Ethereum’s Biggest Sandwich Bot Drained in $7.5M Exploit

What to Know

• An attacker drained more than $7.5 million from the Ethereum MEV bot jaredfromsubway.eth.
• The exploit targeted the bot’s automated trading logic, not a conventional smart contract bug.
• The attacker used fake tokens and liquidity pools to lure the bot into approving malicious helper contracts.
• Those approvals were later abused to move WETH, USDC and USDT from the bot’s holdings.
• Some of the stolen funds were routed through Tornado Cash.
• The incident highlights the risks of industrialized sandwich-bot activity on Ethereum.

How the exploit worked

According to blockchain security analysis, the attacker spent weeks manipulating the bot’s pattern-based trading behavior. By presenting fake assets and liquidity pools that resembled WETH, USDC and USDT, the attacker persuaded the bot to approve helper contracts that appeared legitimate to its automated system.

Once those approvals were in place, the attacker used them to drain funds from the bot and then obscure part of the trail through Tornado Cash. The attack did not rely on a traditional code flaw in a smart contract, but instead on the weaknesses created by automation at machine speed.

Why the incident matters

Jaredfromsubway.eth has become one of Ethereum’s most notorious sandwich bots, reportedly accounting for roughly 70% of sandwich attacks on the network. Those attacks have been estimated to cost traders about $60 million a year, underscoring how profitable MEV strategies can distort trading activity across decentralized markets.

The latest drain flips that dynamic by showing that sophisticated bots can also be trapped by the same fast, pattern-driven logic they use against others. For traders and security teams, the case is a reminder that automation can scale both exploitation and exposure.

MEV bot operations face new scrutiny

MEV bots are designed to identify and profit from transaction ordering opportunities, often at the expense of regular market participants. As this incident shows, the infrastructure built to exploit market inefficiencies can itself become a target when its approval flows and routing assumptions are manipulated.

While the full operational impact on jaredfromsubway.eth remains unclear, the attack is likely to intensify scrutiny of automated trading systems that rely on repetitive on-chain behaviors. It also reinforces the need for stronger safeguards around approvals, routing logic and contract interactions in high-frequency crypto strategies.

Frequently Asked Questions (FAQs)

What happened to jaredfromsubway.eth?

An attacker drained more than $7.5 million from the Ethereum MEV bot by exploiting its automated trading logic and abusing approvals it made to malicious helper contracts.

Was this caused by a smart contract bug?

No. The attack appears to have targeted the bot’s decision-making and approval process rather than a traditional contract vulnerability.

Which assets were stolen?

The attacker used the approvals to pull funds including WETH, USDC and USDT from the bot’s holdings.

Why is this incident important?

It shows that aggressive automated trading systems can be manipulated and drained, even when they are designed to exploit others first.

Photo by Kindel Media on Pexels