Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Tech

Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Blockaid said an attacker tricked Jaredfromsubway.eth into approving fake trading routes, then used those approvals to drain WETH, USDC and USDT.

By

Shaurya Malwa

Jun 21, 2026, 7:12 a.m.

3

min read

Make

preferred on

Share

Share this article

Copy link

X icon

X (Twitter)

LinkedIn

Facebook

Email

Make

preferred on

Summary

Show

An attacker drained more than $7.5 million from the notorious Ethereum MEV bot jaredfromsubway.eth by exploiting its automated trading logic rather than a traditional contract bug or phishing scam.

Over several weeks, the attacker lured the bot into approving malicious helper contracts via fake tokens and liquidity pools that mimicked assets like WETH, USDC and USDT, then used those open approvals to pull funds and route some through Tornado Cash.

The incident underscores both the scale and risks of industrialized sandwich-bot activity—jaredfromsubway.eth has been responsible for roughly 70% of Ethereum sandwich attacks, which cost traders about $60 million a year—by showing how machine-speed, pattern-based systems can themselves be turned into victims.

Jaredfromsubway.eth, one of Ethereum’s most infamous MEV bots, has been drained for more than $7.5 million after an attacker turned the bot’s own automated trading logic against it.

The bot is known for sandwich attacks, a form of maximal extractable value, or MEV, in which an automated trader spots a pending transaction, buys ahead of it, lets the victim trade at a worse price, then sells immediately after.

The result is a small hidden tax on users that can add up across thousands of trades.

Sandwich attackers aren’t typically a form of exploit but are looked upon in crypto circles as a type of predatory behavior, which skims value from users, leads to a spike in gas fees and doesn’t benefit either the network or the user.

Security firm

Blockaid said

Saturday’s incident was not a normal phishing attack and not a simple bug in the victim contract. The attacker instead targeted the bot’s decision-making system.

The setup was built over several weeks, where the attacker deployed dozens of fake token contracts and fake liquidity pools - a term for a pile of tokens locked on a decentralized exchange - that looked like profitable trades. Some mimicked familiar assets such as wrapped ether (WETH), and dollar-pegged stablecoins USDC and USDT.

That bait did what it was supposed to do. Jaredfromsubway.eth’s bot saw what looked like MEV opportunities and generated approvals for attacker-controlled helper contracts to spend tokens on its behalf. Those approvals were used immediately as part of the trade in earlier tests, but later, the attacker created routes where the approvals stayed open.

This left the attacker with standing permission to pull funds. And they used those open approvals to transfer WETH, USDC and USDT out of Jaredfromsubway.eth’s contracts, draining more than $7.5 million.

Some of the stolen funds were later sent to Tornado Cash, onchain data reveiwed by CoinDesk showed.

The irony was hard to miss, meanwhile.

Jaredfromsubway.eth has long been one of the most visible symbols of toxic MEV on Ethereum. Sandwich attacks cost Ethereum traders about $60 million a year, with 60,000 to 90,000 attacks per month between November 2024 and October 2025.

Roughly 70% of those attacks were associated with Jaredfromsubway.eth, who has been

active since early 2023

.

CoinDesk reported in May that the same bot had even sandwiched a small swap by Ethereum co-founder Vitalik Buterin. It put up $1.14 million to frontrun Buterin's

trade to make just $4

(after fees, the bot a few dollars money on this particular trade).

The trade was worth only a few dollars, and the loss was tiny, but it showed how industrialized the bot had become. It was scanning the mempool for nearly anything it could insert itself around.

While Saturday's incident does not make sandwich attacks less harmful, but it does show the risk of running systems that approve transactions at machine speed based on pattern recognition and profit signals.

Jaredfromsubway.eth spent years profiting from traders who did not see the bot coming. But on Saturday, the bot did not see the trade coming either.

Latest Crypto News

1

Asset management giant Invesco files for tokenized fund targeting stablecoin reserve market

6 hours ago

2

Coinbase's Base blockchain resumes after two-hour outage disrupted network

8 hours ago

3

Strategy's yield-generating STRC stock is more correlated with BTC than ever

9 hours ago

4

Kraken in talks to buy 15% stake in DeFi lender Aave at $385 million valuation

10 hours ago

5

a16z-backed crypto firm rebrands, shifts focus to solving AI’s global copyright headache

10 hours ago

6

BlackBerry is making a massive comeback as an 'uncrashable' software layer for AI and robotics

11 hours ago

7

Strategy has a 10-month cash runway for dividends, but retail investors are losing faith

11 hours ago

8

Quant fund says bitcoin is near a major inflection point as rare onchain signals align

12 hours ago

9

Bitcoin tumbles to new multi-year low of $58,000, but a short-squeeze setup emerges

12 hours ago

10

Crypto for Advisors: Bitcoin: planning for inheritance

12 hours ago

Latest Research

CEX Volumes Drop to Lowest Since September 2024 as RWA Perps Hit Record High

CEX Volumes Drop to Lowest Since September 2024 as RWA Perps Hit Record High

In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.

By

CoinDesk Research

Jun 15, 2026

In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.

Why it matters

:

In May, combined exchange volumes fell 3.45% to $4.41T; the lowest since September 2024. RWA perpetual futures volumes rose 10.4% against the trend, hitting a new all-time high.

View Full Report

More From

Tech

Coinbase's Base blockchain resumes after two-hour outage disrupted network

Live markets: Bitcoin settles in under $60,000

Upheaval at the Ethereum Foundation has some of crypto’s biggest names feeling bullish

CD20

$1,573.22

CD20 down 3.88 percent

3.88%

BTC

$58,806.46

BTC down 3.29 percent

3.29%

ETH

$1,529.59

ETH down 5.41 percent

5.41%

XRP

$1.02

XRP down 4.98 percent

4.98%

SOL

$66.72

SOL down 1.30 percent

1.30%