MEV bot JaredFromSubway.eth loses $7.5M to approvals honeypot

Prolific MEV “sandwich” bot JaredFromSubway.eth lost a total of $7.5 million worth of crypto over the weekend after being lured into a trap over almost one hundred blocks.

In a dramatic case of on-chain karma, the plot to relieve the bot of what many see as its ill-gotten gains involved fake tokens, small wins and an equally dramatic sting.

Blockchain investigator Specter flagged the suspicious transaction, which saw approximately 1,475 WETH ($2.6 million), $2.9 million USDC, and $2 million USDT drained from JaredFromSubway.eth’s bot.

There may have been a $7M+ drain from a victim wallet.

It looks like it involves JaredFromSubway MEV.

If anyone can figure out what happened, kindly do.

Address: 0x3e37f4A10d771Ba9dE44b6d301410b1BEdeA65d0 pic.twitter.com/YLP1p182sA

Read more: JaredFromSubway.eth sandwich attacked Vitalik Buterin

The victim address, labelled “jaredfromsubway: MEV Bot 2” on block explorer Etherscan, has been active since August 2024 and is the operator’s second iteration.

Between the two bots, and 6.4 million transactions, the operator has made millions of dollars by “sandwiching” on-chain trades.

This process involves scanning the network’s mempool of pending transactions before front-running and back-running user trades. The front-run manipulates swap prices, while the back-run makes a profit off the difference, paying block builders a tip to be included at the right position in the block.

As transaction fees on Ethereum have dropped, sandwichers often target increasingly small wins, such as JaredFromSubway’s attack on Ethereum co-founder Vitalik Buterin last month.

The bot operator’s choice of name is a dark nod to the popular sandwich shop’s erstwhile mascot Jared Fogle, who was later discovered to be a sex offender.

Read more: Explained: How JaredFromSubway.eth still sandwich attacks victims

The attacker specifically targeted JaredFromSubway’s bot, luring it in with small, profitable sandwich attacks on fake attacker-created token pairs.

A report from Yearn developer Banteg describes how, over the course of 97 blocks, the bot was offered “small real-token profits,” on “profitable fake-DEX arbitrage” opportunities.

However, during the transactions, the bot contract inadvertently “approved attacker-controlled child contracts to spend real WETH, USDC, and USDT,” which were not consumed during the sandwiches, nor revoked afterwards.

The attacker was then able to harvest the pre-approved tokens in the final drain transaction.

Read more: Aztec Network hit by second hack this week as escapeHatch drained of $2M

Taking advantage of the news, recently-renamed X handle “jaredsmev” made various scam bounty offers of $1 million to $7.5 million, citing the erroneous, but widely reported total loss of $15 million.

Cointelegraph even reposted one of the scammer’s offers to its 2.9 million X followers, before deleting.

Read more: Cointelegraph says Bitcoin ETF approved despite no proof

In an on-chain transaction from JaredFromSubway.eth, the bot’s real operator sent an input data message to the attacker, with a seemingly genuine bounty offer.

“Well played,” begins the message, before requesting the return of 2150 ETH, equivalent to approximately 50% of the stolen funds, in the next 48 hours.

“Otherwise we will pursue all available legal and law-enforcement remedies,” it threatens.

Other users have reached out to the attacker on-chain, claiming to be victims of JaredFromSubway’s MEV operations, and requesting reimbursement of their supposed losses.

One called the attacker “our Robin Hood in a White Hat.” Others were less subtle.

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post MEV bot JaredFromSubway.eth loses $7.5M to approvals honeypot appeared first on Protos.