Ethereum Sandwich Bot Drained of More Than $7.5M in MEV Exploit
Ethereum MEV bot jaredfromsubway.eth was drained of more than $7.5 million after an attacker manipulated its automated trading logic. The incident highlights the operational risks around high-speed sandwich-bot systems and open token approvals.
What happened?
Ethereum MEV bot jaredfromsubway.eth was drained of more than $7.5 million after an attacker manipulated its automated trading logic. The incident highlights the operational risks around high-speed sandwich-bot systems and open token approvals.
Why it matters
The case matters because sandwich bots are a prominent and controversial part of Ethereum’s trading environment. These bots try to profit by detecting pending transactions, trading ahead of them, and then selling after the target trade moves the price. CoinDesk described the practice as a hidden cost for users that can accumulate across many trades and contribute to higher gas activity without benefiting ordinary traders.
Jaredfromsubway.eth, one of Ethereum’s best-known MEV bots, was drained of more than $7.5 million after an attacker turned its own automated trading system against it, according to CoinDesk. Security firm Blockaid said the incident was not a standard phishing attack or a simple smart-contract bug, but a targeted manipulation of the bot’s decision-making process.
The case matters because sandwich bots are a prominent and controversial part of Ethereum’s trading environment. These bots try to profit by detecting pending transactions, trading ahead of them, and then selling after the target trade moves the price. CoinDesk described the practice as a hidden cost for users that can accumulate across many trades and contribute to higher gas activity without benefiting ordinary traders.
According to Blockaid, the attacker spent several weeks setting up the trap. They deployed fake token contracts and fake liquidity pools designed to look like profitable opportunities, with some assets mimicking familiar tokens such as wrapped ether, USDC and USDT. The bot responded by approving attacker-controlled helper contracts to spend tokens on its behalf.
Those approvals became the weakness. Earlier test trades used the permissions immediately, but later routes left approvals open, giving the attacker standing permission to pull funds from the bot’s contracts. The attacker then drained WETH, USDC and USDT, with some of the stolen funds later routed through Tornado Cash, according to on-chain data reviewed by CoinDesk.
The episode is notable because jaredfromsubway.eth has long been associated with large-scale sandwich activity on Ethereum. CoinDesk reported that sandwich attacks cost Ethereum traders about $60 million a year, with 60,000 to 90,000 attacks per month between November 2024 and October 2025, and roughly 70% of those attacks linked to jaredfromsubway.eth. The exploit does not reduce the harm caused by sandwich attacks, but it shows that automated systems chasing pattern-based profit signals can also become vulnerable when their assumptions are gamed.