Ethereum’s biggest ‘sandwich’ bot drained of $7.5 million in ironic exploit

The recent attack on Jaredfromsubway.eth involved a complex setup that took several weeks to build. The attacker deployed fake token contracts and liquidity pools that appeared to be profitable trades, enticing Jaredfromsubway.eth’s bot to engage with them. These fake contracts mimicked popular assets like wrapped ether (WETH), USDC, and USDT.

Once Jaredfromsubway.eth’s bot generated approvals for the attacker’s helper contracts to spend tokens on its behalf, the attacker took advantage of open approvals to drain over $7.5 million worth of WETH, USDC, and USDT from Jaredfromsubway.eth’s contracts. Some of the stolen funds were later traced to Tornado Cash, a privacy-focused mixer for Ethereum transactions.

Interestingly, Jaredfromsubway.eth has been a prominent figure in the discussion around Miner Extractable Value (MEV) on Ethereum. MEV refers to the profit that miners and bots can make by reordering transactions in a block to their advantage. Sandwich attacks, like the one experienced by Jaredfromsubway.eth, have been a significant issue in the Ethereum ecosystem, costing traders millions of dollars each year.

The attack serves as a stark reminder of the vulnerabilities present in decentralized finance (DeFi) protocols and the ongoing battle against malicious actors in the space. As the crypto community continues to innovate and develop new solutions, it is crucial to remain vigilant and implement robust security measures to protect users’ funds and prevent similar incidents in the future.