Jaredfromsubway.eth, the MEV bot responsible for roughly 70% of all sandwich attacks on Ethereum between November 2024 and October 2025, has been drained of more than $7.5 million by a sophisticated counter-attack that turned the bot’s own automated logic against it.
A Honeypot Built Over Weeks
According to blockchain security firm Blockaid, the attacker spent several weeks constructing a trap before executing the theft in a single transaction on Saturday. Over that preparation period, the attacker deployed 66 fake token contracts designed to mimic the names and interfaces of Wrapped ETH (WETH), USDC, and USDt, pairing each with fabricated liquidity pools.
The fakes were engineered to resemble profitable arbitrage opportunities, precisely the kind of trade MEV bots are programmed to pursue. As the bot repeatedly engaged with these fake pools, it was tricked into granting token approvals to attacker-controlled helper contracts, effectively handing over spending rights to its own treasury.
Blockaid chief technology officer Raz Niv described the operation as a counter-MEV honeypot attack, one that specifically targeted the automated, trust-minimized decision-making logic that MEV bots rely on. Ironically, he noted, the process handed the attacker the keys to millions in the bot’s treasury.
When the trap was sprung, the attacker called all 66 backdoors simultaneously in one transaction, sweeping all the ETH, USDC, and USDT held at those addresses and netting millions of dollars in stolen funds.
Not a Classic Attack
Blockaid was explicit that the exploit does not fit conventional categories. “This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” the firm posted on X. The attack instead exploited the bot’s automated, trust-minimized decision-making process, a vulnerability unique to the way MEV systems operate.
Tornado Cash Receives Stolen Funds
Onchain data tracked by Arkham Intelligence confirms that a portion of the stolen funds has already been forwarded to Tornado Cash, the crypto mixing service, complicating any potential recovery effort.
The Scale of Jaredfromsubway.eth’s Operation
The scale of what was lost matters because of the scale of what the bot had accumulated. Cointelegraph Research previously documented that sandwich attacks on Ethereum cost traders around $60 million per year. Between November 2024 and October 2025 alone, there were between 60,000 and 90,000 sandwich attacks per month on the network, with roughly 70% of those attributed to Jaredfromsubway.eth.
The bot’s reach was broad enough that even Ethereum co-founder Vitalik Buterin was caught in one of its sandwiches in May, when he was attacked while swapping 26,544 DigitalBits, worth $2.11 at the time. The losses to Buterin were minimal, but the incident illustrated that no transaction is too small to attract MEV bot attention.
Mixed Reaction From the Crypto Community
Crypto investor and commentator David Gokhshtein offered a measured response on X: “We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news.”


