An attacker has drained roughly $7.5 million from jaredfromsubway.eth and has been moving funds to Tornado Cash despite a 50% bounty.
Author: Sahil Thakur
23rd June 2026 – An attacker has drained roughly $7.5 million from jaredfromsubway.eth. The hit turned one of Ethereum’s most feared MEV bots into a victim. The method was a patient counter-honeypot trap.
High Signal Summary For A Quick Glance
GenZ
@ZGenZ0
@jaredsmev You scam people.. and you are getting scammed. Karma is a boomerang
Not confirmed yet, but I just received a DM from a white-hat hacking group. They say they’re willing to negotiate on the $15M that was taken and we are still negotiating Will update and confirm if this actually moves forward. Stay tuned. "Jaredfromsubway.eth"
04:05 PM·Jun 22, 2026
九爷
@cabelpeng
@jaredsmev 黑客干的好,特么你为何不还被。你夹的,黑客继续干
🚨 BIG ANNOUNCEMENT 🚨 We just dropped a $7.5M Bounty for the whitehat hacker who stole $15M — if he returns the 50% funds, we’re giving away $1,000,000 to the community! 🔥 To enter: • Like + RT this tweet • Follow @Jaredsmev • Drop your ETH address in the comments 👇
08:09 AM·Jun 22, 2026
Margox
@margoxhung
@jaredsmev So what are you going to say? I was stealing from people, then another thief came along and stole from me. Now I'm filing a complaint against the thief who stole from me? :) You're bragging here, yet crying on other tweets. The hacker didn't just drain your money he drained your https://t.co/WJfSPQOVGm https://t.co/axdddxaySY
You guys seriously think $15 million is a big deal for me? 😂 I will keep front running you all 👊 https://t.co/gkAbJaf8wz
07:43 AM·Jun 22, 2026
The jaredfromsubway exploit was no smash-and-grab. According to security firms Blockaid and PeckShield, the attacker spent weeks building a fake ecosystem just to bait the bot.
For background, jaredfromsubway.eth runs a sandwich bot. It watches the mempool for large pending trades, buys ahead of them to push the price up, then sells right after to pocket the slippage.
So the attacker built bait the bot could not ignore. Over several weeks, they deployed 66 fake token contracts. Alongside them sat fake liquidity pools that mimicked WETH, USDC, and USDT.
To the bot’s automated logic, these pools looked like easy profit. As a result, the bot engaged with them. It then granted token approvals to attacker-controlled “helper” contracts.
An approval is a permission. It lets another contract move your tokens on your behalf, up to a set limit. MEV bots hand out these approvals constantly so they can trade at machine speed.
Then patience did the rest. Small early trades behaved normally and built false confidence. Because the approvals stayed open, the attacker later called transferFrom. That single step swept the real WETH, USDC, and USDT.
One helper contract cited in on-chain analyses sat at 0x3e37f4…65d0. Notably, there was no stolen key and no bug in Jared’s core code. Instead, the bot’s own greed approved its own draining.
Key milestones related to this development
The attacker executes the main drain, pulling ETH and stablecoins from jaredfromsubway.eth-linked contracts.
The stolen assets are separated into multiple wallets, including several large ETH chunks.
The exploiter sends the first 100 ETH deposit into Tornado Cash shortly after the drain.
Multiple 100 ETH deposits are routed through Tornado Cash, laundering at least 2,000 ETH across batches.
jaredfromsubway.eth sends an on-chain message offering a 50% white-hat bounty if the exploiter returns part of the funds.
No clear on-chain response or return of funds is observed; the exploiter continues moving assets instead.
At least 2,000 ETH has passed through Tornado Cash, while another major leg was converted into WETH/DAI.
According to Blockaid and PeckShield, the haul came to about 1,474.58 WETH, 2.87 million USDC, and roughly 2 million USDT. Together that was near $7.5 million at the time.
Some reports cite slight variations, such as a 1,583.5 ETH-equivalent figure. Jared himself has referenced a higher number, around $15 million, though security firms stand by the $7.5 million estimate.
After the sweep, the attacker swapped portions of the stablecoins into ether. As a result, the wallet swelled to more than 4,400 ETH. With ETH near $1,700 to $1,800 at the time, the conversion locked in the value fast.
The drain itself did not rattle the wider market. According to contemporaneous reports, ether prices and gas fees held steady. So the damage stayed contained to one very large, very ironic target.
On June 22 at about 02:15 UTC, Jared answered directly on the blockchain. From his own wallet, he sent a transaction whose input data carried the offer.
“Well played. We are willing to offer a 50% white hat bounty if you return 2150 ETH to this address in the next 48 hours, otherwise we will pursue all available legal and law-enforcement remedies.”
In short, the deal asks for 2,150 ETH back within 48 hours, with a deadline near June 24. The attacker would keep the rest. Otherwise, Jared threatens legal and law-enforcement action.
Such whitehat offers are a common recovery tactic. The victim trades immunity and a split for the return of funds, which avoids a long legal fight. Whether it works here remains unclear.
So far, the signs are not encouraging. According to PeckShield, the exploiter has kept routing funds into Tornado Cash rather than answering the bounty.
An initial batch of roughly 1,000 ETH hit the sanctioned mixer soon after the drain. Then on June 23, monitors flagged another batch of about 2,000 ETH.
Tornado Cash mixes deposits so withdrawals cannot be traced to their source. As a result, it complicates recovery, though advanced analytics can still follow some flows. Arkham Intelligence is tracking the attacker entity as the funds move.
Reaction across X and Reddit leaned toward schadenfreude rather than sympathy. Many traders see jaredfromsubway.eth as a predator, since the bot has sandwiched retail trades for years.
For context, the bot has at times been tied to roughly 70% of sampled sandwich attacks on Ethereum. So “the sandwich bot got sandwiched” quickly became the dominant meme.
Critics also mocked the legal threats as hypocritical. After all, pursuing a case in court could force Jared to expose the bot publicly. That bot was built to extract value from ordinary users.
Others were simply skeptical. Many doubt the exploiter will take the bounty at all. Few expect a lawsuit to land against an anonymous address. As always, this is community sentiment, not financial advice.
Jared’s X account posted that they had received a DM from the white hat group but it was still not confirmed.
Then, the update on the incident stopped from the official account.
For now, the 48-hour bounty clock is the main thing to watch. If the deadline near June 24 passes without a return, recovery odds drop and the legal threat gets tested.
Meanwhile, the jaredfromsubway exploit is already reshaping how MEV operators think about risk. When a bot auto-approves contracts at scale, every open approval becomes a target. Expect tighter approval hygiene and more honeypot detection across the sector.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Jaredfromsubway Exploit Funds Move To Tornado Cash Despite 50% Bounty
Taiko Bridge Exploit Drains $1.7M Through SGX Key Exposure
Axelar Secret Network Hack Drains $4.67M via IBC Bridge
ZachXBT Changelly Scam: Mule Reports Own Frozen Funds
Jaredfromsubway Exploit Funds Move To Tornado Cash Despite 50% Bounty
Taiko Bridge Exploit Drains $1.7M Through SGX Key Exposure
Axelar Secret Network Hack Drains $4.67M via IBC Bridge
ZachXBT Changelly Scam: Mule Reports Own Frozen Funds
