JaredFromSubway.eth, one of Ethereum (ETH)'s most notorious sandwich-attack bots, was drained of more than $7.5 million after attackers turned its own trading automation against it.
Key Points:
- JaredFromSubway.eth lost more than $7.5 million when its trading automation approved attacker-controlled contracts.
- The attacker planted 66 fake tokens and bogus liquidity pools over several weeks to bait the bot.
- Some of the stolen funds moved through Tornado Cash, and the attacker's identity is still unknown.
JaredFromSubway.eth Drained In Honeypot Trap
No code was broken.
The bot was emptied on Saturday after its automated system approved token spending for attacker-controlled contracts, handing over the keys to its own treasury. Security firm Blockaid flagged the incident, ruling out both a phishing scam and any flaw inside the victim contract that the funds were pulled from.
Raz Niv, chief technology officer at Blockaid, described the operation as a counter-MEV honeypot, a trap built to exploit the trust-minimized logic that automated traders quietly depend on. It targeted what the bot was built to chase.
Over several weeks, the attacker planted 66 counterfeit tokens that copied the names of Wrapped Ether, USDC (USDC) and Tether (USDT), then paired them with fake liquidity pools. Those pools looked like easy arbitrage, exactly the kind of profit the bot scans the mempool to find and front-run in every block. One transaction swept all three.
Also Read: XRP Faces Leverage Test As $1.44B ETF Demand Meets Sell-Off
MEV Bots Face A Trust Problem
The reversal stung because the bot ranks among crypto's most resented profit machines, running since 2023 and reportedly clearing tens of millions from traders who never saw the orders close around their swaps.
Its operator has long sat among Ethereum's heaviest gas spenders, at times burning more than two hundred Ether in a single day to win position at the front of each block.
Researchers tie about 70% of all Ethereum sandwich attacks to the bot, a practice estimated to cost traders across the network roughly $60 million or more every year. Few felt much sympathy. A sandwich bot slots one order just ahead of a pending trade and another right behind it, then pockets the price gap it created as an invisible tax on ordinary users who rarely notice it.
Crypto investor David Gokhshtein cautioned against celebrating, while admitting that anyone ever sandwiched by the bot would now struggle to feel sorry for it. Some of the stolen funds already moved through Tornado Cash.
The drain caps a long and aggressive run. In May, the bot sandwiched Ethereum co-founder Vitalik Buterin during a small token swap, a sign even marquee wallets had drawn its attention, however small that loss. Saturday's loss marked a rare and costly failure for an operation that had run largely unchallenged for more than two years, and investigators are still tracing where the rest went.
Read Next: Why Did Trump Ease His Anthropic Threat View After G7?