Jaredfromsubway Hacker Skips 50% Bounty, Routes ETH Through Tornado Cash
The Ethereum MEV bot operator behind “Jaredfromsubway” says the hacker ignored a public offer to return 50% of stolen funds. Instead, the attacker allegedly moved 2,000 ETH through Tornado Cash, selling 1,422 ETH for about $2.4M in DAI and leaving roughly 5 ETH in the wallet.
Security firms (PeckShield, Blockaid) describe how the exploit worked on June 20. The attacker created fake wrapper tokens (fWETH, fUSDC, fUSDT) and paired them with fake liquidity pools that looked like profitable MEV trades to the bot’s scanners. The bot then granted token approvals to attacker-controlled helper contracts. When the right route was selected, the contract used existing approvals to pull WETH, USDC, and USDT from the Jaredfromsubway contract via standard transferFrom calls.
The bot runner initially offered a $1M reward to return funds, then later escalated to a $3M “time-sensitive” bounty and threatened legal action after a 48-hour deadline. Onchain reporting suggests the hacker responded by moving more ETH through Tornado Cash, indicating little intent to negotiate.
Traders should watch for renewed focus on MEV risk and contract-approval attack surfaces. While this is unlikely to move ETH fundamentals alone, repeated MEV exploit headlines can affect short-term sentiment around on-chain trading, approvals, and privacy tooling like Tornado Cash.
Bearish
This is bearish mainly for market sentiment around on-chain execution and smart-contract safety. The Jaredfromsubway incident shows a mature MEV-style approval attack: fake token wrappers and liquidity routed to earn approvals, then drain funds via transferFrom. When attackers ignore bounties and move ETH through Tornado Cash, it reinforces expectations of prolonged uncertainty, slower recovery, and higher perceived risk for automated trading strategies.
In the short term, traders may reduce exposure to MEV-sensitive setups, tighten risk controls on router/approval interactions, and demand additional monitoring of token approvals and contract interactions—behavior that can pressure activity on some DeFi venues. In the long run, this type of exploit typically accelerates defensive tooling and research (e.g., better approval hygiene, detection, and potential privacy/mempool proposals), but adoption takes time.
Compared with past exploit cycles (where repeated MEV/DeFi hacks led to temporary declines in risk appetite and higher volatility in affected ecosystems), this headline is more likely to affect trading posture and liquidity distribution than overall ETH price direction.