Ethereum's top sandwich bot lost $7.5M in a counter-MEV trap

iEXExchanger
Ethereum's top sandwich bot lost $7.5M in a counter-MEV trap

The most notorious sandwich bot on Ethereum lost $7.5M after an attacker spent weeks planting 66 fake token contracts that tricked it into signing its funds away.

For several months, someone was quietly building a trap — not for a regular trader, but for the most feared predator on Ethereum.

jaredfromsubway.eth had run an aggressive operation for years: responsible for roughly 70% of all sandwich attacks on the network, it extracted around $60 million annually from ordinary users' swaps. At one point, the bot fronted $1.14 million just to squeeze a few dollars from a small transaction made by Ethereum co-founder Vitalik Buterin. The math was cold, automated, and relentless.

This week it all unraveled. The attacker spent several weeks deploying 66 counterfeit token contracts that mimicked WETH, USDC, and USDT, each paired with fake liquidity pools presenting apparently profitable targets. The bot did exactly what it was built to do: recognized opportunity, automatically authorized the attacker's contracts to manage its funds, and waited. The wait ended with a $7.5 million drain. Some of that money has already been routed through Tornado Cash.

No contract flaw was exploited. No private key was stolen. The attack surface was the bot's own logic — its automated hunger for trades, firing faster than any human could audit. Sixty-six fake tokens, weeks of patience, and a handful of approvals was all it took to empty the wallet of Ethereum's most prolific sandwicher.

What this reveals about MEV infrastructure is uncomfortable: as bots grow larger and more predictable, they become targets themselves. The same automated appetite that made jaredfromsubway.eth dominant left it wide open to a well-timed counter-trap. The predator became prey without a single line of its code being touched.

Questions and answers

Frequently asked questions about this article

What is a sandwich attack and how does an MEV bot work?

An MEV bot monitors Ethereum's mempool for pending transactions. A sandwich attack means placing a buy order just before a large user swap and a sell right after, profiting from the artificial price movement. jaredfromsubway.eth was responsible for roughly 70% of all such attacks on the network.

How exactly was $7.5M drained from the bot?

The attacker deployed 66 counterfeit token contracts mimicking WETH, USDC, and USDT, paired with fake liquidity pools. The bot automatically approved the attacker's contracts to control its funds — treating them as legitimate trading opportunities. Once those approvals were in place, the drain was instant.

What happened to the stolen funds?

Part of the $7.5 million was routed through Tornado Cash, a crypto mixer that obscures transaction trails. The full amount laundered and the ultimate recipients had not been identified at the time of publication.

Why does this matter for DeFi?

The incident shows that large automated bots are themselves becoming attractive targets. The exploit required no code vulnerability — only an understanding of the bot's logic and patience. This represents a new attack vector that could affect other MEV operators across the network.

What is Tornado Cash and why do attackers use it?

Tornado Cash is a decentralized mixer on Ethereum: funds are deposited and withdrawn from a different address, breaking the public transaction chain. Attackers use it to obscure the trail after theft. The US imposed sanctions on the protocol in 2022.

Read also