The predator ultimately becomes the prey. But the truly worthwhile part of the story is not who wins or loses, but rather that this "robots eating robots" arms race is fundamentally shaking the security of Ethereum transactions.

Written by: Cathy

On June 20, 2026, the vault of Ethereum's most notorious sandwich bot jaredfromsubway.eth was emptied.

$7.5 million, one transaction, one block. The automated hunter that earned tens of millions of dollars annually by "sandwiching" others' trades stepped into a trap in its own hunting ground.

This is not the first time. Three years ago, a hacker disguised as a regular validator used an entrance ticket of 32 ETH to steal $25.2 million from the pockets of five top sandwich bots.

The predator ultimately becomes the prey. But the truly worthwhile part of the story is not who wins or loses, but rather that this "robots eating robots" arms race is fundamentally shaking the security of Ethereum transactions.

01 Every transaction you make is being stolen

Let’s clarify what sandwich bots are doing.

In decentralized exchanges like Uniswap, your trading intentions are put into a public waiting area called the mempool before being put on-chain. Everyone can see what you intend to buy, how much, and how much slippage you are willing to accept.

Sandwich bots monitor this waiting area 24/7. When they see that you are about to buy a significant amount of a token, they rush in front of you with a buy order to raise the price, then place a sell order right after you at the inflated price.

You get "sandwiched," paying more and receiving less.

The loss per transaction might only be a few dollars, and you might not even notice it. But that is precisely where it becomes insidious.

Thousands of transactions are sandwiched every day, accumulating into a massive "invisible tax."

It’s not just regular traders being exploited; liquidity providers are in an even worse situation.

AMM’s price adjustments are always slower than centralized exchanges like Binance, allowing external arbitrageurs to repeatedly pull assets from pools using outdated low prices. Academic studies refer to this as "rebalancing loss" (LVR). Research indicates that the value loss it causes for LPs exceeds the total of all sandwich attacks by an order of magnitude.

Simply put, from seekers to builders to validators, the entire MEV industry chain is draining blood from ordinary users daily.

Jared is the top player in this business, once capturing nearly 70% of Ethereum mainnet traffic for sandwich attacks.

02 66 traps and a liquidation

The counterattack in 2026 was as intricate as a crime movie.

The hacker spent weeks deploying 66 fake token contracts, each paired with deceptive liquidity pools. These pools were mathematically designed to present very high profit signals on-chain, specifically luring in Jared’s scanning algorithm.

As expected, Jared came. Its program automatically launched sandwich attacks against these fake tokens, and during the interaction, the routing contract granted the attacker's contract token transfer permissions (called approve).

The key was in the next step. To save on gas fees, the developers of Jared did not write logic to revoke authorization after the transaction was completed. In the world of smart contracts, once authorization is granted, it remains permanently effective unless manually reset to zero with an approve call. This is known as "dangling authorization."

Once all 66 traps were set, the hacker initiated a transaction in the same block, calling transferFrom, directly transferring all of Jared's vault’s 1474.58 WETH, 2.87 million USDC, and 2.09 million USDT. They then swiftly converted it into thousands of ETH on-chain and funneled it into Tornado Cash.

Then, they disappeared.

The April 2023 attack was even more violent, directly targeting the trust foundation of Ethereum's PBS architecture.

The hacker staked 32 ETH to become a validator, then initiated a large slippage trade in a severely illiquid Uniswap V2 pool (which only had 0.005 WETH and 4.5 STG left), deliberately creating enticing room for sandwich attacks.

The bots took the bait. To capture this arbitrage, they poured in 2454 WETH (about $4.4 million), just to exchange for that pitiful 4.5 STG, hoping to resell for less than 0.35 ETH in profit. The ratio of transaction amount to profit was as high as 7000:1.

Then came the fatal blow. When the malicious validator packaged the block, it sent a deliberately constructed invalid block header to the Flashbots relay. The relay code had a critical error handling vulnerability: as long as the signature verification passed, even if the block header was invalid, it would prematurely return the plaintext transaction content of the sandwich bots to the validator.

Upon receiving the plaintext, the validator discarded the invalid block and reassembled one: placing the 2454 WETH buy order injected by the bot at the forefront, and then inserted its own attack contract that used 158 STG to siphon all WETH from the pool.

Not just WETH. The hacker manipulated multiple token pools like AAVE, SHIB, CRV, UNI, and MKR using the same tactics, robbing over $25 million in total. This included 7461 WETH and 5.3 million USDC.

A 32 ETH ticket fetched almost 800 times the return.

03 Every wallet has the same vulnerability

These two incidents seem like an internal war in the bot world, but the underlying issues directly affect every ordinary user.

The dangling authorization exploited in the breach of Jared may similarly exist in your wallet. Many people, when using Uniswap or claiming airdrops, habitually click "grant unlimited transfer limit." Once the relevant contract is breached, hackers can use the same transferFrom method to drain your stablecoins.

Deeper threats lie in the fact that MEV is making Ethereum unsafe.

When the arbitrage profits in a block far exceed the block rewards, validators have the motive to cheat: ignoring others' newly produced blocks and instead pulling up a chain at a historical block height to claim high-profit transactions as their own. This so-called "time-bandit attack," if it occurs frequently, will collapse the transaction certainty of Ethereum.

The high-frequency front-running and gas bidding (PGA) of MEV bots also rapidly consumes a lot of block space, driving up gas fees across the network. Even if you are just making a simple transfer, you have to pay for the game between bots.

Block construction is also rapidly centralizing. The capture of high MEV relies heavily on highly precise algorithms and large-scale infrastructure, with a few professional builders controlling the vast majority of block packaging shares. Once they coordinate censorship, Ethereum's resistance to censorship becomes merely a theoretical promise.

The Ethereum community's countermeasures have taken two paths. Protocol-level PBS (ePBS) aims to write the relay functions into the consensus layer, eliminating third-party vulnerabilities at the protocol level. Cryptographic memory pools (like Shutter Network) use time-lock encryption technology to keep transactions in an encrypted state until sorting is complete, fundamentally removing data input for sandwich attacks.

However, these solutions are still a distance from full implementation. The most practical self-rescue measures now are two things.

First, switch your wallet's RPC to Flashbots Protect or MEV Blocker. Transactions no longer pass through public mempools, not only avoiding being sandwiched but also allowing you to reclaim some arbitrage profits through order flow auctions (OFA), with an average delay of only one or two blocks.

Second, periodically check and revoke unnecessary token authorizations in your wallet. Many people casually granted unlimited limits on some DEX six months ago and have long forgotten, but that authorization still remains on-chain. It only takes a few minutes to scan with tools like Revoke.cash.

The $7.5 million lesson from Jared is worth at least this one takeaway.

In the dark forest, hunters can also be hunted. But the first to bleed will always be the unprepared.