Jaredfromsubway.eth, Ethereum's Most Active Sandwich Bot, Drained for $7.5M Over the Weekend - "The Defiant"

An attacker drained more than $7.5 million from jaredfromsubway.eth, the Ethereum address widely considered the single most-active sandwich-attack operator on the network, over the weekend. The loss is a rare public setback for an MEV bot that has run as one of Ethereum's largest priority-fee payers for years.

Security firm Blockaid disclosed the incident on Saturday, saying its exploit-detection system flagged a sweep transaction that pulled WETH, USDC, and USDT out of contracts controlled by the bot. The figure is the largest single-event loss publicly tied to an MEV operator to date. Some of the stolen funds have already been routed through Tornado Cash, according to onchain data cited by both outlets.

Jaredfromsubway.eth is an ENS-named Ethereum address run by an unidentified operator since early 2023, used to execute automated sandwich attacks at scale. In a sandwich attack, a bot front-runs a pending swap with its own buy order, lets the victim trade at the inflated price, then sells immediately after. The named operator is a public on-chain identity, and the address has been active since 2023.

Between November 2024 and October 2025, the bot was responsible for roughly 70% of all sandwich attacks on Ethereum, Cointelegraph Research found, out of 60,000 to 90,000 such attacks each month. Cointelegraph Research has separately estimated that sandwich attacks cost Ethereum traders about $60 million a year.