Ethereum’s Most Notorious Sandwich Bot Just Got Sandwiched

The most infamous sandwich bot on Ethereum got robbed using its own playbook.

Jaredfromsubway.eth, the automated MEV system that front-runs and back-runs ordinary traders for profit, was drained for more than $7.5 million on June 20, based on security-firm reviews of the on-chain transactions.

The attack did not break Ethereum and it did not crack the bot’s keys. It exploited the one thing the bot was built to do, which is move fast and grant approvals automatically.

That is what makes this one land different. The bot that has spent years extracting value from open allowances got caught by a contract that abused open allowances right back.

Blockaid’s exploit detection system flagged the incident and laid out how it worked.

Crypto.news added the approval mechanics and the split between the outside loss estimate and Jared’s own claim. Crypto.news reported that Blockaid described the incident as an approval-trap attack rather than ordinary phishing or a normal victim-contract bug.

One cited example involved an approval of about 92.16 WETH to an attacker helper contract before the later sweep. Etherscan records showed transfers from jaredfromsubway: MEV Bot 2 to an attacker wallet beginning with 0x3e37.

Crypto.news also noted that Blockaid put the drain near $7.5 million while the JaredFromSubway account later claimed a $15 million loss and offered a $1 million bounty. That difference needs careful handling because the public estimates and the operator’s statement do not match perfectly.

The firmer public number is the one centered around the outside security accounts and on-chain reporting: roughly $7.5 million visible in the drain, while Jared publicly claimed the loss was larger. The mechanics are the important part for readers: automated systems that approve token spending can be manipulated if attackers make a route look profitable enough.

BeInCrypto framed the incident as a fake-contract trap rather than a private-key or phishing story. BeInCrypto reported that the attacker used 66 fake token contracts that mimicked WETH, USDC, and USDT.

Those contracts were paired with fake liquidity pools, creating routes that looked attractive to an automated MEV system scanning for profit. Blockaid found no smart-contract bug, phishing attack, or private-key compromise in the victim contract.

That distinction matters because the exploit did not depend on stealing a seed phrase or breaking Ethereum itself. It depended on making the bot do what it was built to do, react quickly to a route that appeared profitable.

The coverage also tied the bot to its longer reputation, including heavy gas usage and years of sandwiching traders across Ethereum. That history makes the event important beyond the dollar figure because it puts a famous MEV operator under the same adversarial pressure everyday users face.

PeckShield put the haul near $7.5 million, including 1,474.58 WETH, 2.87 million USDC and 2 million USDT. The attacker then swapped the stolen funds into about 4,400 ETH and sent 1,000 ETH into Tornado Cash, the mixer used to obscure on-chain trails.

The loss figure has two versions. Blockaid and PeckShield estimates center near $7.5 million, while the JaredFromSubway account later claimed a $15 million loss and offered a $1 million bounty.

The outside estimates are the firmer number here. The $7.5 million figure is backed by independent on-chain transaction evidence, while the larger claim comes from the operator who just got burned.

For everyone else on Ethereum, the lesson sits in the approval layer. Automated systems that grant token allowances at speed carry real risk if they can be tricked into trusting routes they never verified.

That risk is not unique to predatory bots. Any on-chain automation that signs approvals without checking what it is approving is exposed to the same kind of trap.

Ethereum itself worked fine through all of this. The chain settled every transaction exactly as designed, which is the point.

The failure was in one bot’s logic, not in the network running underneath it.

There is a rough justice to watching the king of sandwich attacks get served his own meal. The bigger takeaway is colder.

On a permissionless chain, the same automation that prints money can be aimed straight back at the machine that runs it.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.