Vitalik Got Sandwiched: What the JaredFromSubway Bot Tells Us About Ethereum’s MEV Problem

Key Highlights

• The jaredfromsubway.eth bot sandwiched Vitalik Buterin’s $4 token swap on April 30, generating $1 million in sandwich volume against a $4 user transaction
• Cumulative MEV extracted on Ethereum has exceeded $1.2 billion, with sandwich attacks accounting for roughly 51% of total MEV volume
• Buterin has been publicly advocating for encrypted mempools as the primary fix for toxic MEV in Ethereum’s 2026 roadmap
• The Fork Choice Inclusion List proposal, known as FOCIL, would require block builders to include transactions from a randomly selected validator committee
• Sandwich attacks exploit the 12-second gap between when a transaction is broadcast and when it is included in a block

On April 30, 2026, Vitalik Buterin, the co-founder of Ethereum and its most prominent critic of toxic maximal extractable value, had one of his own transactions sandwich attacked by the protocol’s most notorious MEV bot. The bot, operating under the pseudonym jaredfromsubway.eth, detected Buterin’s $4 token swap in the public mempool, front-ran it with a large buy order, allowed Buterin’s transaction to execute at an artificially inflated price, and immediately sold into the price impact for a profit.

The transaction was small. The symbolism was enormous. The person who has spent the most time thinking about, writing about, and proposing solutions to Ethereum’s MEV problem could not protect a $4 swap from being sandwiched by a bot that scans every pending transaction in the network’s public mempool. If Vitalik cannot avoid a sandwich attack, regular users certainly cannot.

How the JaredFromSubway Bot Works

The jaredfromsubway.eth bot is not a new entrant to the MEV ecosystem. It has been operating on Ethereum for more than two years and is widely considered the most prolific sandwich attacker on the network. On the day it attacked Buterin’s transaction, it was executing hundreds of sandwich attacks simultaneously across the Ethereum mempool.

The mechanics of a sandwich attack are straightforward. A bot monitors the public mempool, the pool of pending transactions broadcast to the network but not yet included in a block, and identifies transactions that will move the price of a token in a decentralized exchange liquidity pool. When it detects such a transaction, it submits a buy order with a higher gas fee to ensure it is processed before the target transaction, then submits a sell order to be processed immediately after. The target user’s transaction is “sandwiched” between the bot’s two orders and executes at a worse price because the bot’s front-running order moved the price before the user’s transaction landed.

Uniswap’s most active trading pools see the highest sandwich attack rates because high-volume pools offer the largest front-running opportunities. Buterin’s April 30 swap was executed in a low-liquidity pool for a small-cap token, which paradoxically made it a better sandwich target: low liquidity means a small trade moves the price notably, creating a larger spread for the bot to capture. The $1 million in bot volume against a $4 user trade reflects the capital efficiency of sandwich attacks in low-liquidity pools, not the size of the user’s loss, which was a matter of cents on a $4 transaction.

The Scale of the Problem

Buterin’s transaction is a symbol, but the underlying data defines the actual problem. Cumulative MEV extracted on Ethereum has exceeded $1.2 billion since the Ethereum Foundation began tracking it systematically. Sandwich attacks account for approximately 51% of that total, making them the dominant form of toxic MEV by volume. The remaining 49% is composed of arbitrage (which is broadly considered benign because it keeps prices consistent across venues) and liquidations (which are necessary for lending protocol solvency).

Sandwich attacks are uniquely harmful because they extract value directly from ordinary users without providing any compensating benefit to the network. Arbitrage MEV improves price efficiency. Liquidation MEV keeps lending markets solvent. Sandwich MEV simply transfers money from users making trades to bots that intercept those trades. The $1.2 billion cumulative figure is a tax on Ethereum users that has been running continuously since the network launched the mempool architecture that enables it. Research from Flashbots estimates that individual users lose an average of 0.3% of their transaction value to MEV on Ethereum, a figure that compounds sharply for high-frequency traders and DeFi power users.

The FOCIL Proposal

Buterin introduced the Fork Choice Inclusion List concept, known as FOCIL, in early 2026 as a mechanism for preventing block builders from selectively excluding or reordering transactions for MEV extraction. The proposal works by creating a randomly selected committee of validators who submit lists of transactions that must be included in the next block. If a block builder attempts to exclude any transaction from the inclusion list, the block fails the fork choice rules and is rejected by the network.

FOCIL does not directly prevent sandwich attacks. A sandwich bot can still submit front-running and back-running transactions that will be included in the same block as the target transaction. What FOCIL prevents is a more centralized form of MEV extraction where a single block builder controls which transactions appear in blocks and can therefore selectively censor transactions that would reduce MEV opportunities. Block builder centralization has become a significant concern as a small number of builders now produce the majority of Ethereum blocks, creating a structural MEV extraction advantage for those builders over the broader validator set.

The FOCIL proposal is currently in the research phase and has not been formally included in any Ethereum Improvement Proposal for network implementation. Buterin has described it as one component of a broader MEV resistance roadmap that also includes encrypted mempools, application-layer MEV protection tools, and changes to how transactions are ordered within blocks.

The Encrypted Mempool Timeline

Encrypted mempools represent the more comprehensive solution to sandwich attacks. If a transaction’s details, including the token being traded, the amount, and the expected price impact, are encrypted until the transaction is included in a block, bots cannot construct profitable sandwich positions around it because they cannot identify the opportunity until it is too late to act.

Several approaches to encrypted mempools are under active development for Ethereum. Shutter Network’s threshold encryption approach uses a distributed key generation ceremony to create decryption keys that are only released after block inclusion. The SUAVE architecture proposed by Flashbots separates the MEV supply chain into a specialized network for MEV-aware block building while returning transaction privacy to users who opt into the system.

Shutter Network’s testnet has been running since late 2025, but mainnet integration requires changes to Ethereum’s core protocol that depend on decisions at the consensus layer level, not something that can be deployed by application developers alone. The Ethereum Foundation’s roadmap includes encrypted mempool research as a long-term objective rather than a near-term deliverable, which means that jaredfromsubway.eth and its peers will continue operating on the public mempool for the foreseeable future.

What Users Can Do Now

While encrypted mempools and FOCIL remain in development, Ethereum users have access to application-layer MEV protection tools that reduce sandwich attack exposure today. MEV Blocker, developed by CoW Protocol, routes transactions through a network of MEV-resistant relayers that hold transactions private until block inclusion. Flashbots Protect offers similar functionality, sending transactions directly to block builders who commit not to front-run them in exchange for transaction fee revenue.

CoW Protocol’s CoW Swap implements batch auction settlement, which eliminates front-running opportunities by settling multiple trades simultaneously at an uniform clearing price rather than sequentially. Uniswap’s newer AMM designs include slippage protection features that automatically revert transactions where the executed price differs considerably from the quoted price, limiting the loss users suffer from a successful sandwich attack even if it cannot prevent the attack from occurring.

The TCB View

That Vitalik Buterin himself was sandwiched by jaredfromsubway.eth on April 30 is simultaneously the most absurd and the most clarifying data point in the MEV debate. It demonstrates that the problem is structural, not behavioral: no amount of individual caution can protect users from a bot scanning every transaction in a public mempool at machine speed. The solutions exist in prototype form: encrypted mempools, FOCIL, batch auctions. They are not yet available at the Ethereum protocol layer for all users. Ethereum’s 2026 roadmap prioritizes many improvements, and MEV protection competes for development bandwidth with L1 scaling, account abstraction, and cross-chain interoperability. The sandwich attack on Ethereum’s own founder should accelerate that prioritization conversation. When the protocol’s creator cannot safely execute a $4 trade, the protocol has a user experience problem that no amount of ecosystem growth can permanently mask.