If you’ve traded on Ethereum decentralized exchanges, you’ve probably heard of Jaredfromsubway.eth. This mysterious operator runs the most successful MEV (Maximal Extractable Value) bot in crypto history—a bot infamous for executing thousands of “sandwich attacks” on unsuspecting traders since 2023.
But now, the hunter has become the prey.
Jaredfromsubway’s bot was exploited for over $15 million in what experts call a “reverse honeypot” attack. The operator has now spoken out, offering the attacker a deal: return half the money within 48 hours, or face legal action.
What Is a MEV Bot Anyway?
Before diving into the exploit, let’s break down what Jaredfromsubway actually does. MEV bots are automated systems that scan the Ethereum blockchain for profitable trading opportunities and execute trades faster than regular users.
The most common type of MEV attack is a sandwich attack. Here’s how it works:
- A regular trader places an order on a decentralized exchange (DEX)
- The MEV bot sees this transaction in the pending queue
- The bot buys the same token before the trader (front-running)
- The trader’s order executes at a higher price
- The bot sells the token immediately after (back-running)
- The bot profits from the price difference
Jaredfromsubway’s bot has executed hundreds of thousands of sandwich attacks since early 2023, generating gross revenues reportedly exceeding $34 million to $40 million during peak three-month windows.
In fact, the bot even sandwiched Ethereum co-founder Vitalik Buterin in May 2026, deploying over $1.14 million in WETH volume to profit from his trade.
How the $15 Million Hack Happened
The attack wasn’t random. On-chain data shows the attacker spent weeks meticulously planning this exploit. Here’s exactly what went down:
The Attack Method:
The key vulnerability? Token approval management. The bot’s automated execution system was tricked into granting permissions that the attacker later exploited.
Blockaid explained the incident was not a phishing attack or smart-contract vulnerability, but rather an exploitation of the bot’s automated MEV opportunity detection and approval mechanism.
MEV activity often contributes to spikes in Ethereum gas fees as bots compete to prioritize their transactions.
Jaredfromsubway Speaks Out
On X (formerly Twitter), Jaredfromsubway.eth labeled the situation as a “reverse honeypot”—the opposite of the usual crypto scam where hackers trap victims.
He pointed out the irony of being targeted while reaffirming his position as the dominant figure in MEV operations. But he didn’t just complain—he went on offense.
The 50% White Hat Deal
Jared offered the attacker what’s called a “white hat deal”—a term in crypto for when hackers are allowed to keep some stolen funds if they return the rest.
The proposal:
- Attacker keeps 50% of the stolen $15 million (roughly $7.5 million)
- Attacker returns the remaining 50% within 48 hours
- Deadline: 48 hours from the offer
- Threat: Legal action if funds aren’t returned
Jared addressed the perpetrator directly, transitioning from a general recovery offer to an urgent proposition. He suggested the attacker could retain half the stolen assets if they returned the remaining portion within two days.
Why This Matters for Crypto Security
This incident has sparked widespread scrutiny over token approval mechanisms in Ethereum’s automated systems. Here’s what went wrong and why it affects everyone:
The Vulnerabilities Exposed:
- Automated systems trust fake data – MEV bots scan open market data for opportunities, but this makes them vulnerable to manipulation
- Token approvals are dangerous – Granting unlimited token permissions can be exploited if the contract is malicious
- Speed over security – MEV bots prioritize executing trades faster than competitors, sometimes skipping safety checks
Security analyst Intellectia noted that systems designed for rapid trading can be steered into unsafe permissions, affecting user protection and market trust.
Attackers often exploit smart contract vulnerabilities and trading bots that fail to properly assess transaction risks
The Numbers: Jared’s Empire vs. The Loss
The discrepancy between Jared’s claimed loss ($15M) and the analyst-confirmed loss ($7.5M) highlights the difficulty in tracking exactly how much was drained from automated systems.
What Happens Next?
As of now, the 48-hour deadline is ticking. Whether the attacker will take the deal remains unknown. Crypto hackers have a reputation for returning funds when offered white hat deals, but this was a massive haul—$7.5 million to $15 million is life-changing money.
If the attacker doesn’t return the funds, Jaredfromsubway has threatened legal action, which could involve tracking the stolen assets through blockchain analysis and potentially working with law enforcement.
The Bottom Line
Jaredfromsubway.eth built an empire on finding other people’s trading mistakes and profiting from them. Now, someone found a mistake in his own system and profited even bigger.
This incident proves that no one is immune in crypto—even the most sophisticated automated traders can be exploited with enough planning and creativity. It also highlights the growing need for better token approval security across all automated trading systems on Ethereum.
For regular traders, the takeaway is clear: always review token approvals carefully before signing transactions. You might be protecting yourself from becoming the next victim of an MEV bot—or worse, the next target of a reverse honeypot.
What do you think? Should Jaredfromsubway have offered the white hat deal, or should he pursue legal action immediately? Share your thoughts below.
