Ethereum's biggest sandwich bot, known as Jaredfromsubway.eth, was drained of $7.5 million this week in an ironic twist. The attacker tricked the bot into approving fake trading routes, then used those approvals to swipe WETH, USDC, and USDT, according to security firm Blockaid. For a project that made its name exploiting other traders' transactions, getting exploited itself is a brutal turn.
The irony of the sandwich
Jaredfromsubway.eth is a notorious MEV bot that has for years profited by front-running trades on Ethereum — a practice called sandwiching. It inserts its own buy and sell orders around a user's pending transaction to capture price slippage. This time, the bot was on the other end of the trick. Blockaid reported that the attacker crafted fake routing data that Jaredfromsubway.eth's software treated as legitimate. Once approved, the attacker had free rein to pull tokens from the bot's wallets.
How the fake routes worked
The exploit relied on a permission-based attack. Jaredfromsubway.eth's code scans for profitable arbitrage or sandwich opportunities across decentralized exchanges. The attacker submitted transactions that appeared to be lucrative trading routes but contained malicious approval contracts. When the bot signed off on those routes, it effectively handed over control of its WETH, USDC, and USDT balances. The total haul came to $7.5 million, taken within a few blocks.
What was taken
Blockaid's analysis shows the attacker drained the bot's holdings in three major assets: Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT). The stolen funds now sit in a wallet controlled by the exploiter. No further movement has been publicly observed as of Sunday. The identity of the attacker remains unknown, and no law enforcement action has been announced.
A bitter outcome for a profit machine
Jaredfromsubway.eth has been one of the most active MEV bots on Ethereum, often accounting for a significant share of sandwich attacks. The $7.5 million loss represents a sizable chunk of its accumulated profits. For a bot that spent years extracting value from others, being outsmarted by a fake route is a sharp reminder that even the most sophisticated automated traders can fall for a well-crafted trap. The attacker now controls the stolen tokens, and it's unclear whether any recovery is possible.
