Blab Crypto
Ethereum MEV Bot Jaredfromsubway.eth Loses $7.5 Million, Attacker Begins Laundering Through Tornado Cash and DAI
An attacker drained $7.5 million from the Ethereum Maximal Extractable Value (MEV) bot Jaredfromsubway.eth and has begun moving the proceeds through privacy‑enhancing services, according to on‑chain investigator Specter.
Specter reported that about $5.1 million of the stolen funds have already been transferred to Tornado Cash, a decentralized privacy protocol that mixes Ethereum transactions. The remaining assets were converted into the stablecoin DAI, worth roughly $2.44 million at the time of the report.
The theft began when the attacker created a fake liquidity pool and a wrapper token that mimicked a legitimate trading opportunity. By modifying the trading logic of the MEV bot, the attacker caused the bot to approve token transfers that it normally would not. The exploit extracted 1,583 ETH, $2.87 million in USDC and $2.09 million in USDT from the bot’s vault.
After the initial extraction, the attacker consolidated the assets and swapped them for 4,427 ETH. This step reduced fragmentation and simplified the subsequent laundering process.
To obscure the trail, the attacker split the 2,000 ETH that was moved to Tornado Cash into 20 separate deposits of 100 ETH each. Specter noted that the attacker “has no intention of returning any funds to jaredfromsubway.” The use of multiple small deposits is a common tactic that makes it harder for on‑chain analytics to link the transactions.
The remaining 1,422 ETH were exchanged for DAI. Converting the assets into a stablecoin reduces exposure to price volatility and facilitates further transfers across chains or to other privacy tools.
The laundering pattern observed here mirrors a broader trend in post‑exploit activity. Attackers often fragment stolen funds, move them through privacy protocols, and then bridge them to other blockchains or token types. This multi‑step process complicates recovery efforts and can span several networks.
The incident has drawn attention from regulators. In a separate case, U.S. authorities charged two suspected cryptocurrency laundering service operators for processing more than $389 million in illicit digital asset transactions.
Jaredfromsubway.eth is one of Ethereum’s most active sandwich‑attack bots, a type of MEV strategy that inserts trades before and after a target transaction to capture price slippage. The bot’s prominence made it an attractive target for attackers looking to exploit its automated trading logic.
The use of Tornado Cash in this case highlights the ongoing tension between privacy tools and regulatory scrutiny. Tornado Cash was blacklisted by the U.S. Treasury in August 2022, but a 2024 federal appeals court overturned the earlier ruling that prohibited its use.
In summary, the attacker has successfully drained $7.5 million from the Jaredfromsubway.eth MEV bot and is actively laundering the proceeds through Tornado Cash and DAI. The move to privacy protocols and stablecoins is consistent with known laundering tactics and complicates potential recovery. The incident underscores the need for tighter security in MEV bot contracts and raises questions about the effectiveness of current regulatory frameworks in addressing crypto‑based theft.
Specter reported that about $5.1 million of the stolen funds have already been transferred to Tornado Cash, a decentralized privacy protocol that mixes Ethereum transactions. The remaining assets were converted into the stablecoin DAI, worth roughly $2.44 million at the time of the report.
The theft began when the attacker created a fake liquidity pool and a wrapper token that mimicked a legitimate trading opportunity. By modifying the trading logic of the MEV bot, the attacker caused the bot to approve token transfers that it normally would not. The exploit extracted 1,583 ETH, $2.87 million in USDC and $2.09 million in USDT from the bot’s vault.
After the initial extraction, the attacker consolidated the assets and swapped them for 4,427 ETH. This step reduced fragmentation and simplified the subsequent laundering process.
To obscure the trail, the attacker split the 2,000 ETH that was moved to Tornado Cash into 20 separate deposits of 100 ETH each. Specter noted that the attacker “has no intention of returning any funds to jaredfromsubway.” The use of multiple small deposits is a common tactic that makes it harder for on‑chain analytics to link the transactions.
The remaining 1,422 ETH were exchanged for DAI. Converting the assets into a stablecoin reduces exposure to price volatility and facilitates further transfers across chains or to other privacy tools.
The laundering pattern observed here mirrors a broader trend in post‑exploit activity. Attackers often fragment stolen funds, move them through privacy protocols, and then bridge them to other blockchains or token types. This multi‑step process complicates recovery efforts and can span several networks.
The incident has drawn attention from regulators. In a separate case, U.S. authorities charged two suspected cryptocurrency laundering service operators for processing more than $389 million in illicit digital asset transactions.
Jaredfromsubway.eth is one of Ethereum’s most active sandwich‑attack bots, a type of MEV strategy that inserts trades before and after a target transaction to capture price slippage. The bot’s prominence made it an attractive target for attackers looking to exploit its automated trading logic.
The use of Tornado Cash in this case highlights the ongoing tension between privacy tools and regulatory scrutiny. Tornado Cash was blacklisted by the U.S. Treasury in August 2022, but a 2024 federal appeals court overturned the earlier ruling that prohibited its use.
In summary, the attacker has successfully drained $7.5 million from the Jaredfromsubway.eth MEV bot and is actively laundering the proceeds through Tornado Cash and DAI. The move to privacy protocols and stablecoins is consistent with known laundering tactics and complicates potential recovery. The incident underscores the need for tighter security in MEV bot contracts and raises questions about the effectiveness of current regulatory frameworks in addressing crypto‑based theft.
