DeFi

Sandwich Attack King Jaredfromsubway.eth Drained for $7.5M in Counter-MEV Honeypot

The Jaredfromsubway.eth MEV bot, responsible for 70% of Ethereum sandwich attacks over the past year, lost more than $7.5 million after an attacker deployed 66 fake token contracts over several weeks to trick it into approving fund withdrawals.

⏱ 3 min read DeFi
Quick Summary
  • Attacker deployed 66 fake token contracts mimicking WETH, USDC, and USDT over several weeks to bait Jaredfromsubway.eth into granting token approvals
  • All 66 backdoors were triggered in a single transaction, sweeping the bot's entire ETH, USDC, and USDT holdings for more than $7.5 million
  • A portion of the stolen funds has already been sent through Tornado Cash, according to onchain data from Arkham Intelligence

Jaredfromsubway.eth, the MEV bot responsible for roughly 70% of all sandwich attacks on Ethereum between November 2024 and October 2025, has been drained of more than $7.5 million by a sophisticated counter-attack that turned the bot’s own automated logic against it.

A Honeypot Built Over Weeks

According to blockchain security firm Blockaid, the attacker spent several weeks constructing a trap before executing the theft in a single transaction on Saturday. Over that preparation period, the attacker deployed 66 fake token contracts designed to mimic the names and interfaces of Wrapped ETH (WETH), USDC, and USDt, pairing each with fabricated liquidity pools.

The fakes were engineered to resemble profitable arbitrage opportunities, precisely the kind of trade MEV bots are programmed to pursue. As the bot repeatedly engaged with these fake pools, it was tricked into granting token approvals to attacker-controlled helper contracts, effectively handing over spending rights to its own treasury.

Blockaid chief technology officer Raz Niv described the operation as a counter-MEV honeypot attack, one that specifically targeted the automated, trust-minimized decision-making logic that MEV bots rely on. Ironically, he noted, the process handed the attacker the keys to millions in the bot’s treasury.

When the trap was sprung, the attacker called all 66 backdoors simultaneously in one transaction, sweeping all the ETH, USDC, and USDT held at those addresses and netting millions of dollars in stolen funds.

Not a Classic Attack

Blockaid was explicit that the exploit does not fit conventional categories. “This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” the firm posted on X. The attack instead exploited the bot’s automated, trust-minimized decision-making process, a vulnerability unique to the way MEV systems operate.

Tornado Cash Receives Stolen Funds

Onchain data tracked by Arkham Intelligence confirms that a portion of the stolen funds has already been forwarded to Tornado Cash, the crypto mixing service, complicating any potential recovery effort.

The Scale of Jaredfromsubway.eth’s Operation

The scale of what was lost matters because of the scale of what the bot had accumulated. Cointelegraph Research previously documented that sandwich attacks on Ethereum cost traders around $60 million per year. Between November 2024 and October 2025 alone, there were between 60,000 and 90,000 sandwich attacks per month on the network, with roughly 70% of those attributed to Jaredfromsubway.eth.

The bot’s reach was broad enough that even Ethereum co-founder Vitalik Buterin was caught in one of its sandwiches in May, when he was attacked while swapping 26,544 DigitalBits, worth $2.11 at the time. The losses to Buterin were minimal, but the incident illustrated that no transaction is too small to attract MEV bot attention.

Mixed Reaction From the Crypto Community

Crypto investor and commentator David Gokhshtein offered a measured response on X: “We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news.”

⚖️ Our Verdict Neutral

A $7.5M loss for the chain's dominant MEV operator highlights that automated on-chain systems carry novel attack surfaces bad actors are actively mapping and exploiting.