Notorious Ethereum ‘Vampire’ Bot Loses $7.5M in Poetic Justice Hack

The self-proclaimed “vampire” of the Ethereum blockchain, a trading bot that has long preyed on retail investors and instilled fear among DeFi users, has finally met its match. In a stunning turn of events, the notorious Ethereum trading bot, “jaredfromsubway.eth,” recently fell victim to a sophisticated hack, losing a staggering $7.5 million. The irony is palpable: the attacker didn’t exploit some arcane technical flaw, but rather leveraged the bot’s own automated trading logic against it, setting an elaborate trap that the predator walked right into.

Understanding the ‘Sandwich Attack’: How This Crypto Predator Operates

“jaredfromsubway.eth” earned its infamy through persistent “sandwich attacks”—a common arbitrage technique within the realm of Maximal Extractable Value (MEV). MEV refers to the additional profit miners or validators can extract by strategically reordering transactions on a blockchain. In a sandwich attack, an automated program monitors the mempool for pending user transactions. Once it spots a target, it executes a “front-run” by buying the asset just before the victim’s transaction, forcing the victim to purchase at a worse price. Immediately after the victim’s transaction confirms, the bot “back-runs” by selling the asset, effectively “sandwiching” the victim’s trade and extracting an “invisible tax.” Over time, these cumulative profits have been substantial.

While not technically a hack or theft in the traditional sense, sandwich attacks are widely condemned within the cryptocurrency community as predatory behavior. They not only siphon value directly from users but also contribute to increased transaction fees, offering no genuine benefit to the ecosystem’s healthy development.

A Masterstroke: Hacker’s Weeks-Long Deception Exploits Bot’s Core Logic

Blockchain security firm Blockaid reported that the incident, which occurred last Saturday, was far from a simple phishing scam or contract vulnerability. Instead, the hacker meticulously targeted the bot’s “brain”—its decision-making and execution system.

Investigations reveal that the attacker spent several weeks patiently orchestrating this elaborate deception. They deployed dozens of fake token contracts and bogus liquidity pools across various decentralized exchanges (DEXs), carefully disguising them as highly profitable trading opportunities. Some of these counterfeit tokens even mimicked popular cryptocurrencies like Wrapped Ethereum (WETH) and stablecoins such as USDC and USDT, adding to their deceptive allure.

Ultimately, the bait proved irresistible. As “jaredfromsubway.eth” routinely scanned the market, it mistook these fabricated opportunities for genuine MEV gains. Following its programmed logic, the bot automatically generated “token authorizations,” granting the hacker-controlled auxiliary contracts permission to access its funds. Crucially, while early test transactions saw these authorizations revoked immediately after completion, the hacker cleverly manipulated the transaction path to ensure these authorization states remained “open.”

This critical exploit granted the hacker “standing permission” for unlimited fund withdrawals. Seizing the opportunity, the attacker promptly used these unclosed authorizations to drain the bot’s contract of its WETH, USDC, and USDT holdings, absconding with over $7.5 million. On-chain data indicates that a portion of the stolen assets has since been transferred to the mixer Tornado Cash, likely in an attempt to obscure the money trail.

From Predator to Prey: The Downfall of a Notorious MEV Bot

This “hacker-vs-bot” saga has resonated deeply within the crypto community, brimming with a sense of poetic justice.

For years, “jaredfromsubway.eth” has been synonymous with “malicious MEV” on Ethereum. Data suggests that sandwich attacks alone cost Ethereum traders approximately $60 million annually. Between November 2024 and October 2025, “jaredfromsubway.eth” was reportedly responsible for a staggering 70% of the 60,000 to 90,000 monthly sandwich attacks occurring on Ethereum.

Its insatiable greed was famously highlighted in May of this year when the bot even targeted a small transaction made by Ethereum co-founder Vitalik Buterin. In that instance, it deployed $1.14 million to front-run Buterin’s transaction, only to net a meager $4 profit after accounting for exorbitant fees.

While this incident may not fundamentally curb the long-term threat of sandwich attacks to the broader cryptocurrency ecosystem, it serves as a powerful wake-up call. It starkly reminds us that algorithmic systems, designed to automatically approve transactions at millisecond speeds based solely on pattern recognition and profit signals, inherently harbor significant risks of being exploited and turned against their creators.