Ethereum’s Notorious ‘Sandwich’ Bot Loses $7.5 Million in a Twist of Fate
Blockaid reported that an attacker deceived Jaredfromsubway.eth into sanctioning fraudulent trading routes, subsequently utilizing those authorizations to siphon WETH, USDC, and USDT.
— An assailant extracted over $7.5 million from the infamous Ethereum MEV bot jaredfromsubway.eth by taking advantage of its automated trading logic, rather than exploiting a conventional contract flaw or engaging in phishing.
— Over several weeks, the attacker enticed the bot into approving harmful helper contracts through fake tokens and liquidity pools that imitated assets like WETH, USDC, and USDT, then employed those open approvals to withdraw funds, routing some through Tornado Cash.
— This event highlights the magnitude and dangers of industrialized sandwich-bot operations—jaredfromsubway.eth has accounted for approximately 70% of Ethereum sandwich attacks, which cost traders around $60 million annually—by demonstrating how machine-speed, pattern-based systems can themselves become victims.
Jaredfromsubway.eth, one of Ethereum’s most infamous MEV bots, has been drained of more than $7.5 million after an attacker turned the bot’s own automated trading logic against it.
The bot is recognized for sandwich attacks, a method of maximal extractable value, or MEV, where an automated trader identifies a pending transaction, buys before it, allows the victim to trade at a less favorable price, and then sells immediately afterward.
This results in a hidden tax on users that can accumulate across thousands of trades.
Sandwich attackers are generally not viewed as exploiters but rather as engaging in predatory behavior within crypto communities, extracting value from users, causing a surge in gas fees, and offering no advantages to either the network or the users.
Security firm Blockaid stated that the incident on Saturday did not constitute a typical phishing attack and was not merely a simple bug in the victim’s contract. Instead, the attacker focused on the bot’s decision-making framework.
The scheme was established over several weeks, during which the attacker launched numerous fake token contracts and counterfeit liquidity pools—collections of tokens locked on a decentralized exchange—that appeared to represent lucrative trades. Some mirrored familiar assets such as wrapped ether (WETH) and stablecoins pegged to the dollar like USDC and USDT.
That bait performed as intended. Jaredfromsubway.eth’s bot perceived what seemed like MEV opportunities and generated approvals for attacker-controlled helper contracts to spend tokens on its behalf. Those approvals were initially used in the trade during earlier trials, but later, the attacker devised routes where the approvals remained open.
This granted the attacker standing permission to extract funds. They utilized those open approvals to transfer WETH, USDC, and USDT from Jaredfromsubway.eth’s contracts, draining over $7.5 million.
Some of the misappropriated funds were subsequently routed to Tornado Cash, as on-chain data reviewed by Decryptnews indicated.
The irony was unmistakable.
Jaredfromsubway.eth has long been a prominent symbol of toxic MEV on Ethereum. Sandwich attacks cost Ethereum traders approximately $60 million annually, with 60,000 to 90,000 attacks monthly between November 2024 and October 2025.
About 70% of those attacks were linked to Jaredfromsubway.eth, which has been operational since early 2023.
Decryptnews reported in May that the same bot had even sandwiched a minor swap conducted by Ethereum co-founder Vitalik Buterin. It risked $1.14 million to front-run Buterin’s trade, resulting in a mere $4 profit (after fees, the bot earned a few dollars on this specific trade).
The trade was valued at only a few dollars, and the loss was minimal, but it illustrated the extent of the bot’s industrialization. It was scanning the mempool for nearly any opportunity to insert itself.
While Saturday’s event does not diminish the harmfulness of sandwich attacks, it does highlight the dangers of operating systems that approve transactions at machine speed based on pattern recognition and profit signals.
Jaredfromsubway.eth profited for years from traders who were unaware of the bot’s presence. However, on Saturday, the bot also failed to anticipate the trade.
