Jaredfromsubway.eth Sandwich Bot Loses $7.5 Million In Counter-MEV Honeypot Attack

Ethereum’s most prolific sandwich-attack bot, Jaredfromsubway.eth, was drained of more than $7.5 million on Saturday after an attacker spent several weeks laying a honeypot it could not resist.

“El famoso "ataque de sandwich" bot Jaredfromsubway”

bitcoin.es

Blockaid said the mechanism exploited was not a bug in a smart contract but the bot’s own automated decision-making logic, describing it as a "counter-MEV honeypot attack".

bitcoin.es

In a single transaction on Saturday, June 20, the attacker called all 66 backdoor contracts simultaneously and swept the bot’s real holdings of 1,474.58 WETH, 2.87 million USDC, and 2 million USDT.

The setup involved deploying 66 counterfeit token contracts imitating Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT), paired with fake liquidity pools designed to appear profitable to the bot’s pattern-recognition system.

Cointelegraph Research found the bot was responsible for approximately 70% of all sandwich attacks on Ethereum over roughly a year ending October 2025, a category estimated to cost Ethereum traders roughly $60 million annually.

Blockaid chief technology officer Raz Niv said the attacker targeted the automated, trust-minimized decision-making logic that MEV bots utilize, and that the fakes were designed to look like profitable trades.

Niv added that the bot’s behavior provided the attacker the keys to millions in the bot’s treasury, and then the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT.

Blockonomi

The exploit worked because the bot generated approvals for attacker-controlled helper contracts, but the attacker crafted routes where those approvals were left open rather than consumed.

According to Blockaid, the attacker deployed 66 fake token contracts that mimicked the names and interfaces of Wrapped ETH (WETH), USDC (USDC), and USDt (USDT) and paired them with fake liquidity pools.

Some of the stolen funds were routed through Tornado Cash, and Cointelegraph reported that in May Ethereum co-founder Vitalik Buterin was sandwich attacked by Jaredfromsubway.eth while swapping 26,544 DigitalBits.

The incident underscored that the attack did not rely on phishing or a conventional smart-contract vulnerability in the bot’s own code, but instead on how ERC-20 approvals can persist indefinitely unless explicitly revoked.

“Ethereum's biggest 'sandwich' bot drained of $7”

CoinDesk

Tech Times described the ERC-20 approval standard as recording permission on-chain via an approve() function, with the approved contract able to call transferFrom() at any point in the future, and noted that approvals do not expire.

CoinDesk reported that the bot had been active since early 2023 and that it had been responsible for roughly 70% of Ethereum sandwich attacks, which cost traders about $60 million a year.

Cointelegraph also quoted crypto investor and commentator David Gokhshtein saying, "We shouldn’t be happy about this; no one should celebrate ... but if you’ve ever been sandwiched by this ... I’m pretty sure you’re not upset about this news," capturing the split reaction to a rare failure for a long-running MEV operator.

The same reporting tied the exploit to the broader risk that automated systems which approve transactions at machine speed based on pattern recognition can be turned into victims by adversarially engineered on-chain interactions.