In crypto, the line between predator and prey is thinner than most people realize. This weekend, one of Ethereum’s most infamous “hunters” learned that lesson the hard way. jaredfromsubway.et
In crypto, the line between predator and prey is thinner than most people realize. This weekend, one of Ethereum’s most infamous “hunters” learned that lesson the hard way. jaredfromsubway.eth — the MEV bot famous for sandwiching retail traders for years — just got completely rinsed. Over $15 million vanished from its operations in a single, elegantly executed attack. Its portfolio reportedly dropped from roughly $25 million to around $4.4 million almost instantly. The attacker didn’t need to break the code. They simply tricked the bot’s own automation into handing over the keys.
According to on-chain data and analysis from security firm Blockaid, the attacker created fake token wrappers and fake liquidity pools that looked like legitimate arbitrage opportunities. The bot’s automated system — designed to jump on profitable MEV plays — granted token approvals to contracts controlled by the attacker. Once those approvals were live (many of them unlimited), the attacker used transferFrom to sweep:
All in one clean sweep.
The bot’s operator has since offered a $1 million bounty for the return of the funds, promising confidentiality. Whether that works remains to be seen.
MEV (Maximal Extractable Value) refers to the extra profit that can be made by reordering, including, or censoring transactions in a block. On Ethereum DEXes, the most visible form is the sandwich attack:
1. You try to buy a token.
2. The bot front-runs you (buys first, pushes the price up).
3. You buy at the worse price.
4. The bot back-runs you (sells into your purchase).
jaredfromsubway.eth has been one of the most successful practitioners of this strategy for years. It has extracted tens of millions from traders across lowliquidity memecoin pools while spending eye-watering amounts on gas. In short: it was very good at what it did.
Until it wasn’t.
The vulnerability wasn’t some exotic zero-day. It was something far more mundane and widespread in DeFi: unlimited token approvals.
Once a smart contract is given unlimited approval to spend your tokens, it can drain everything. The attacker didn’t need to compromise the bot’s core logic — they just needed to create a situation where the automation thought it was making a smart move and handed over the permissions.
This is the same pattern that has drained countless retail wallets over the years. The only difference here is the scale and the irony: the professional sandwich bot got sandwiched by its own automation.
This isn’t just a funny “poetic justice” story (though plenty of people are enjoying that angle).
It’s a stark reminder that on-chain finance carries risks that often dwarf the rewards.
DeFi gives us incredible tools — permissionless markets, composability, transparency. But it also removes the safety nets that traditional finance (for all its flaws) provides. There’s no customer support, no chargebacks, and very little recourse once the funds leave your control.
If you’re active in DeFi and RWA, here are practical steps that actually move the needle:
Most importantly: treat high-APY or MEV-chasing strategies as high-risk speculation, not passive income.
Incidents like this highlight why infrastructure quality matters so much. At Starcoin Foundation, we’ve been focused on building transparent, secure, and compliant Web3 infrastructure — particularly around real-world assets (RWAs) and digital finance. The goal is simple: reduce the attack surface and give users clearer, safer ways to interact with on-chain systems.
The more the industry prioritizes robust security standards and thoughtful design, the fewer of these painful lessons we’ll have to learn the hard way.
X (formerly Twitter):@StarcoinGP
Telegram:Join our RWA Community
