Ethereum MEV Bot JaredFromSubway Threatens Legal Action After $7.5 Million Loss

A well-known trading bot took a notable hit this weekend after it fell victim to a series of transactions that left its logic exposed to malicious behavior.

The $7.5 million attack, which took place on Saturday, marked a sudden setback for “jaredfromsubway” and the formula it has used to quietly notch profits on Ethereum for years.

The trading bot has been credited with perfecting the so-called sandwich attack. The strategy is widely viewed as a form of market manipulation on decentralized exchanges, involving trades that are placed around pending transactions and hurt price execution.

Essentially, an attacker presented jaredfromsubway with misleading opportunities that later allowed the bad actor to drain legitimate funds, according to security firm Blockaid. The scheme boiled down to fake tokens and fraudulent smart contracts, Blockaid added in an X post.

Jaredfromsubway is designed to continuously scan for profitable trades, and in order to act on them, it occasionally needs to provide entities with permission to move funds on its behalf.

Some transactions that jaredfromsubway engaged in revoked those powers as soon as they were completed, while the ones that were crafted later by the attacker didn’t. “That left attacker-controlled spenders armed,” Blockaid explained.

Although the crypto industry has developed several services to prevent sandwich attacks, entities like jaredfromsubway are viewed, in some ways, as unavoidable. However, Saturday’s attack showed that the trading bot’s logic is far from infallible.

The trading bot’s operator appeared to recognize this. In an on-chain message, they offered a “50% white hat bounty” for the return of 2,150 Ethereum, currently valued at roughly $3.7 million, within the next 48 hours. Otherwise, the individual behind the bot threatened to pursue legal remedies and involve law enforcement.

“Finally, someone punished the infamous sandwich attacker,” an onlooker remarked on X. “People don’t die without experiencing what they’ve inflicted on others.”

Sandwich attacks fall under the umbrella of Maximal Extractable Value (MEV). Coined in 2019, the term refers to validators and other participants who are able to generate profits by reordering transactions before they are finalized.

Following the exploit on Saturday, the attacker appeared to begin covering their tracks.

Security firm PeckShield noted in an X post that—after stealing wrapped Ethereum and stablecoins—a portion of the funds was swapped and partially deposited in Tornado Cash, a common resource for attackers trying to obscure the flow of ill-gotten gains.