Jul 18, 2026 · 9:15 AM
Subscribe
Home Crypto

Ethereum's top sandwich bot was beaten by the trap it perfected on everyone else

Ethereum's top sandwich bot was beaten by the trap it perfected on everyone else

Elroy Fernandes
· 4 min read · 735 views
Ethereum's top sandwich bot was beaten by the trap it perfected on everyone else

JaredfromSubway.eth spent years exploiting Ethereum traders through sandwich attacks. On June 20, 2026, a patient attacker used the bot's own appetite against it and drained more than $7.5 million.

JaredfromSubway.eth was not beaten by a faster trader or a lucky guess. It was beaten by someone who understood exactly how its automation worked, then built a trap patient enough for the bot to walk into it 66 times.

The address is one of Ethereum's best-known MEV bots, and for good reason. According to Blockaid's account of the incident, JaredfromSubway.eth was responsible for roughly 70% of sandwich attacks on Ethereum between late 2024 and late 2025. If you've ever swapped a token on a decentralized exchange and received a worse price because a bot jumped ahead of you, bought before your trade, then sold after it, this is the kind of machine you were up against.

That is why the June 20 attack landed so sharply. The bot's business was reading other people's transactions and turning predictable behavior into money. This time, the predictable behavior was its own.

The attacker did not need to compromise a private key. They did not need to find a conventional smart contract bug. Blockaid said the setup took weeks and involved 66 fake token contracts designed to look like familiar assets, including WETH, USDC and USDT. Each token was paired with a sham liquidity pool, and the pools emitted the Swap and Sync events that automated trading systems watch for when they scan Ethereum for opportunities.

From the bot's point of view, there was money sitting on the table. That was the trap.

The fake routes were built to make JaredfromSubway.eth grant token approvals to attacker-controlled helper contracts. One approval does not sound dramatic, but on Ethereum it can be the whole story. If you approve the wrong contract to spend the wrong asset, you have handed it the permission it needs. The bot granted those approvals across the 66 positions, apparently because the setup matched the patterns its system was built to chase.

Then came the sweep. In one transaction, the attacker called the backdoors across the fake contracts and pulled real WETH, USDC and USDT from the bot's treasury. Blockaid CTO Raz Niv described the attack as a kind of weaponized honeypot, and that phrase is useful because it keeps the focus where it belongs: the victim was not a casual user clicking a bad link. The victim was a professional extraction machine fooled by a more patient extraction machine.

Also read: Bitcoin's mildest bear market on record is quietly rewriting the rules for cryptoSolana now processes 95% of the world's tokenized stock trades but its token price tells a different storyRegulators are finally building the AI they need to police the markets they oversee

Frankly, there is a limit to how much sympathy this story deserves. Sandwich bots profit by inserting themselves around trades placed by ordinary users, often people who do not know their transaction is being watched and priced against before it lands. JaredfromSubway.eth did not invent MEV, and it is not the only bot playing this game, but its scale made it a symbol of how hostile public blockchains can feel when automation is allowed to compete against users with no real friction.

That does not make the attacker a hero. A theft is still a theft. But the mechanics matter, because they show a weakness that goes beyond one famous address. Any trading system that grants broad approvals while chasing opportunities at speed is carrying an obvious risk. The smarter the bot gets at reacting quickly, the more valuable it becomes to anyone who can predict what it will approve, touch and trust.

MEV operators usually talk as if the danger runs in one direction: bots prey on users, searchers prey on order flow, builders and validators decide which transactions get the best position. This incident turns that picture around. If your edge is automation, your blind spot is automation too. A bot cannot ask whether a pool looks too perfect. It cannot feel that a route has been arranged like bait. It can only execute the logic its owner gave it.

For Ethereum users, the practical lesson is not that sandwich attacks are over. They are not. The incentives remain, and the mempool still rewards anyone fast enough and ruthless enough to exploit exposed trades. The sharper point is that the same transparent infrastructure that lets MEV bots watch you also lets other attackers watch them. Every approval, every route, every repeated pattern becomes material for the next person studying the system.

JaredfromSubway.eth became famous because it understood that predictability is profitable. On June 20, someone else understood the same thing better.

TOPICS
Elroy is a digital marketer and developer from Goa, with over a decade of experience web development and marketing. He has been associated with several startups and serves currently as an Editor to the Asia Pacific Industrial magazine. He occasionally writes on Startup Fortune about technology and automation.
Related Articles
More posts →
Loading next article…
You're all caught up