惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

AI
AI
WordPress大学
WordPress大学
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
V
Visual Studio Blog
The GitHub Blog
The GitHub Blog
IT之家
IT之家
D
Docker
M
MIT News - Artificial intelligence
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
博客园_首页
Y
Y Combinator Blog
F
Full Disclosure
Microsoft Security Blog
Microsoft Security Blog
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
Vercel News
Vercel News
T
Threat Research - Cisco Blogs
T
Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
N
Netflix TechBlog - Medium
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
爱范儿
爱范儿
Cisco Talos Blog
Cisco Talos Blog
博客园 - 叶小钗
Latest news
Latest news
C
Check Point Blog
阮一峰的网络日志
阮一峰的网络日志
博客园 - Franky
P
Privacy International News Feed
MyScale Blog
MyScale Blog
Project Zero
Project Zero
Simon Willison's Weblog
Simon Willison's Weblog

Chainalysis

OFAC Sanctions Iran Central Bank Crypto Wallets, Freezing $131M in Stablecoins - Chainalysis “Stern” Ransomware Operator Sanctioned by EU Chainalysis Supports Stable with Automatic Token Support - Chainalysis Daubert Standard: How Chainalysis Reactor Met the Bar Breadth, Depth, And Quality: Comparing Blockchain Analytics Vendors OFAC Sanctions 100+ ISIS-K Crypto Addresses Chainalysis Supports Robinhood Chain with Automatic Token Support An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics - Chainalysis 10 Questions to Ask Your Blockchain Analytics Provider OFAC Sanctions ISIS Financial Facilitators Brazil's Crypto Crime Challenge: How Global Money Laundering Networks Target Latin America's Largest Market Brazil's Crypto Crime Challenge: How Global Money Laundering Networks Target Latin America's Largest Market Pre- and Post-Designation Sanctions Screening What Is Approval Phishing? Detect & Disrupt Crypto Scams at Scale Ghana and the UK Recovered $15 Million via Blockchain Global Law Enforcement Dismantles ‘AudiA6’ Crypto Laundering Network Linked to Ransomware Gangs Chainalysis and the Korean National Police Agency (KNPA) Sign MoU to Strengthen Virtual Asset Investigation Capabilities 체이널리시스와 대한민국 경찰청(KNPA), 디지털 자산 수사 역량 강화를 위한 양해각서(MoU) 체결 The Hidden Code Problem: How Unverified Smart Contracts Are Becoming a Preferred Target for Attackers The $100 Million Crypto “Looksmaxxing” Boom: How Chinese Cartel Suppliers Pivoted to the Gray-Market Peptide Ecosystem Agentic Payments Cross the Threshold: Inside x402’s Path to Meaningful Adoption OFAC Sanctions Nobitex and Major Iranian Cryptocurrency Exchanges in Sweeping Evasion Crackdown The New Compliance Floor: Organizations are Adopting Stronger Than Ever Monitoring Practices U.K. Sanctions 18 Entities and Persons for Evading Russian Trade Blockades OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses OFAC Sanctions Sinaloa Cartel Fentanyl Trafficking and Crypto Laundering Network How Blockchain Intelligence Uncovered a Million-Euro Bitcoin Ordinals Tax Fraud Scheme Crypto Prediction Markets Explained: How the Blockchain Is Reshaping Forecasting Where to Build: A Data-Driven Guide to Blockchain Infrastructure for TradFi Tokenization Australia’s Crypto Crossroads: Regulation is Here, Now Comes the Hard Part OFAC Updates Central Bank of Iran Designation Following Record $344 Million Tether Seizure amid Strait of Hormuz Toll Controversy U.S. Government Unveils Sweeping Enforcement Actions Against Southeast Asian Scam Centers and Crypto Fraud Networks EU’s 20th Russia Sanctions Package Signals a New Era of Crypto-Specific Enforcement Inside the KelpDAO Bridge Exploit: How ~$292 Million in rsETH Was Released Against a Non-Existent Burn $30 Billion and Counting: How Tokenized RWAs Are Becoming a Mainstream Investment for Institutional Capital Sanctioned Russia-Linked Exchange Grinex Suspends Operations Following Alleged Cyberattack Iran’s Strait of Hormuz Crypto Toll: An Evolution of Tehran’s Expanding Use of Digital Assets Operation Atlantic: How Public-Private Collaboration Is Freezing Millions in Crypto Scam Proceeds The Drift Protocol Hack: How Privileged Access Led to a $285 Million Loss The $100 Trillion Wealth Shift: Stablecoin Utility and the Future of Payments Chainalysis Links NYC 2026: AI Amplification, TradFi Convergence, and the Power of Networked Intelligence Chainalysis、初のブロックチェーン・インテリジェンス・エージェントを発表 Chainalysis Introduces the First Blockchain Intelligence Agents From the Battlefield to the Blockchain: How Cryptocurrency Is Helping Finance the Drone Revolution Chainalysis Supports Tempo with Automatic Token Coverage 英国政府が Xinbi を制裁:中国語圏の暗号資産詐欺を支えるインフラの中核を指定
Sandwich Attack: How JaredfromSubway Lost $7.5M - Chainalysis
Chainalysis Team · 2026-06-26 · via Chainalysis

Summary

  • JaredfromSubway.eth, the most prolific sandwich-attack bot on Ethereum, was drained of at least $7.5 million in a reverse honeypot exploit on June 20–21, 2026.
  • An unknown attacker deployed 66 fake token contracts to trick the bot into granting token-spending approvals, then swept its real assets in a single coordinated transaction.
  • The stolen funds — ETH and stablecoins — were converted to ETH and sent to Tornado Cash. No funds have been recovered.
  • The exploit underscores the importance of revoking unused approvals and vetting smart contracts before interacting with them on-chain.

Ethereum’s most notorious sandwich attacker just got compromised. Over the weekend, JaredfromSubway.eth — who spent years squeezing other traders for profit — lost at least $7.5 million in crypto to a trap disguised as a lucrative trade.

How sandwich attacks work

The attack struck in Ethereum’s mempool: the waiting room where on-chain trades go before they finalize. Integral to the way Ethereum works, its mempool is viewable by anyone – even rival traders. Savvy operators like JaredfromSubway.eth have long forged an edge with mempool intelligence. They front-run victims’ yet-to-finalize orders, pushing up the price for the user. Then, they back-run them too, creating an arbitrage sandwich.

Ethereum’s most prolific sandwich bot

This highly profitable trading strategy is controversial and unseemly, but also widespread. JaredfromSubway.eth has made tens of millions of dollars sandwiching other traders since 2023. His bot hunts for opportunities to extract value across DeFi, monitoring token pools for imbalances and inefficiencies, and, when it finds one, making a sandwich to capture some cash.

How the $7.5 million honeypot exploit worked

That’s what happened over the weekend. Jared’s bot spotted a series of pools that it could exploit. So it went through the normal motions – including granting spending approvals – needed for executing automated transactions quickly enough for the mempool.

But the smart contracts to which his bot granted spending approvals were actually honeypots. Their token trading pairs were illegitimate stooge assets; there wasn’t a real profit for Jared to extract. His bot didn’t register this. Over multiple transactions, it kept granting approvals to these malicious contracts — permissions that were never revoked. Once enough had accumulated, a tripwire smart contract activated and drained JaredfromSubway.eth of at least $7.5 million.

Following the money: laundering through Tornado Cash

Stolen assets included ETH and millions of dollars in stablecoins. Keeping the assets in stablecoins presented a risk to the attacker; the stablecoins’ issuers could choose to freeze the funds. That may be why within minutes of acquiring the stablecoins, the attacker swapped them into ETH as well – shielding the stolen assets from an easy freeze.

Using Reactor, we can see that over the following days, the attacker split their ill-gotten gains across other wallets. This kicked off a chain of transfers leading into Tornado Cash, a tool that obfuscates the flow of funds.

Why this matters for every DeFi user

The mechanics of this exploit offer a lesson for anyone transacting on-chain.

Unrevoked token approvals are standing invitations

The attack worked because Jared’s bot granted token-spending approvals to smart contracts it never bothered to vet. Every day, ordinary DeFi users do the same thing. They approve contracts to spend their tokens – often granting unlimited permissions to code they’ve never read. Those approvals don’t expire. Each is a standing invitation for someone else to move your money. Jared’s bot had dozens of them pointing at malicious contracts, and it never noticed. Most wallets are no different.

The counterparty problem with unverified contracts

Then there’s the counterparty problem. In traditional finance, you know who’s on the other side of a trade. On-chain, the counterparty is the smart contract itself – and if that contract is unverified, you’re essentially signing a deal you can’t read. Jared’s bot interacted with 66 fake contracts that mimicked legitimate tokens. A manual review of the code – or even a basic check of deployment history – might have flagged them. But the bot was optimized for speed. It skipped due diligence, and lost $7.5 million for it.

How to protect yourself from honeypots

Revoke approvals you no longer need. Vet the contracts you interact with – check whether they’re verified on Etherscan, look at who deployed them. Be skeptical of new pools with no track record. Otherwise, you risk getting rolled.

FAQs

What is a sandwich attack?

A sandwich attack is a predatory trading strategy where a bot monitors Ethereum’s mempool – the public waiting room for pending transactions – and spots a trade it can exploit. The bot front-runs the victim’s order with its own buy, pushing the price up, then lets the victim’s trade execute at the inflated price. Immediately after, the bot sells for a profit. The victim gets a worse deal; the bot pockets the difference. It’s called a sandwich because the victim’s trade is squeezed between the bot’s two orders – the bread on either side.

Who is JaredfromSubway.eth?

JaredfromSubway.eth is the pseudonymous operator of Ethereum’s most prolific sandwich bot, active since 2023. At its peak, the bot’s prolific sandwich activity cost traders an estimated $60 million a year. It was frequently the single largest gas consumer on the entire network.

How did the attack unfold?

An unknown attacker deployed 66 fake token contracts that mimicked legitimate assets like WETH, USDC, and USDT, and paired them with fraudulent liquidity pools. To Jared’s bot, these looked like easy sandwich targets. As the bot moved to exploit them, it granted token-spending approvals to the attacker’s contracts. But those approvals were never consumed or revoked. They stayed open, giving the attacker a means to move the bot’s real assets. Once enough approvals had accumulated, the attacker triggered a single coordinated transaction that swept approximately $7.5 million in ETH and stablecoins from the bot’s wallets. The stolen funds were quickly converted to ETH and sent through Tornado Cash.

How can I avoid getting hacked this way?

Revoke token approvals you no longer need. Vet the contracts you interact with before you sign anything. Check whether the contract is verified on Etherscan. Look at when it was deployed and by whom. Be wary of new, unaudited pools offering too-good-to-be-true trades – it may have been designed that way on purpose.

This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. 

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.