Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

An Ethereum-based bot, known as the biggest "sandwich" bot, was exploited for approximately $7.5 million this week. Blockaid, a blockchain security firm, reported that an attacker successfully tricked the bot's operator, identified by the ENS domain Jaredfromsubway.eth, into approving fraudulent trading routes. These compromised approvals then allowed the attacker to drain significant amounts of Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT) from the bot's holdings. Sandwich attacks typically involve a malicious actor placing buy and sell orders around a victim's transaction to profit from the price movement they create. The irony of this exploit lies in the fact that the bot itself was designed to manipulate trades, and it fell victim to a similar, albeit more direct, form of attack. The incident highlights ongoing vulnerabilities within decentralized finance (DeFi) protocols and the sophisticated methods employed by attackers.