One of Ethereum’s most notorious MEV bots, known as JaredFromSubway, has reportedly been drained for around $7.5 million after attacker-controlled contracts tricked its automated system into granting token approvals.
TL;DR The JaredFromSubway MEV bot was reportedly drained for about $7.5 million. Security firm Blockaid said the bot was tricked into approving malicious trading routes. The attacker then used those approvals to pull assets from the bot contract. The incident appears to target the bot’s own automation, not Ethereum itself. What HappenedThat distinction matters. MEV infrastructure moves quickly and often relies on highly automated decision-making. If that automation can be tricked into approving the wrong contract, the risk can be severe because transactions execute with little human review.
Why Traders CareThe story is bigger than one bot getting drained. It highlights a risk that applies across automated trading systems: speed can become fragility. Bots competing in MEV markets need to act faster than human traders, but that also means they can be vulnerable to carefully designed traps.
For Ethereum users, the incident may feel like poetic justice because sandwich bots are widely disliked. But the technical lesson is broader. Any system that grants token approvals based on automated contract interactions needs strict safeguards, simulation and route verification.
The market impact is unlikely to come from the dollar amount alone. A $7.5 million drain is meaningful, but not systemic. The bigger impact is reputational for MEV infrastructure and possibly operational for bot operators who now need to review their approval logic more aggressively.
For now, this should be treated as a targeted exploit against a trading bot, not a network-wide security event.
