For three years, jaredfromsubway.eth was the thing every Ethereum trader feared without knowing its name. It watched the mempool for pending swaps, jumped in front of them, let the victim trade at a worse price, then sold immediately after. A sandwich attack. Cointelegraph Research tied roughly 70% of all such attacks on Ethereum to this single bot, somewhere between 60,000 and 90,000 a month.
In May, it sandwiched Vitalik Buterin himself. The bot deployed $1.14 million in WETH to front-run a swap of 26,544 DigitalBits worth about $2.11. Net profit on the trade: roughly $4. The bot did not care. It does not care about anything except the math, and the math said yes.
On a Saturday in June, the math finally said yes to the wrong thing.
The Setup
Security firm Blockaid reported that an attacker drained more than $7.5 million from jaredfromsubway.eth after the bot’s own automated execution logic approved spending to contracts it should never have trusted. Blockaid’s CTO Raz Niv called it a counter-MEV honeypot attack, and the mechanics behind that phrase are worth sitting with, because nothing about it involved stolen keys, a smart contract bug, or phishing.
The attacker spent several weeks deploying 66 fake token contracts. They imitated Wrapped ETH, USDC, and USDT closely enough, paired with fake liquidity pools, that the bot’s profit-seeking logic read each one as a legitimate opportunity. The bot does not verify a contract by checking whether it is the real, canonical USDC deployed by Circle. It scans for trade patterns that look profitable and acts on them automatically, because acting faster than every other bot in the mempool is the entire business model.
Each time the bot took the bait, it granted a token approval, the standard on-chain permission that lets a contract move funds on your behalf during a transaction. A properly built system revokes that approval the moment the trade finishes. Jaredfromsubway’s contract apparently skipped that step. The permission stayed open. A dangling approval, in the terminology a separate technical postmortem used to describe the pattern.
None of the 66 individual interactions made the attacker a dollar. They were not profitable trades. They were traps, and the only payoff from each one was a single unused permission slip sitting quietly on-chain.
The Harvest
Once enough of those slips had accumulated, the attacker moved. One transaction, fifty separate ERC-20 transfers bundled inside it, calling all 66 backdoors at once. On-chain records show jaredfromsubway’s contract sending out 1,474 WETH worth $2.56 million, 2.87 million USDC, and 2.03 million USDT, all real assets, all in a single block, to an address that had been waiting weeks for exactly this moment.
PeckShield flagged the sweep in real time as it happened.
#PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT.
The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash pic.twitter.com/qY6IVDdnGJ
— PeckShieldAlert (@PeckShieldAlert) June 20, 2026
The bot’s operator put the total loss closer to $15 million and posted a $1 million bounty for the funds’ return, a fairly standard move in crypto when the alternative is chasing stolen assets through mixers with no guarantee of recovery. Whether the attacker takes the deal probably depends on how confident they feel about staying anonymous.
Why the Irony Cuts Deeper Than It Looks
The obvious read is simple: the predator became prey. But the more interesting detail is that the bot was never actually in profit on any of the 66 trades that led to its own downfall. Its internal simulation believed each one would be profitable, that belief is the only reason it engaged at all, but the attacker manufactured that belief. The attacker controlled both sides of every fake trade and could make the numbers say whatever was needed to trigger an approval.
So the bot that built a three-year career exploiting the gap between what a transaction appears to do and what it actually does ran straight into the exact same gap, just running in the other direction. It spent years reading other people’s pending trades and skimming the difference. It never once stopped to ask whether the trades it was reading on its own behalf were real.
Sandwich attacks like the ones jaredfromsubway specialized in have cost Ethereum traders an estimated $60 million a year, an invisible tax nobody votes for and nobody can opt out of except by routing through private mempools like Flashbots Protect. Regulators did not catch the bot. Traders did not organize against it. Somebody studied its incentive structure for weeks and built a version of reality convincing enough to fool it, and that is what finally caught it.
There is no clean moral victory here. Nobody refunds the $60 million in annual sandwich losses to the traders who actually lost it. The bot’s operator is out millions and is now publicly negotiating with a thief. Some of the stolen funds have already moved through Tornado Cash, according to CoinDesk’s review of on-chain activity, the same privacy mixer that has laundered stolen crypto from hacks for years. And the next version of this bot, or the next one built by someone else, will almost certainly patch the approval bug and keep running the same playbook against everyone else’s trades tomorrow.
What changed, briefly, is who was holding the worse end of the trade.
