幣圈公敵遭反殺！以太坊最大三明治機器人遭蜜罐攻擊，750萬鎂一夜虧光

Ethereum’s well-known trading bot "jaredfromsubway.eth" was recently set up by hackers, resulting in losses of up to $7.5 million. The hackers lured the bot into authorization through fake token contracts, then exploited unrevoked persistent permissions to drain the funds.

A long-time predator in the crypto market, notorious for harvesting retail investors and causing Ethereum players to shudder, finally met its match. Recently, the most infamous trading bot on Ethereum, "jaredfromsubway.eth," was targeted by hackers, losing $7.5 million. Ironically, the hacker didn’t exploit any sophisticated technical vulnerabilities but instead used the bot’s own automated trading logic against it, setting a perfect trap and luring it in.

Crypto’s Public Enemy: How "Sandwich Attacks" Drain Retail Investors?

"jaredfromsubway.eth" has long been known in crypto circles for launching sandwich attacks, a common arbitrage method involving "Max Extractable Value" (MEV, where miners or validators reorder transactions for extra profit). Specifically, automated programs lurk on the chain, and once they spot an unconfirmed transaction from a victim, they buy in first, forcing the victim to transact at a worse price, then immediately sell, effectively "sandwiching" the victim’s transaction and collecting an "invisible tax." Over time, this accumulates significant profits.

Strictly speaking, sandwich attacks are not classified as hacking thefts, but in crypto communities, they are widely regarded as "plundering behavior," not only extracting value from users but also causing transaction fee spikes on the chain, which is detrimental to ecosystem development.

Hackers meticulously planned for weeks, turning the tables on the bot’s "brain"

Blockchain security firm Blockaid pointed out that the incident last Saturday was not a typical phishing scam nor just a contract vulnerability; the hacker directly targeted the bot’s "brain"—its decision-making system.

According to investigations, the hacker spent weeks carefully orchestrating this scam, deploying dozens of fake token contracts and false liquidity pools on decentralized exchanges (DEXs), disguising them as profitable trading opportunities. Some fake tokens were even deliberately made to resemble common cryptocurrencies, such as wrapped Ether (WETH) and stablecoins USDC and USDT.

In the end, these baited setups worked. When "jaredfromsubway.eth" scanned the market as usual, mistakenly thinking it had found another lucrative MEV opportunity, it automatically generated "token approvals," allowing the hacker-controlled auxiliary contracts to access its funds. During early testing phases, these approvals were immediately consumed after transactions; later, the hacker modified the transaction paths to keep these approvals in an "open" state.

This granted the hacker unlimited withdrawal permissions, and they exploited these unrevoked authorizations to drain WETH, USDC, and USDT from the bot’s contract, stealing over $7.5 million. On-chain data shows some of the stolen assets were transferred to Tornado Cash mixers for laundering.

Greedy enough to even target "V God," ultimately becoming prey

This "hacker turns the tables on the bot" incident is filled with irony within the crypto community.

For a long time, "jaredfromsubway.eth" has been the leading example of malicious MEV on Ethereum. Data shows that just this type of sandwich attack causes about $60 million in losses annually for Ethereum traders. From November 2024 to October 2025, out of 60k to 90k attacks per month on Ethereum, up to 70% were carried out by "jaredfromsubway.eth."

In May this year, the bot even targeted a small transaction by Ethereum co-founder Vitalik Buterin. It spent $1.14 million to front-run V God’s transaction, and after high gas fees, it only earned a tiny profit of $4.

While this incident doesn’t significantly reduce the long-term threat of sandwich attacks to the crypto ecosystem, it does sound a loud alarm: algorithms that rely solely on pattern recognition and profit signals, automatically approving transactions at millisecond speeds, inherently carry a huge risk of being exploited in reverse.

• This article is reprinted with permission from "BlockCast"
• Original title: "Revenge Comes? Ethereum’s Largest 'Sandwich Attack' Bot Set Up, Hacker Turns the Tables and Drains $7.5 Million"
• Original author: Block Sister Mel