Original | Odaily Planet Daily (@OdailyChina)
Author|Azuma (@azuma_eth)
The well-known MEV Bot address active on the Ethereum network, Jaredfromsubway.eth, suffered a highly targeted on-chain attack on Saturday, resulting in losses exceeding 7.5 million dollars.
According to investigations by Blockaid and several on-chain analytics firms, this incident is not a traditional phishing attack or an exploit of smart contract vulnerabilities, but rather a "counter-MEV honeypot attack" specifically designed against MEV Bot behavior logic.
In the weeks leading up to the attack, the assailants systematically deployed 66 counterfeit token contracts and fake liquidity pools, carefully disguising these assets on-chain as mainstream stable assets like WETH, USDC, USDT, and creating seemingly real arbitrage trading paths.
During this process, the attack chain gradually unfolded—fake liquidity pools generated "arbitrage price difference" signals; the MEV bot automatically identified arbitrage opportunities and executed trades; the bot granted authorization to auxiliary contracts controlled by the attacker during the transaction process; the authorization was not revoked in time, resulting in sustained permission exposure; ultimately, the attacker invoked pre-installed backdoor logic in a single transaction, directly transferring assets such as ETH, USDC, and USDT held by the MEV bot address.
On-chain data shows that the total value of assets stolen from Jaredfromsubway.eth has exceeded 7.5 million dollars, and the attacker has since split and transferred some assets, further dispersing the funds using mixing tools.
Who is Jaredfromsubway.eth? The Most Notorious MEV Bot Address
The reason this attack has drawn attention is that the victim, Jaredfromsubway.eth, is itself one of the most active, profitable, and notorious MEV Bots on the Ethereum network (even without adding one).
The so-called "MEV attack" essentially centers around a type of on-chain arbitrage behavior concerning "transaction ordering rights." In the Ethereum network, transactions enter the mempool to await packaging before entering a block, and block builders or searchers can gain additional profits by manipulating transaction order, inserting trades, or reordering transactions within the block.
The most typical type of attack is the "sandwich attack"—the attacker inserts a buy operation before and a sell operation after a user's trade, completing arbitrage through price slippage in a short time. Such behavior is extremely common in DeFi high liquidity trading pairs and constitutes one of the most fundamental profit models in the MEV ecosystem.
Jaredfromsubway.eth is the most representative automated executor under this mechanism. Unlike traditional "single-point arbitrage bots," this MEV Bot resembles a highly industrialized MEV execution system. It continuously monitors unconfirmed transactions in the mempool, identifies potentially sandwichable transaction paths in real-time, and constructs trades, bids for gas, and inserts orders within an extremely short time window, systematically capturing slippage profits.
Data from Cointelegraph Research indicates that between November 2024 and October 2025, approximately 60,000 to 90,000 sandwich attacks occurred monthly on the Ethereum network, of which about 70% were related to the strategy system of Jaredfromsubway.eth.
In May this year, Ethereum co-founder Vitalik Buterin's trade for exchanging 26,544 DigitalBits (XDB) was also targeted by Jaredfromsubway.eth.
There are no official statistics regarding the historical revenue status of Jaredfromsubway.eth, but it is conservatively estimated that the address has accumulated MEV earnings reaching tens of millions of dollars during its active period. During certain peak periods, its daily earnings could reach hundreds of thousands of dollars and it has long consistently appeared at the top of the Ethereum MEV rankings.
Crypto Security Threats Intensify: Even Top Predators Cannot Escape
While reflecting on the saying that "those who play with hawks eventually get their eyes pecked out," the attack on Jaredfromsubway.eth has raised the risk alarm for cryptocurrency once again.
In previous understandings, MEV Bots like Jaredfromsubway.eth were considered on-chain "predators"—they continually captured users' trading slippage and arbitrage opportunities through automated strategies, occupying a position of advantage within the ecosystem, and could even be described as one of the most representative types of attackers in the cryptocurrency market.
However, this time, it became the target that was designed, lured, and ultimately harvested, and the attacker did not choose the traditional route of exploiting vulnerabilities but instead constructed a long-running "behavior trap" that led the MEV Bot automated system step by step into erroneous decision-making while fully complying with its rules.
One must admit that even participants like Jaredfromsubway.eth, who were once most adept at "exploiting the rules," are now beginning to be exposed to more complex attack vectors.
Additionally, it is worth mentioning that after Jaredfromsubway.eth was hacked, an unknown account on X, with 94,000 followers, changed its name to Jaredfromsubway.eth and falsely claimed to offer a "reward of 1 million dollars for the complete return of all funds."
Several developers issued risk warnings regarding this, emphasizing that this account is not the official account of Jaredfromsubway.eth (the MEV Bot team does not have an official account), and that there may be attempts to use this account for scams in the future, urging users to remain vigilant.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
