Security firm Blockaid disclosed on June 21 that the notorious Ethereum on-chain sandwich-attack bot JaredFromSubway was targeted with 66 carefully crafted fake token contract honeypots deployed by the attackers over a period of weeks. They used the bot’s automated profit-seeking logic to trick it into approving token-spend permissions, ultimately draining the bot’s wallet of its real assets in a single sweep.
Deployment and attack logic of 66 fake token contracts
The attackers’ preparation took weeks, during which they gradually deployed 66 fake token contracts that precisely mimic three mainstream assets: Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).
JaredFromSubway’s core logic is to continuously scan Ethereum’s mempool, automatically identify and follow arbitrage paths involving high-liquidity tokens. To the bot, these fake contracts look identical to the real routes; as it does every time, it “sniffs out” an opportunity and immediately approves token spending to an auxiliary contract controlled by the attacker.
Blockaid noted: “The attacker-controlled contracts tricked the automated MEV execution system into granting token approvals, and these approvals were later used to withdraw funds.” Even a single approval handed over more than 92 WETH. Finally, the last contract uses these already opened approvals to sweep the bot’s wallet of real assets in one go; the on-chain transactions can be viewed on Etherscan.
JaredFromSubway’s track record: peak gross revenue of over $34 million
Since early 2023, JaredFromSubway has been active and has carried out hundreds of thousands of sandwich attacks. At its revenue peak, its gross income is estimated at $34 million to $40 million. During the most rampant period for MEV on Ethereum, about 70% of sandwich attacks across the network each month came from this bot.
In May 2026, JaredFromSubway carried out a sandwich attack on a token swap involving Vitalik Buterin, deploying more than $1.14 million worth of WETH to mount the squeeze, which drew widespread attention. Similar “MEV hunting bot” incidents are not the first—back in 2023, a malicious validator used the same logic to siphon about $25 million from multiple sandwich bots; this time, the method was more precise, replacing a single point of breakthrough with 66 fake contracts.
Two versions of the loss figures: $7.5 million on-chain vs $15 million claimed by the perpetrator
Both Blockaid and PeckShield’s on-chain analysis put the losses at about $7.5 million. After the fact, JaredFromSubway’s designer claimed that if non-directly on-chain-visible portions were included, the total loss was close to $15 million, and they had also offered a $1 million bounty on the condition that the attacker returns the funds.
FAQ
How did the attacker get JaredFromSubway to grant token approvals without its knowledge?
According to Blockaid’s analysis, the 66 fake contracts deployed by the attackers are fully identical in appearance to real high-liquidity assets (WETH, USDC, USDT), making them indistinguishable from real routes to the bot’s automated scanning logic. After the bot automatically identifies an “arbitrage opportunity” and approves token spending, the attacker’s final contract uses these already granted permissions to sweep the real assets in one transaction. The vulnerability source is not a code flaw—it is the bot’s own profit-seeking logic.
Can the $1 million bounty for JaredFromSubway lead to the recovery of funds?
According to reports, although the designer of JaredFromSubway has offered a $1 million bounty, based on historical cases, the rate at which funds are returned in attacks like this is extremely low. The article states that “the chance of getting this money back is, for now, not high.”
Why is the discrepancy between Blockaid’s and the designer’s loss estimates so large ($7.5 million vs $15 million)?
According to reports, Blockaid and PeckShield’s on-chain analysis could only track losses of directly visible on-chain assets (about $7.5 million); the designer of JaredFromSubway claimed that the $15 million includes portions that are not directly visible on-chain, but the specific breakdown has not been disclosed.
