{"id":32545,"date":"2026-06-21T06:43:22","date_gmt":"2026-06-21T06:43:22","guid":{"rendered":"https:\/\/bitunikey.com\/news\/jaredfromsubway-mev-bot-gets-drained-in-7-5m-approval-trap\/"},"modified":"2026-06-21T06:43:28","modified_gmt":"2026-06-21T06:43:28","slug":"jaredfromsubway-mev-bot-gets-drained-in-7-5m-approval-trap","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/jaredfromsubway-mev-bot-gets-drained-in-7-5m-approval-trap\/","title":{"rendered":"JaredFromSubway MEV bot gets drained in $7.5m approval trap"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Ethereum\u2019s well-known MEV bot JaredFromSubway was drained after an attacker used contracts that made its automated trading system grant token approvals, according to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/blockaid_\/status\/2068433798757577198?s=20\" target=\"_blank\" rel=\"nofollow\">Blockaid<\/a>.<\/p>\n<div id=\"cn-block-summary-block_7f29ca2d79eea6fc0837e51f1d06d0f4\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Blockaid says attacker-controlled contracts tricked JaredFromSubway\u2019s automated system into granting approvals later used for draining.<\/li>\n<li>Jared publicly claimed a $15 million loss, while Blockaid\u2019s public estimate stood near $7.5 million.<\/li>\n<li>Crypto.news previously tied JaredFromSubway to Vitalik Buterin\u2019s swap and heavy Ethereum gas use in 2023.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The security firm said the incident was not a normal phishing case and not a direct bug in the victim contract.\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThis is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,\u201d Blockaid said.\u00a0<\/p>\n<\/blockquote>\n<p>The firm said the bot approved attacker-controlled contracts during routes that appeared to be profitable MEV trades.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8Community Alert:<br \/>Blockaid Exploit Detection system detected an exploit involving the <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/jaredsmev?ref_src=twsrc%5Etfw\">@jaredsmev<\/a> MEV bot on Ethereum.<br \/>The incident resulted from attacker-controlled contracts tricking an automated MEV execution system into granting token approvals, later used to drain funds.\u2026<\/p>\n<p>\u2014 Blockaid (@blockaid_) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/blockaid_\/status\/2068433798757577198?ref_src=twsrc%5Etfw\">June 20, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Blockaid says approvals stayed open<\/strong><\/h2>\n<p>Blockaid said the attacker first tested routes where approvals were used at once, leaving no open allowance. Later, the attacker changed the route design so the bot gave approvals that were not spent or revoked.<\/p>\n<p>One example cited by Blockaid involved an approval of about 92.16 WETH to an attacker helper contract. <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x85609286d68bd47065772c21fd9542c4343348ff8c7c2e6d63d0692be5781915\" target=\"_blank\" rel=\"nofollow\">Etherscan data<\/a> for the transaction showed jaredfromsubway.eth interacting with its MEV Bot 2 contract before the later sweep. The transaction record also showed ERC-20 movements tied to the same automated route.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Final sweep hit WETH, USDC and USDT<\/strong><\/h2>\n<p>The final transaction used the open approvals to pull WETH, USDC and USDT from the JaredFromSubway MEV bot contract through transferFrom. <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x2be8704f5a59b69e0b71f64aefdb99eb0e8ae9fb3926147c581910d71bcf3e65\" target=\"_blank\" rel=\"nofollow\">Etherscan showed<\/a> transfers from \u201cjaredfromsubway: MEV Bot 2\u201d to the attacker wallet beginning with 0x3e37.<\/p>\n<p>Blockaid put the drained amount at about $7.5 million. The <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/jaredsmev\/status\/2068481862499237929?s=20\" target=\"_blank\" rel=\"nofollow\">JaredFromSubway account<\/a> later claimed the loss was $15 million and offered a $1 million bounty for the full return of the funds. That difference has not been fully explained in the public posts reviewed.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 Major incident: My MEV bot JaredFromSubway.eth was just drained for $15M<\/p>\n<p>I am offering a $1,000,000 USD bounty for the full return of the funds<\/p>\n<p>No Q asked. Full confidentiality and safe return guaranteed. This is a legitimate, time-sensitive bounty.<br \/>Contact me privately. <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/5VXfdg9tap\">https:\/\/t.co\/5VXfdg9tap<\/a><\/p>\n<p>\u2014 Jaredfromsubway.eth (@jaredsmev) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/jaredsmev\/status\/2068481862499237929?ref_src=twsrc%5Etfw\">June 20, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\"><strong>How the attacker turned the bot\u2019s logic against it<\/strong><\/h2>\n<p>The attack appears to have targeted the bot\u2019s own trading workflow. MEV bots watch Ethereum activity and act on transactions that look profitable. In this case, attacker-controlled contracts made the route look useful enough for the bot to approve spending rights.<\/p>\n<p>The attacker used 66 fake token contracts that copied the look and function of WETH, USDC and USDT. These contracts were paired with fake liquidity pools. The setup pushed the bot toward approvals that later became the path for the drain.<\/p>\n<h2 class=\"wp-block-heading\"><strong>JaredFromSubway\u2019s record is back in focus<\/strong><\/h2>\n<p>JaredFromSubway is one of Ethereum\u2019s most watched sandwich bots. In a sandwich attack, a bot places trades before and after a user\u2019s swap. This can give the user a worse price while the bot captures the spread.<\/p>\n<p>As previously reported by crypto.news, JaredFromSubway targeted a small swap by Ethereum co-founder Vitalik Buterin in April, using about $1.14 million in WETH volume across SushiSwap and Uniswap V2. Crypto.news also reported in 2023 that the bot used 455 ETH in gas within 24 hours and accounted for about 7% of Ethereum gas use during that period.<\/p>\n<p>The exploit now puts attention on token approvals used by automated systems. The case shows how a system built to act quickly on open market data can be steered into unsafe permissions when controls around approvals are weak. It also adds a new chapter to the wider debate over MEV, sandwich trades and user protection on Ethereum.<\/p>\n<p>For now, the key public details remain split between Blockaid\u2019s technical thread, the on-chain records and posts from the JaredFromSubway account. No recovery had been confirmed in the reviewed updates.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ethereum\u2019s well-known MEV bot JaredFromSubway was drained after an attacker used contracts that made its automated trading system grant token approvals, according to Blockaid. Summary Blockaid says attacker-controlled contracts tricked&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-32545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=32545"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32545\/revisions"}],"predecessor-version":[{"id":32546,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32545\/revisions\/32546"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29669"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=32545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=32545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=32545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}