Jared's $7.5M Honesty Test: Bot That Made a Living Front-Running DeFi Gets Front-Run Itself

The Jaredfromsubway.eth maximal extractable value bot, one of the most prolific sandwich-attack operators on Ethereum, was drained of roughly $7.5 million on June 20 after attacker-controlled contracts tricked its automated execution system into granting token approvals, security firm Blockaid said. The incident marked a rare reversal for a program that has long profited from front-running and back-running other traders' pending transactions, a tactic Cointelegraph Research said is responsible for about $60 million in annual Ethereum trading losses, with roughly 70% of monthly sandwich attacks between November 2024 and October 2025 linked to Jaredfromsubway.eth.

Blockaid chief technology officer Raz Niv described the scheme as a counter-MEV honeypot attack that specifically targeted the bot's trust-minimized decision logic. Over several weeks, the attacker deployed 66 fake token contracts mimicking Wrapped ETH, USDC, and USDt, paired with counterfeit liquidity pools designed to look like profitable trades. Lured by the bait, Jaredfromsubway.eth approved spending to attacker-controlled helper contracts, with a single approval handing over more than 92 WETH, Niv said. "This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract," Blockaid posted on X, adding that the bot "ironically" provided the attacker the keys to its own treasury. "And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars," Niv told Cointelegraph.

On-chain data from PeckShield put the drained assets at 1,474.58 WETH, 2.87 million USDC, and 2 million USDT. The attacker consolidated and swapped the proceeds for approximately 4,427 ETH, then moved the funds through Tornado Cash in multiple transfers of around 100 ETH each (about $172,000 apiece), with at least 1,000 ETH entering the mixer as investigators tracked the laundering trail. Blockaid and PeckShield valued the on-chain drain at about $7.5 million, while the bot's operator put losses closer to $15 million and publicly offered a $1 million bounty for the return of the funds.

The exploit highlighted a pattern in which attackers target permissions and token approvals rather than smart-contract code, a risk amplified by low revocation rates across DeFi. Sandwich bots like Jaredfromsubway.eth became infamous for extracting value from ordinary swaps, including a May incident in which Ethereum co-founder Vitalik Buterin was sandwiched while trading 26,544 DigitalBits, worth about $2.11 at the time. "We shouldn't be happy about this; no one should celebrate ... but if you've ever been sandwiched by this ... I'm pretty sure you're not upset about this news," investor and commentator David Gokhshtein said. The bot itself, which once burned more than $1 million in gas in a single day in April 2023, roughly 8% of all Ethereum gas spending at the time, now sits on the other side of the trade it helped define.