← Back to archive
Hack·ongoing

jaredfromsubway.eth Drain via Fake Route Approvals

A reported exploit of the Ethereum MEV bot jaredfromsubway.eth used fabricated trading routes, fake token infrastructure, and standing approvals to remove more than $7.5 million.

Abstract

On 2026-06-21, CoinDesk reported that the Ethereum MEV bot jaredfromsubway.eth had been drained for more than $7.5 million.<sup class="cite">[1]</sup> The reported mechanism did not center on a conventional contract vulnerability; instead, Blockaid indicated that the attacker induced the bot to approve fake trading routes, after which those approvals were used to transfer WETH, USDC, and USDT.<sup class="cite">[2]</sup><sup class="cite">[3]</sup> CoinDesk further reported that the setup had been prepared over several weeks through fake token contracts and fake liquidity pools, and that some proceeds were later sent to Tornado Cash.<sup class="cite">[4]</sup><sup class="cite">[5]</sup> What is established in the present record is the reported loss magnitude and the broad approval-based mechanism. What remains contested or unresolved includes attribution, the full on-chain path, and whether any funds have been recovered.

Methodology

This post-mortem relied on the structured event brief, which in turn cited CoinDesk’s contemporaneous reporting and Blockaid’s attributed description of the attack mechanism. Verification was limited to claims explicitly contained in that record: the reported loss amount, the approval-based route manipulation, the use of fake token and liquidity-pool infrastructure, the assets named as drained, and the reference to Tornado Cash. Comparative context was drawn from the supplied archive analytics only. No additional on-chain reconstruction, court filing review, or recovery inference was introduced beyond the provided dossier, and unresolved points are treated as unestablished rather than assumed.

The incident concerned jaredfromsubway.eth, an Ethereum MEV bot known for sandwich trading, which CoinDesk reported was drained for more than $7.5 million on 2026-06-21.[1] The available record described the event not as a standard smart-contract bug and not as a conventional phishing episode, but as an exploitation of the bot’s own automated trading logic.[6] In the present dossier, the central mechanism was the generation of token approvals under false routing assumptions, creating a path by which attacker-controlled contracts could later move assets from the bot’s control.[2][3]

According to CoinDesk’s account, the setup was not instantaneous. The reporting stated that the attacker built the environment over several weeks by deploying dozens of fake token contracts and fake liquidity pools.[4] That preparatory stage matters because the reported exploit depended on the bot encountering infrastructure that appeared sufficient to support trading logic, even though the underlying routes were attacker-fabricated.[2][4] On the present record, this was therefore less a case of unauthorized code execution than a case in which the system’s own execution path was induced to treat malicious route data as legitimate trading context.[2][6]

Blockaid, as cited by CoinDesk, said the attacker tricked the bot into approving fake trading routes.[2] The timeline in the brief further stated that these interactions generated approvals for attacker-controlled helper contracts to spend tokens on the bot’s behalf.[2] Within Ethereum token standards, approvals are operationally significant because they can persist beyond the immediate transaction that created them; in this case, the reported exploit path turned those permissions into the decisive control point.[2][6] The dossier therefore supports a mechanism in which the compromise arose from permissioning under deceptive market structure rather than from a direct break of cryptographic controls or a disclosed flaw in token contracts themselves.[2][4][6]

Once those approvals existed, the attacker reportedly used them to transfer WETH, USDC, and USDT out of the bot’s contracts.[3] CoinDesk’s reporting, as reflected in the brief, identified these assets specifically and tied the drain to the previously obtained open approvals rather than to a separate exploit stage.[3] The sequence presented in the dossier was therefore linear: fake route environment, induced approvals, then token transfers using those permissions.[2][3][4] That sequence is important because it narrows the principal failure mode to authorization logic and route validation, not merely to post-compromise fund movement.[2][6]

The available reporting also stated that some of the stolen funds were later sent to Tornado Cash.[5] In the present record, that point served as a documented observation about subsequent fund routing, not as proof of final disposition, recovery impossibility, or attacker identity.[5] No transaction hashes, contract addresses, or complete asset-by-asset movement map were included in the dossier, so the public reconstruction remained high level even where the broad path was described.[5] As of 2026-06-21, the established narrative was therefore one of a completed drain with at least some proceeds moved into a mixing service, while the fuller transactional topology remained outside the supplied evidence base.[1][5]

The documented consequences were material but narrowly evidenced. CoinDesk reported losses of more than $7.5 million from jaredfromsubway.eth.[1] The assets named in the drain were WETH, USDC, and USDT, and some portion of the proceeds was later routed through Tornado Cash according to on-chain data reviewed by CoinDesk.[3][5] The dossier did not identify affected users, did not describe any court action or regulatory proceeding, and did not state that any funds had been recovered as of 2026-06-21.[1][5]

Discussion

Within CryptoMortem’s archive context, this incident ranked #36 of 48 by severity across the full dataset and #19 of 26 within the hack category. That places it below the archive’s largest losses, but still within a class of events large enough to matter operationally and analytically. The event also sat inside a relatively active period for the archive: 49 total events had been catalogued, with 19 in the 12 months preceding this incident. The comparative value of this case lies less in absolute size than in mechanism. The assigned attack vector, social_engineering, had 5 prior events in the archive with cumulative $0.35B affected and mean recovery 50.0%; 1 was fully recovered and 1 had low/no recovery. By contrast, the broader hack category contained 12 other records with mean recovery 91.6% and mean resolution 465 days. On those archive figures, approval-inducing deception appears materially less predictable in outcome than the average hack record, particularly where the exploit path turns on permissions granted by the victim system itself. Pattern recurrence reinforces that interpretation. The pattern single_point_of_control had appeared in 27 prior events, including 11 in the past 12 months. The pattern social_engineering_attack_vector had appeared in 9 prior events, including 4 in the past 12 months. The pattern absence_of_withdrawal_monitoring had appeared in 12 prior events, including 7 in the past 12 months. Taken together, the archive context places this event within a recurring failure family: concentrated operational authority, deceptive input conditions, and insufficient controls to halt or flag abnormal outflows once permissions had been created.

Comparative analytics

All comparisons computed against the 49-event CryptoMortem archive at time of publication.

  • Severity rank across full archive: #36 of 48 (27.1th percentile).
  • Severity rank within same event type: #19 of 26.
  • Attack vector "Social Engineering": 5 prior events in archive, cumulative $349M, mean recovery 50.0%; 1 fully recovered, 1 with low or no recovery.
  • Event type "Hack": 12 other records in archive, mean recovery 91.6%, mean resolution 465 days.
  • Pattern "Single Point Of Control": observed in 27 prior events (11 in the past 12 months).
  • Pattern "Social Engineering Attack Vector": observed in 9 prior events (4 in the past 12 months).
  • Pattern "Absence Of Withdrawal Monitoring": observed in 12 prior events (7 in the past 12 months).
  • Archive context: 49 events catalogued; 19 in the 12 months preceding this incident.

Limitations

The present record was narrow. It did not establish the attacker’s identity. It did not provide transaction hashes, contract addresses, or a full on-chain loss breakdown, which limited independent reconstruction of the exact approval and transfer sequence. It also did not state whether any funds were recovered. Although CoinDesk reported that some funds were sent to Tornado Cash and attributed the mechanism to Blockaid, the dossier did not include primary forensic artifacts such as signed messages, internal bot logs, or contract-level traces. As of 2026-06-21, attribution, complete fund flow, and final resolution status therefore remained unestablished in the supplied materials.

Timeline

  1. Jaredfromsubway.eth drained for more than $7.5 million

    Blockaid said attacker-controlled contracts tricked the bot’s automated MEV system into granting token approvals that were later used to drain funds. The attacker deployed 66 fake token contracts and fake liquidity pools over several weeks, then swept ETH, USDC, and USDT from the bot’s treasury; some stolen funds have already been sent to Tornado Cash.

    source →
  2. Blockaid attributes the mechanism

    Blockaid said the attacker tricked the bot into approving fake trading routes.

    source →
  3. Fake tokens and pools were deployed

    The attacker deployed dozens of fake token contracts and fake liquidity pools over several weeks.

    source →
  4. Approvals were generated

    The bot generated approvals for attacker-controlled helper contracts to spend tokens on its behalf.

    source →
  5. Open approvals were used to transfer funds

    Those open approvals were used to transfer WETH, USDC and USDT out of the bot's contracts.

    source →
  6. Some funds were routed through Tornado Cash

    CoinDesk said some of the stolen funds were later sent to Tornado Cash.

    source →
  7. CoinDesk reports the drain

    CoinDesk published that jaredfromsubway.eth had been drained for more than $7.5 million.

    source →
  8. jaredfromsubway bot drained for roughly $7.5 million

    The Block reports the notorious MEV bot was drained in a counter-MEV honeypot, with losses estimated at roughly $7.5 million. An X account using the bot's name claimed a $15 million loss and offered a $1 million bounty, but the article says it is likely an impersonator.

    source →

Who was involved

Structural failures identified

Sources

  1. Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit, CoinDesk — Primary reporting on the drain, the fake-route approval mechanism, the asset types drained, and the Tornado Cash reference.