Ethereum Sandwich Bot Jaredfromsubway.eth Drained of $7.5M via Fake Routes

Jaredfromsubway.eth, Ethereum’s largest sandwich bot, has lost $7.5 million through a fake trading-route approval exploit. The attacker presented routes that the bot treated as legitimate, then used the granted approvals to drain WETH, USDC and USDT. At a simple 1,350 won per dollar conversion, the loss is about 10.1 billion won. The irony is clear: an automated bot built to profit from positioning trades around other users became the victim of an approval-abuse attack.

Approval Attack on an MEV Bot

Sandwich bots read decentralized exchange order flow and place buys and sells around target trades. That strategy depends on speed, routing automation, gas bidding and broad token permissions. This exploit hit that automation layer. Once Jaredfromsubway.eth approved the fake routes, the attacker used the open allowance to move wrapped ether and dollar-linked stablecoins out of the bot’s control. The case is closer to token-approval abuse than private-key theft.

Why the Loss Matters

A $7.5 million loss is material for Korean investors as well, equal to roughly 10 billion won. USDC and USDT are core liquidity rails, while WETH is widely used in DeFi collateral and trading pairs. If stolen funds pass through multiple addresses and swaps, Korean exchanges may face higher monitoring pressure around suspicious deposits and external-wallet origin checks. Users should review old approvals, unlimited allowances and unverified routers after using DEX services.

Outlook

The incident shows that MEV profitability cannot outrun basic security design. High-frequency on-chain strategies are likely to adopt stricter router allowlists, allowance caps, real-time anomaly blocks and multisig withdrawal controls. For ordinary users, the lesson is practical: separate exchange custody from self-custody and revoke unnecessary token approvals after DeFi activity.