How the Biggest Ethereum Sandwich Bot Lost $7.55 Million in a Self‑Inflicted Hack

1. Event Overview

1.1 "Farmer" gets harvested

JaredFromSubway is one of the most famous MEV (Maximum Extractable Value) bots on Ethereum, long holding the top position for sandwich attacks. A sandwich attack means the bot front‑runs a user’s transaction by buying first, then sells after the user’s trade to capture the price difference, effectively acting as an implicit tax on ordinary traders.

According to security firm Blockaid, on June 21 the bot was turned against itself. The attacker exploited the bot’s automated trading logic and stole more than $7.55 million, consisting of 1,474.58 WETH (≈ $4.47 M), 2.87 million USDC and 2 million USDT. The theft was sent from the attacker address 0x3e37f4A10d771Ba9dE44b6d301410b1BEdeA65d0, with part of the funds later moved to the mixing service Tornado Cash.

1.2 Dark history of the "MEV king"

Data shows that between November 2024 and October 2025 Ethereum saw 60 k–90 k sandwich attacks per month, costing traders about $60 million annually, and roughly 70 % of those attacks were attributed to JaredFromSubway. The bot even targeted a small transaction from Vitalik Buterin, spending $1.14 million in gas to front‑run a $4 trade and earning only a few dollars in fees.

2. Attack Method: A “phishing” trap disguised as arbitrage

2.1 Multi‑week preparation

The attack was not a single flash strike but a carefully planned, weeks‑long “slow‑poison” operation.

Step 1: Deploy fake tokens and liquidity pools. The attacker created dozens of counterfeit token contracts (named fWETH, fUSDC, fUSDT) and corresponding DeFi pools to simulate high‑yield arbitrage opportunities.

Step 2: The bot “walks into its own net”. JaredFromSubway’s automation scanned the fake opportunities and, following its preset logic, granted an ERC‑20 approval to the attacker‑controlled contracts, allowing them to move the tokens.

Step 3: “Taste test” phase to lower suspicion. In early test trades the approvals were immediately used for arbitrage, and the bot behaved normally, leaving researchers unaware of any anomaly.

Step 4: Silent accumulation. In later attack transactions the granted approvals were no longer consumed, giving the attacker a persistent withdrawal right over the bot’s wallet.

Step 5: Harvest. After the preparations, the attacker called the transferFrom function to pull WETH, USDC and USDT from the bot’s contract into their own wallet.

2.2 The bot’s own automation became its biggest vulnerability

Blockaid notes that the attack differs from traditional contract exploits or phishing scams; it is a dimensional strike against the bot’s decision system. The attacker leveraged the core logic of MEV bots—profit seeking, rapid response, and automatic approval generation—without the bot questioning the legitimacy of the transaction.

In other words, the attacker did not break the bot’s defenses; they fed it a “contract” it could not refuse, causing the bot to sign off on the transfer itself.

3. Impact and Lessons

3.1 The “original sin” of MEV automation

The incident highlights the intrinsic risk of millisecond‑level decision systems. While MEV bots can dominate markets by scanning the mempool and submitting profitable trades, the same speed becomes a weapon for self‑destruction when the underlying design logic is manipulated.

Security experts advise that even fully automated trading systems must treat token approvals with extreme caution, applying the “least‑necessary” principle and revoking allowances promptly after use.

3.2 Lesson: Even the “house” must watch its opponent

JaredFromSubway has long acted as the hunter, preying on unprotected users. This time it became the prey, confirming the adage “you can’t walk by the river without getting your shoes wet.” When designing traps to harvest others, one must also guard against the possibility of being trapped by the same opportunity.

4. Conclusion

The $7.55 million “crash” of JaredFromSubway.eth is one of the most ironic chapters in the MEV ecosystem. The attacker used no sophisticated techniques, only the basic ERC‑20 approval mechanism, allowing the bot to hand over the keys to its own wallet.

As the attacker might say, “What goes around comes around.”