The well-known MEV bot Jaredfromsubway, responsible for roughly 70% of the sandwich attacks on Ethereum between November 2024 and October 2025, fell victim to a booby trap. The unknown attacker induced the bot to perform a routine operation, causing it to attack a prefabricated transaction and withdrawing about $7.5 million. Some of the funds were sent through the Tornado Cash mixer, making it hard to track.

The incident highlights the transparency paradox of the blockchain: since pending transaction confirmation is visible before finalization, participants with privileged access to the formation of blocs can use this in their own interests. While in traditional finance, frontloading is considered an illegal practice, in DeFi such schemes are often perceived as a permissible business model.

Jaredfromsubway was known for its aggressive strategy: the bot even transacted transactions of the creator of Ethereum, turning it into a kind of "tax" on trade for ordinary users. The case shows that even the most sophisticated MEV strategies are vulnerable to countermaneuvering. Researchers are continuing to work on solutions - encrypted mempules, private routing, and mechanisms for fairly ordering transactions could reduce the risks of similar attacks in the future.

***

The material is prepared solely for informational purposes and does not constitute a financial advice or recommendation.