonate real tokens like WETH, USDC, and USDT. These pools generated artificial price spreads that looked like profitable arbitrage opportunities to the bot’s automated systems.

In executing trades on these pools, the bot approved token permissions for contracts under the control of the attacker, and these permissions were never withdrawn. Within one transaction, the attacker was able to execute a backdoor mechanism to steal from the bot’s portfolio.

According to PeckShield Alert, the attacker has stolen 1,474.58 WETH, 2.87 million USDC, and 2 million USDT. The attacker has converted portions of these tokens to 4,400 ETH and has already moved 1,000 ETH through Tornado Cash, a mixing service used to obscure transaction trails.

The bot that became a target

The bot Jaredfromsubway.eth managed to establish itself as one of the top sandwich attack bots on the Ethereum blockchain. A sandwich attack works by placing buy and sell orders around a victim’s pending transaction, profiting from the price movement the victim’s trade creates.

The bot’s scale was enormous. Research data cited by Odaily showed that between November 2024 and October 2025, Ethereum saw between 60,000 and 90,000 sandwich attacks per month. Roughly 70% of those were linked to Jaredfromsubway.eth’s strategy system. At peak activity, the bot generated hundreds of thousands of dollars in daily revenue. It once front-ran a transaction by Ethereum co-founder Vitalik Buterin.

The operator pointed out the irony of the situation in another post on X: “Got sandwiched myself. $15M drained in a reverse honeypot. Fake pools, fake tokens, my own bot approved the trap.”

The example of Jaredfromsubway.eth is an interesting case where two issues in the field of crypto security overlap: bots that earn money from small investors and hackers that exploit these bots for even greater payoffs.

Exploitation of cryptocurrency platforms and automation systems has risen exponentially. The hacking attacks that North Korea-based criminal entities made on DeFi platforms amounted to more than $1 billion based on Chainalysis figures. It is common practice for companies to pay white-hat bounties after theft; however, their success rates have not always been high. In January 2022, Qubit Finance offered a bounty of $2 million to retrieve their $78 million hack. The attacker did not accept the offer.

Mitigating some of the negative impacts of MEV

Ethereum users often grant smart contracts permission to spend tokens on their behalf through a mechanism known as a token approval. Instead of approving every individual transaction, users frequently authorize a decentralized exchange or application to access a large amount—or even an unlimited amount—of a token. This improves convenience but creates a security risk if the approved contract is compromised or malicious. Approvals remain active until they are explicitly revoked, even if the user disconnects their wallet from the application.

This example also draws attention to the impact of maximal extractable value (MEV) on the Ethereum blockchain. MEV is a type of profit earned from controlling the order, inclusion, or exclusion of transactions within the block. Specialized traders known as “searchers” run automated bots to find profitable opportunities in pending transactions, such as arbitrage, liquidations, or front-running trades. According to Ethereum’s documentation, “generalized frontrunners” are bots that monitor the mempool, copy profitable transactions, substitute the destination address with their own, and submit a new version before the original transaction.

Earlier, Cryptopolitan reported that crypto investor and commentator David Gokhshtein said, “We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news.”

A lot of professional searchers tend to utilize private relay networks, such as Flashbots to route transactions as it helps to avoid the risks of competing bots copying or frontrunning their strategies. The Flashbots project was launched as a solution for mitigating the negative impact of MEV extraction while providing infrastructure for searchers and validators.

Labeling post-theft negotiations as “white hat bounties” has faced backlash from the security community.

Whether the Jaredfromsubway.eth attacker will accept the 50% offer remains unclear. With 1,000 ETH already routed through Tornado Cash, the clock is running against the 48-hour deadline.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.

Disclaimer: The information provided on this website is for educational and informational purposes only and should not be considered financial or investment advice.

Comments (0)

Click the $ button, enter the symbol, and select to link a stock, ETF, or other ticker.

0/500
Commenting Guidelines
Loading...

Recommended Articles

tradingkey.logo
* References, analysis, and trading strategies are provided by the third-party provider, Trading Central, and the point of view is based on the independent assessment and judgement of the analyst, without considering the investment objectives and financial situation of the investors.
Risk Warning: Our Website and Mobile App provides only general information on certain investment products. Finsights does not provide, and the provision of such information must not be construed as Finsights providing, financial advice or recommendation for any investment product.
Investment products are subject to significant investment risks, including the possible loss of the principal amount invested and may not be suitable for everyone. Past performance of investment products is not indicative of their future performance.
Finsights may allow third party advertisers or affiliates to place or deliver advertisements on our Website or Mobile App or any part thereof and may be compensated by them based on your interaction with the advertisements.
© Copyright: FINSIGHTS MEDIA PTE. LTD. All Rights Reserved.