Jaredfromsubway.eth exploiter launders 2,000 ETH through Tornado Cash as stolen funds keep moving

Jaredfromsubway.eth exploiter launders 2,000 ETH through Tornado Cash as stolen funds keep moving

The attacker behind the $7.5 million MEV bot drain continues washing proceeds despite a bounty offer from the bot's operator

Share

Add us on Google
by Editorial Team

The person who pulled off one of the most brazen exploits in Ethereum’s MEV ecosystem is not sitting still. The attacker who drained the infamous Jaredfromsubway.eth sandwich bot has now routed approximately 2,000 ETH through Tornado Cash, the privacy mixer that remains the go-to laundering tool for on-chain criminals.

On top of the mixing, the exploiter swapped 1,422 ETH for roughly 2.45 million DAI. That leaves a minimal ETH balance in the attacker’s wallets.

How the original exploit went down

The exploit, which security firm Blockaid characterized as a “counter-MEV honeypot” attack, was almost poetic in its construction. The attacker deployed fake token contracts and liquidity pools designed to trick the bot into granting token approvals. The exploiter built a trap that looked like a juicy sandwich opportunity, and the bot took the bait.

Advertisement

The scheme played out over several weeks before culminating in a drain that siphoned off more than $7.5 million in various assets. The stolen haul included 1,474.58 WETH, 2.87 million USDC, and 2 million USDT. All of it was converted into approximately 4,400 ETH.

The bounty that went nowhere

After the exploit came to light around June 20-21, the Jaredfromsubway.eth operator posted an on-chain message offering a white-hat bounty. The deal was 50% of the stolen funds, roughly 2,150 ETH, in exchange for returning the rest within 48 hours. The message also carried the implicit threat of legal action if the attacker refused.

Rather than returning anything, the attacker has been systematically moving funds through Tornado Cash. The 2,000 ETH transfer, valued at approximately $3.44 million at the time of the transaction, represents a significant chunk of the stolen proceeds being pushed through the mixer.

What this means for MEV and DeFi security

The counter-MEV honeypot technique essentially weaponizes a bot’s own aggression against it. MEV bots rely on automated token approvals to execute trades at speed. That same mechanism — the willingness to approve and interact with any contract that presents a profitable opportunity — is exactly what the attacker exploited.

Despite being sanctioned by the US Treasury’s Office of Foreign Assets Control back in 2022, Tornado Cash remains operational as a decentralized protocol. Every major exploit that routes funds through it renews the debate about whether privacy tools are a necessary feature of financial freedom or primarily an enabler of theft.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
MARKETS

Jaredfromsubway.eth exploiter launders 2,000 ETH through Tornado Cash as stolen funds keep moving

Jaredfromsubway.eth exploiter launders 2,000 ETH through Tornado Cash as stolen funds keep moving

The attacker behind the $7.5 million MEV bot drain continues washing proceeds despite a bounty offer from the bot's operator

by Editorial Team

Share

Add us on Google

The person who pulled off one of the most brazen exploits in Ethereum’s MEV ecosystem is not sitting still. The attacker who drained the infamous Jaredfromsubway.eth sandwich bot has now routed approximately 2,000 ETH through Tornado Cash, the privacy mixer that remains the go-to laundering tool for on-chain criminals.

On top of the mixing, the exploiter swapped 1,422 ETH for roughly 2.45 million DAI. That leaves a minimal ETH balance in the attacker’s wallets.

How the original exploit went down

The exploit, which security firm Blockaid characterized as a “counter-MEV honeypot” attack, was almost poetic in its construction. The attacker deployed fake token contracts and liquidity pools designed to trick the bot into granting token approvals. The exploiter built a trap that looked like a juicy sandwich opportunity, and the bot took the bait.

Advertisement

The scheme played out over several weeks before culminating in a drain that siphoned off more than $7.5 million in various assets. The stolen haul included 1,474.58 WETH, 2.87 million USDC, and 2 million USDT. All of it was converted into approximately 4,400 ETH.

The bounty that went nowhere

After the exploit came to light around June 20-21, the Jaredfromsubway.eth operator posted an on-chain message offering a white-hat bounty. The deal was 50% of the stolen funds, roughly 2,150 ETH, in exchange for returning the rest within 48 hours. The message also carried the implicit threat of legal action if the attacker refused.

Rather than returning anything, the attacker has been systematically moving funds through Tornado Cash. The 2,000 ETH transfer, valued at approximately $3.44 million at the time of the transaction, represents a significant chunk of the stolen proceeds being pushed through the mixer.

What this means for MEV and DeFi security

The counter-MEV honeypot technique essentially weaponizes a bot’s own aggression against it. MEV bots rely on automated token approvals to execute trades at speed. That same mechanism — the willingness to approve and interact with any contract that presents a profitable opportunity — is exactly what the attacker exploited.

Despite being sanctioned by the US Treasury’s Office of Foreign Assets Control back in 2022, Tornado Cash remains operational as a decentralized protocol. Every major exploit that routes funds through it renews the debate about whether privacy tools are a necessary feature of financial freedom or primarily an enabler of theft.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.