Ethereum sandwich bot jaredfromsubway.eth drained of $7.5M in exploit

Over several weeks, the attacker deployed these deceptive contracts, which the jaredfromsubway.eth bot identified as potential MEV opportunities. The bot then generated approvals for the attacker-controlled contracts to spend tokens on its behalf. These approvals were later leveraged by the attacker to transfer WETH, USDC, and USDT out of the bot's contracts, resulting in the significant loss.

This incident highlights the risks associated with industrialized sandwich-bot activity. Jaredfromsubway.eth has been responsible for approximately 70% of Ethereum sandwich attacks, which collectively cost traders around $60 million annually. The exploit demonstrates how complex, machine-speed systems can themselves become victims when their own decision-making processes are manipulated.

Security firm Blockaid confirmed that the incident was not a typical phishing attack or a simple bug in the victim contract, but rather a targeted exploitation of the bot's decision-making system. Some of the stolen funds have been traced to Tornado Cash, according to onchain data. The irony of the situation is notable, as jaredfromsubway.eth has been a visible symbol of what many consider predatory MEV practices on Ethereum.