Ethereum's Infamous Sandwich Bot Drained for Millions in Smart Attack
An infamous MEV bot on Ethereum was drained for millions after a sophisticated attack. The case shows how vulnerable automated trading logic can be.
Key Takeaways
- The Ethereum MEV bot Jaredfromsubway.eth fell victim to an attack that drained more than $7.5 million.
- The attacker lured the bot with fake token contracts and fake liquidity pools, then abused unlimited approvals.
- Some of the stolen funds were later moved through Tornado Cash, and the bot had spent years carrying out a lot of sandwich attacks.
Jaredfromsubway.eth, one of the most notorious MEV bots on Ethereum, fell victim to a clever attack that drained more than $7.5 million. The attacker managed to turn the bot's automated trading logic against itself, pulling out large amounts in WETH, USDC, and USDT.
How Sandwich Attacks Work and Why They Matter
The bot Jaredfromsubway.eth is known for sandwich attacks, a form of Maximal Extractable Value (MEV). In this setup, the bot watches a transaction that has not been processed yet, buys tokens right before it goes through, lets the user trade at a worse price, and then sells right after. This creates a hidden tax on users that adds up across thousands of transactions. While sandwich attacks are not always seen as an exploit, the crypto community often views them as harmful and predatory because they drain value from users and drive up transaction costs without helping the network.
The Attack on Jaredfromsubway.eth
The recent attack was not a standard phishing scam or a simple bug, but a carefully planned strategy aimed at the bot's decision-making system. Over several weeks, the attacker set up dozens of fake token contracts and fake liquidity pools that looked like profitable trading opportunities. Some of these fake assets copied well-known tokens, including WETH and the stablecoins USDC and USDT.
The bot treated these fake opportunities as legitimate MEV chances and approved contracts controlled by the attacker to spend tokens on the bot's behalf. At first, these approvals were used in test transactions, but later the attacker left routes open where the approvals stayed unlimited. That let the attacker pull large amounts out of Jaredfromsubway.eth's contracts without any further permission.
Some of the stolen funds were later moved through Tornado Cash, which makes them harder to trace.
What This Means for the Ethereum Community
For years, Jaredfromsubway.eth was one of the clearest examples of toxic MEV activity on Ethereum. Sandwich attacks are estimated to cause about $60 million (€52.3 million) in losses for Ethereum traders each year, with between 60,000 and 90,000 attacks per month from November 2024 to October 2025. About 70% of those attacks were linked to this specific bot, which has been active since early 2023.
This event highlights the risks of relying on automated systems that approve transactions at machine speed based on pattern recognition and profit signals. While Jaredfromsubway.eth spent years profiting from unsuspecting traders, the bot itself has now become the victim of a sophisticated exploit.
Why This Matters for European Crypto Users
For European crypto users, this attack highlights why it's important to stay alert when using automated trading bots and DeFi protocols. The incident shows that even advanced systems can be vulnerable to manipulation, which can lead to major financial losses. That may matter for users active in DeFi and those working with MEV-related services, since these risks also exist in European markets. A broader takeaway is that the privacy debate on Ethereum also ties into this kind of risk, because on-chain transparency creates both opportunities and attack surfaces.
