jaredfromsubway.eth Sandwich Bot Drained of $7.5 Million

The most infamous sandwich bot on Ethereum just got a taste of its own medicine. jaredfromsubway.eth, a maximal extractable value (MEV) trading bot that built a fortune by preying on ordinary Ethereum users, was drained of more than $7.5 million on Saturday after an attacker spent weeks engineering the perfect trap, turning the bot’s own automated approval logic into an open vault that anyone with the right permissions could empty at will.

How the Attacker Flipped the Sandwich Bot’s Logic

This was not a standard phishing attack, and it was not a simple contract bug. Security firm Blockaid said the attacker targeted something more fundamental: the bot’s decision-making system. The whole operation was months in the making, built layer by layer through patient, methodical deception.

Over several weeks, the attacker deployed dozens of fake token contracts and fake liquidity pools designed to look like profitable jaredfromsubway.eth sandwich bot $7.5 million drained opportunities. Some mimicked WETH (wrapped ether). Others copied familiar stablecoins like USDC and USDT. The bait was sophisticated enough to fool automated pattern recognition built to scan for profit signals, not authenticate token origins.

At first, the attacker ran test trades. The bot would see what it thought was a MEV opportunity and generate token approvals for attacker-controlled helper contracts. In the early rounds, those approvals got used immediately during the trade itself. But the attacker was learning, iterating, watching how the bot responded. Gradually, routes were restructured so that approvals stayed open after each transaction completed. The bot had handed over standing permission to move its funds without realizing it.

Then came the withdrawal. Using those open approvals, the attacker pulled WETH, USDC, and USDT directly out of jaredfromsubway.eth’s contracts. The whole thing unraveled in a matter of minutes once the attacker decided to collect. More than $7.5 million was gone.

The incident was not a normal phishing attack and not a simple bug in the victim contract. The attacker targeted the bot’s decision-making system.

What Is a Sandwich Bot and Why Should You Care?

A sandwich bot is an automated trader that exploits Ethereum’s public mempool. When a user submits a swap, the bot spots it, buys the same asset ahead to push the price up, waits for the victim’s order to execute at the worse rate, then sells to capture the spread. The user pays more. The bot takes the difference.

Scale that across thousands of trades per day and the numbers get serious fast. Ethereum sandwich attacks cost traders about $60 million a year, with somewhere between 60,000 and 90,000 individual attacks happening every month between November 2024 and October 2025, according to on-chain data. Roughly 70% of those attacks traced back to jaredfromsubway.eth. The bot has been running since early 2023 and does not discriminate by wallet size or trade size. It simply watches and inserts itself wherever a profit signal appears.

Sandwich attackers are not hackers in the traditional sense. No contracts get broken into. No private keys get stolen. The bot operates entirely within the rules of how Ethereum’s mempool works, which is part of what makes it so difficult to stop and so contentious within the crypto community.

The Time It Sandwiched Vitalik Buterin

The scope of jaredfromsubway.eth’s reach became genuinely absurd when reports emerged earlier this year that it had sandwiched a small swap made by Ethereum co-founder Vitalik Buterin. According to reporting published in May, the bot put up $1.14 million in capital to frontrun Buterin’s trade. The profit from the whole maneuver? $4. After fees, the bot actually lost money on that particular trade.

That is the kind of story that makes the case better than any statistic. jaredfromsubway.eth had sandwiched Vitalik Buterin’s own swap for essentially nothing, deploying over a million dollars in capital to extract pocket change. The bot was not making strategic choices. It was pattern-matching and executing at machine speed, on autopilot, indifferent to who was on the other side.

That level of indiscriminate automation is exactly what made jaredfromsubway.eth so effective at scale. It is also what made it vulnerable. When the attacker came along with fake token contracts designed to look like profit signals, the bot responded the same way it always did. It committed approvals. No questions asked.

What Happens to the Stolen Funds?

On-chain data shows some of the drained funds moving toward Tornado Cash, the cryptocurrency mixing protocol. If the attacker follows the standard playbook for large Ethereum heists, the stolen tokens get fragmented through the mixer to break the transaction trail and eventually surface in fresh wallets or bridge to other chains where they are harder to track.

Whether any of it is recoverable is almost certainly a no. Blockchain transactions are final. Open token approvals, once exploited, cannot be reversed. The $7.5 million is gone unless the attacker makes an unusual decision to return it, which happens in white-hat scenarios occasionally but is rare with this kind of premeditated long-game attack.

The Tornado Cash routing also has legal implications. Using that mixer following a theft puts the funds in territory that makes legitimate recovery through any exchange or fiat off-ramp substantially harder. For the attacker, that may be the entire point.

• Fake WETH and stablecoin contracts deployed over several weeks as bait
• Token approvals harvested through fake liquidity pool test trades
• Open approvals used to drain WETH, USDC, and USDT from bot contracts
• Stolen funds traced moving toward Tornado Cash mixer

The Bigger Lesson for Ethereum MEV Bots

Saturday’s incident does not make sandwich attacks less harmful to ordinary Ethereum users. The damage jaredfromsubway.eth inflicted across three-plus years of operation is not reversed by one exploit. Every trader who paid inflated slippage because of this bot still paid it. That $60 million per year number does not change.

But the event does expose something real about the architecture of MEV bots. These systems operate by generating transaction approvals at machine speed, trusting pattern recognition over manual review. That speed and automation is the whole value proposition. It is also a permanent attack surface. An attacker with enough patience and enough fake token contracts can train the system to trust them over time.

The Blockaid framing is worth sitting with here. This was an attack on the bot’s decision-making system, not its code. The code worked exactly as written. What got fooled was the automated judgment about what counts as a profit opportunity. Fixing that requires something harder than a patch.

jaredfromsubway.eth spent years profiting from traders who did not see the bot coming. On Saturday, the bot did not see the trade coming either.

This article is for informational purposes only and does not constitute investment advice. Every investment and trading decision involves risk. Readers should conduct their own research before making any financial decisions.