Ethereum’s Biggest Sandwich Bot Drained: A $7.5M Lesson in MEV Risk
Ethereum’s best known “sandwich” bot, Jaredfromsubway.eth, lost more than $7.5 million on Saturday, June 20. The awkward part was not just the loss. The attacker turned the bot’s own trading logic against it. Fair? Maybe. Clean? Not really. I’ll be honest: this is the kind of crypto story that sounds funny for about five seconds, then starts looking ugly. This was not a normal theft. It showed how messy Maximal Extractable Value, or MEV, can get when automated systems start hunting each other, and it gave ETH traders another reason to stay nervous near $3,000.
Jaredfromsubway.eth became known for sandwich attacks. In plain English, the bot spots a pending trade, buys ahead of it, lets the user get a worse price, then sells right after for a profit. Small trade, small wound. But across Ethereum, the damage is not small. Traders lose an estimated $60 million a year to this activity, with roughly 60,000 to 90,000 attacks each month between November 2024 and October 2025. Most guides describe sandwich bots as clever market infrastructure. That’s only half right. They raise gas costs, skim users, and give ordinary traders nothing useful back.
Blockaid said this was not phishing and not a basic smart contract bug. The attacker targeted the bot’s decision system. Over several weeks, they deployed dozens of fake tokens and liquidity pools that resembled familiar assets, including wrapped ether (WETH), dollar-pegged stablecoins $USDC, and $USDT. To the bot, they looked like trades worth chasing. That was the trap. Jaredfromsubway.eth created approvals that let attacker controlled helper contracts spend tokens for it. Early on, the attacker used those approvals immediately. Later, they built routes where the permissions stayed open. The door stayed open. Then they pulled funds: WETH, $USDC, and $USDT, worth more than $7.5 million in total. CoinDesk said on-chain data showed that some of the stolen funds later moved through Tornado Cash.
The irony is obvious. A bot built to pick off other traders got picked off itself. My take: calling it justice is too easy, but pretending it is just another exploit misses the point. Why does this matter? Because automated DeFi systems are now large enough to hurt the market when their private logic fails. Regulators may point to incidents like this when talking about market manipulation risk, especially around MEV bots and transaction ordering. ETH has recently been stuck near $3,000 and has struggled to clear its 200-day moving average. If traders start pricing in more regulatory pressure, ETH could slip back toward $2,800, a level that mattered during Q1 2024.
This also drags the MEV argument back into the open. Some people say MEV helps blockchains run more efficiently. Maybe it does in a few narrow cases. Counter to the usual advice, though, the problem is not only that users get front-run. The bigger issue is that the whole MEV stack rewards speed, opacity, and permission sprawl. That is a brittle mix. Traders already worry about front-running. Now they also have to think about bots getting tricked by the same tactics they use on everyone else. We have seen this pattern before in DeFi risk reviews: the cleverest system in the room often has the strangest blind spot. Smaller DeFi protocols may feel that first. If users get nervous, money usually moves toward older, audited platforms. AAVE and UNI could feel that pressure if trust and liquidity start to thin out.
What this means
The $7.5 million drain is a warning for MEV traders on Ethereum. Even an aggressive, well funded bot can be fooled if its approval logic is sloppy. The same tools that create profit can drain the wallet. Is this an Ethereum hack? No. The core chain was not hacked. But for Ethereum ($ETH) holders, that distinction may not calm anyone for long. DeFi security still affects how people feel about ETH. If copycat attacks appear, $ETH may struggle to reclaim $3,200 quickly while traders rethink the risk.
Investors should watch for real MEV fixes, not vague promises. I would put three things on the board first: protocol changes, different transaction ordering systems, and tighter limits on token approvals for automated trading. Yes, this slightly contradicts the point above about not blaming Ethereum itself. Bear with me. The base chain can be intact while the trading layer around it still makes ETH look riskier. Major DeFi protocols also need to show how they are handling bot security after this. The next useful numbers are DeFi TVL over the next few weeks and any comments from the SEC or CFTC that mention MEV or automated trading. If TVL keeps falling, or regulators start circling, the altcoin market could stay cautious for longer. For $ETH, the level I would watch is $2,900. Lose that cleanly, and the mood changes fast.
FAQ
Q: What is a “sandwich” bot?
A: A “sandwich” bot is an automated trading program that front-runs a pending transaction, buys the asset first, lets the user trade at a worse price, then sells right after for a profit. It is one form of MEV.
Q: How much was Jaredfromsubway.eth drained of?
A: Jaredfromsubway.eth lost more than $7.5 million in crypto assets, including WETH, USDC, and USDT.
Q: What caused the exploit?
A: The attacker tricked the bot into approving helper contracts that could spend tokens for it. Some of those approvals stayed open, and the attacker later used them to drain the funds.
Q: What is Maximal Extractable Value (MEV)?
A: Maximal Extractable Value, or MEV, is the extra value that block builders or automated traders can capture by including, excluding, or reordering transactions inside a block.
Q: What are the implications of this exploit for the broader crypto market?
A: The exploit shows that automated trading systems can hide serious risk. It may draw more attention from regulators, push some capital toward better audited platforms, and weigh on ETH and DeFi tokens if traders lose confidence.