More than $7.5 million was siphoned from jaredfromsubway.eth, a prominent Ethereum MEV bot, in an ironic twist where its own trading logic was turned against it, as reported by CoinDesk.

The attacker, bypassing standard contract vulnerabilities and phishing tactics, exploited the bot's automated system. Over weeks, they deceived the bot using fake tokens and liquidity pools mimicking legitimate assets like WETH, USDC, and USDT. By creating malicious helper contracts, the attacker set the stage for draining funds once the bot approved them as part of a seemingly profitable trade setup.

Jaredfromsubway.eth is notorious for sandwich attacks—a predatory form of MEV that extracts value from unsuspecting traders. This bot alone is behind about 70% of such activities on Ethereum, costing traders around $60 million annually. Sandwich attacks exploit transaction timing for profit, a hidden tax on network users that also inflates gas fees. While these strategies are legal, they're often criticized as ethically questionable.

Blockaid, a security firm, highlighted the sophistication of this attack, noting the absence of conventional vulnerabilities. The attacker deployed fake contracts and pools, enticing the bot into what it thought were lucrative opportunities. Once the bot granted transaction permissions to the attacker's contracts, it allowed a continuous drain of assets, exacerbating the financial hit.

Some of the diverted funds were traced to Tornado Cash, a platform that obfuscates transaction trails, making it difficult to track the final destination of the stolen assets. This exploit highlights vulnerabilities in automated systems that depend solely on pattern recognition and profit signals.

The downfall of jaredfromsubway.eth is particularly noteworthy given its previous impunity. It famously sandwiched a trade by Ethereum co-founder Vitalik Buterin, putting up over a million dollars to frontrun his transaction, earning a meager profit post-fees. This attack was seen as emblematic of the bot's relentless and automated pursuit of profit.

The incident underscores both the scale and risks of industrialized sandwich-bot activity. Jaredfromsubway.eth has been responsible for roughly 70% of Ethereum sandwich attacks, which cost traders about $60 million a year. Between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, a staggering statistic that highlights the prevalence of this type of MEV strategy.

More from Coin Times

MACRO

FedEx Prepares for Q4 Earnings Amid Rate Hike Concerns

FedEx reports Q4 earnings amid rate hike fears.

Sandwich attackers aren’t typically a form of exploit but are looked upon in crypto circles as a type of predatory behavior. This practice skims value from users, leads to a spike in gas fees, and doesn’t benefit either the network or the user. While legal, the ethical implications are often debated among blockchain enthusiasts and critics alike.

Security firm Blockaid said Saturday’s incident was not a normal phishing attack and not a simple bug in the victim contract. The attacker instead targeted the bot’s decision-making system. The setup was built over several weeks, where the attacker deployed dozens of fake token contracts and fake liquidity pools—a term for a pile of tokens locked on a decentralized exchange—that looked like profitable trades. Some mimicked familiar assets such as wrapped ether (WETH), and dollar-pegged stablecoins USDC and USDT.

That bait did what it was supposed to do. Jaredfromsubway.eth’s bot saw what looked like MEV opportunities and generated approvals for attacker-controlled helper contracts to spend tokens on its behalf. Those approvals were used immediately as part of the trade in earlier tests, but later, the attacker created routes where the approvals stayed open. This left the attacker with standing permission to pull funds. And they used those open approvals to transfer WETH, USDC and USDT out of Jaredfromsubway.eth’s contracts, draining more than $7.5 million.

The irony was hard to miss, meanwhile. Jaredfromsubway.eth has long been one of the most visible symbols of toxic MEV on Ethereum. Sandwich attacks cost Ethereum traders about $60 million a year, with 60,000 to 90,000 attacks per month between November 2024 and October 2025. Roughly 70% of those attacks were associated with Jaredfromsubway.eth, who has been active since early 2023.

CoinDesk reported in May that the same bot had even sandwiched a small swap by Ethereum co-founder Vitalik Buterin. It put up $1.14 million to frontrun Buterin's trade to make just $4 (after fees, the bot made a few dollars on this particular trade). The trade was worth only a few dollars, and the loss was tiny, but it showed how industrialized the bot had become. It was scanning the mempool for nearly anything it could insert itself around.

While Saturday's incident does not make sandwich attacks less harmful, it does show the risk of running systems that approve transactions at machine speed based on pattern recognition and profit signals. Jaredfromsubway.eth spent years profiting from traders who did not see the bot coming. But on Saturday, the bot did not see the trade coming either.