Vitalik Buterin, the co-founder of Ethereum and one of the most vocal critics of toxic maximal extractable value, became the target of a sandwich attack on April 30 when the notorious jaredfromsubway.eth bot front-ran and back-ran one of his own on-chain trades. The swap in question was worth roughly $3.86. The bot deployed more than $1.14 million in wrapped ether to execute the maneuver. The supporting evidence appears in the cited X post.
Blockchain data on Etherscan confirms Buterin swapped 26,544 digitalbits (XDB) tokens for 0.00197 ETH, a transaction valued at approximately $4.56 on the output side. The incident, captured in block 24993038, delivered a worse execution price to the Ethereum co-founder and reignited the conversation around Ethereum’s unresolved mempool transparency problem.
How a $4 Trade Attracted $1 Million in Bot Activity
A sandwich attack works in three mechanical steps. A bot monitoring the public mempool spots a pending transaction, inserts its own buy order ahead of it to push the asset price upward, waits for the victim’s trade to execute at that inflated price, then immediately sells to pocket the spread.
The victim typically receives a slightly worse fill without ever realizing they were targeted.
In this case, jaredfromsubway.eth routed $1.14 million worth of WETH through SushiSwap and Uniswap V2 to manipulate the XDB price across both pools in the moments before Buterin’s swap landed on-chain. The sandwiching transaction itself is publicly visible on Etherscan, along with the gas costs involved. After accounting for gas fees of $5.14, the bot appears to have lost money on this specific trade, meaning the attack generated no net profit.
That detail is arguably the most telling part of the entire episode. The jaredfromsubway.eth bot did not selectively target Buterin.
It did not pause to calculate whether the opportunity was worth pursuing. It simply identified a pending transaction in the mempool and executed its programmed response automatically, regardless of the profit outcome.
The bot is so industrialized that it scans every transaction flowing through Ethereum’s public mempool and inserts itself wherever it structurally can, even at a loss.
This kind of indiscriminate, high-frequency extraction is exactly what critics of MEV infrastructure have warned about for years. The public mempool functions as an open broadcast channel.
Every unconfirmed transaction is visible to anyone running a node or connected to a block builder, and sophisticated bots have turned that transparency into a systematic extraction mechanism operating at scale.
The Irony and the Roadmap Argument
Buterin has spent the past several months actively advocating for encrypted mempools as a core fix for toxic MEV, framing the issue as a 2026 Ethereum roadmap priority. He outlined the proposal in a post on X, positioning encrypted transaction ordering as one of the more important near-term improvements to Ethereum’s infrastructure. The concept involves hiding transaction details until after they are included in a block, removing the information asymmetry that bots like jaredfromsubway.eth currently exploit.
The April 30 incident gives that argument additional weight. If even the researcher and public figure most associated with identifying and proposing fixes to this problem cannot avoid being caught in the net, the scale of the issue becomes easier to appreciate.
Retail traders making small swaps across decentralized exchanges face the same bots, the same mempool exposure, and the same extraction mechanics with no realistic way to opt out under the current architecture.
MEV, which stands for maximal extractable value, refers to the profit available to whoever controls the ordering of transactions within a block. Validators, block builders, and searchers all participate in a competitive ecosystem built around capturing that value.
Sandwich attacks represent the most aggressive and visible form of this extraction. Cumulative MEV extracted on Ethereum has now crossed $1.2 billion across the history of the network, with sandwich attacks accounting for a significant portion of that total.
The jaredfromsubway.eth address has become one of the most recognized MEV bots operating on Ethereum, known for its high transaction volume and consistent presence across decentralized exchange activity. Its appearance in Buterin’s transaction history on April 30 was not a targeted operation.
It was business as usual for a bot that treats the mempool as an open hunting ground, scanning hundreds of thousands of pending trades in search of any structural edge it can insert itself into, however small or however large the position required.
For Ethereum developers and researchers, the episode functions less as a curiosity and more as a concrete data point. The argument for encrypted mempools is not theoretical.
It applies equally to co-founders making four-dollar swaps and to everyday users trading on Uniswap without understanding why their executed price consistently differs from the quoted one. Until the mempool itself changes, the extraction continues at the same pace regardless of who the trader is.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
