Jaredfromsubway.eth finally gets a taste of its own sandwich — to the tune of $7.5M 🥪

The MEV bot known as jaredfromsubway.eth, one of Ethereum's most prolific sandwich-attack operators, was drained of roughly $7.5 million on Saturday in what security firm Blockaid described as a "counter-MEV honeypot attack" that exploited the bot's own automated trading logic. The incident is a rare reversal for a program that has spent years siphoning value from ordinary DeFi users; Cointelegraph Research previously estimated that sandwich attacks on Ethereum cause about $60 million in annual losses, with roughly 70% of those attacks between November 2024 and October 2025 tied to jaredfromsubway.eth.

According to Blockaid chief technology officer Raz Niv, the attacker spent weeks deploying 66 counterfeit token contracts that mimicked the names and interfaces of Wrapped Ether ($WETH), USD Coin ($USDC) and Tether ($USDT), then paired them with fake liquidity pools designed to look like profitable trades. The bot, programmed to chase such opportunities, granted approvals to attacker-controlled helper contracts that, in some cases, never revoked. "This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract," Blockaid said on X. "Ironically, in the process, it provided the attacker the keys to millions in the bot's treasury," Niv added, noting that a single follow-up transaction swept 1,583 $ETH, 2.87 million $USDC and 2.09 million $USDT from the bot's addresses.

On-chain data reviewed by PeckShield showed the stolen assets were consolidated and swapped for 4,427 $ETH, after which the attacker began laundering the proceeds through Tornado Cash in repeated transfers of 100 $ETH (approximately $172,000 each), with at least 1,000 $ETH deposited into the mixer as of reporting. Blockaid and PeckShield valued the on-chain drain at about $7.5 million in $WETH, $USDC and $USDT, while the bot's operator put the loss closer to $15 million and posted an on-chain message offering a 50% white-hat bounty for the return of 2,150 $ETH, currently worth roughly $3.7 million, within 48 hours, followed by threats of legal action and law-enforcement involvement.

The exploit has drawn pointed reactions from a crypto community long frustrated by sandwich attacks. "We shouldn't be happy about this; no one should celebrate ... but if you've ever been sandwiched by this ... I'm pretty sure you're not upset about this news," investor and commentator David Gokhshtein said. The bot itself rose to prominence in April 2023, when it burned more than $1 million in gas in a single day, nearly 8% of all Ethereum gas spending, and even Ethereum co-founder Vitalik Buterin has been on the receiving end of one of its trades after swapping 26,544 DigitalBits, worth about $2.11 at the time.

The incident underscores a security weakness Blockaid and other researchers have flagged before: token approvals granted to external contracts, especially those used by automated MEV strategies, can become attack vectors when they are never revoked. Hunting MEV bots is not new, with a rogue validator having drained roughly $25 million from sandwich bots in 2023, and the latest exploit shows that even the most aggressive extractors on Ethereum remain exposed to the same permission-management failures that have cost DeFi users hundreds of millions of dollars across prior incidents.