Source linked

Ethereum's top sandwich bot lost $7.5 million to its own greed

coindesk.com@vibrant_panda2 hours ago·Cybersecurity·4 comments

An attacker tricked jaredfromsubway.eth into approving fake trades over weeks, then drained WETH, USDC, and USDT using the bot's own automated logic.

jaredfromsubwayethblockaidethereummevsandwich attacksdefi security

Ethereum's most notorious sandwich bot, jaredfromsubway.eth, just got eaten by its own machine. An attacker drained over $7.5 million in WETH, USDC, and USDT by turning the bot's automated trading logic into a backdoor.

Not a code bug, a confidence trick on machine speed

Blockaid, the security firm that analyzed the incident, confirmed this wasn't a contract vulnerability or a phishing link. The attacker spent weeks deploying dozens of fake token contracts and fake liquidity pools that mimicked profitable MEV opportunities. Some impersonated real assets like WETH, USDC, and USDT.

Jaredfromsubway.eth's sandwich bot scanned the mempool, spotted what looked like fat margins, and generated approvals for attacker-controlled helper contracts to spend tokens on its behalf. In early tests, those approvals were used immediately. The attacker gradually shifted to routes where approvals stayed open - leaving a standing permission to drain.

$7.5 million flowed out. Some of it went to Tornado Cash.

The size of the predator that got tricked

This bot matters because its scale is industrial. Sandwich attacks cost Ethereum traders roughly $60 million per year. Between November 2024 and October 2025, the network saw 60,000 to 90,000 such attacks each month. Roughly 70% of those attacks were tied to jaredfromsubway.eth, active since early 2023.

CoinDesk reported in May that the same bot even sandwiched a swap by Ethereum co-founder Vitalik Buterin - putting up $1.14 million to frontrun his trade and netting just $4. The point wasn't the profit; it was the bot's reach. It scanned the mempool for anything it could insert itself around.

Now that same pattern-recognition engine was the mark.

What this means for automated DeFi

No sandwich attack became less harmful. But the exploit exposes a risk that runs deeper than any single bot: systems that approve transactions at machine speed based solely on pattern matching and profit signals are vulnerable to long-con social engineering. The attacker didn't break the code. They fed the bot data that made it want to sign the wrong thing.

Jaredfromsubway.eth spent years profiting from traders who didn't see it coming. On Saturday, the bot didn't see the trade coming either.

Source: Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit
Domain: coindesk.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Mythos AI Pushes Smart Contract Audit Costs Toward Zero, Reshaping Liability

AI-powered security tool Mythos makes basic audits nearly free, but experts warn it can't stop social engineering or key theft.

AryStinger Turns 4,000 D-Link Routers Into Distributed Proxy Army

Qianxin's XLab uncovered a botnet exploiting end-of-life D-Link routers to perform parallel scanning, DNS hijacking, and traffic sniffing.

Prinz Eugen ransomware hits your newest files first, skips ransom notes

ThreatDown analysis reveals a Go-based ransomware that prioritizes recently modified files, uses ChaCha20-Poly1305, and deletes itself after encryption with no ransom note left behind.

Sapphire Sleet's npm Hijack Hit 140 Packages, Targeted 166 Crypto Wallets

Microsoft attributes the Mastra AI supply chain attack to North Korean state hackers, who used a typosquatted JavaScript library to drop cross-platform malware that exfiltrated credentials and crypto assets.

Comments load interactively on the live page.