JaredFromSubway MEV bot exploited for over $15M

The most infamous MEV bot in crypto history just had a very bad day. JaredFromSubway, the Ethereum sandwich attack bot that has extracted tens of millions of dollars from unsuspecting DEX traders since 2023, was exploited for over $15 million.

The hunter becomes the hunted

On-chain data confirms the exploit drained more than $15 million from the jaredfromsubway.eth bot’s operations.

MEV bots and sandwich attacks work by watching the mempool, the waiting room where pending transactions sit before being confirmed. When the bot spots a large swap, it places one transaction right before it (front-running) and another right after (back-running). The victim’s trade executes at a worse price, and the bot pockets the difference.

JaredFromSubway has been doing exactly this at industrial scale. The bot has executed hundreds of thousands of sandwich attacks since early 2023, generating gross revenues reportedly exceeding $34 million to $40 million during peak three-month windows. After accounting for the enormous gas fees required to front-run transactions on Ethereum, net profits have been estimated at more than $6 million.

In mid-2024, the bot’s single-day gas expenditure exceeded 210 ETH, roughly $810K at the time.

A bot that kept evolving

By August 2024, a “Jared 2.0” iteration emerged, introducing advanced multi-hop routing techniques designed to improve efficiency in both front-running and back-running trades. These upgraded versions processed over 85,000 transactions and accumulated hundreds of thousands of ETH.

The bot’s primary hunting ground has been low-liquidity memecoin pools on Ethereum DEXes. The bot’s operator consistently ranked among Ethereum’s top gas spenders.

In May 2026, JaredFromSubway executed a sandwich attack against a token swap conducted by Ethereum co-founder Vitalik Buterin, deploying over $1.14 million in WETH volume to front-run the transaction.

What this means for Ethereum traders and investors

For retail traders, low-liquidity pools remain dangerous places to execute swaps without slippage protection. Tools like Flashbots Protect, which route transactions through private mempools to avoid front-running, exist for a reason.

The exploit also highlights a risk that’s often overlooked in the MEV ecosystem: the bots themselves are targets. MEV operations require significant capital to be deployed in smart contracts, and if those contracts have vulnerabilities, the accumulated funds become honeypots.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.