Tether Blacklists MEV Bots Exploiter ‘Sandwich the Ripper’ After ‘Official Requests’

The exploiter has since moved their USDC to a different wallet

by Bessie Liu /
article-image

Antonio Bernad Lafuente/Shutterstock modified by Blockworks

share

Tether, a centralized entity behind popular stablecoin USDT, has blacklisted an Ethereum validator who had front-run MEV bots, earning $25 million via a sandwich attack.

The exploiter, who called themselves “Sandwich the Ripper,” will no longer be able to receive, send or redeem the $3 million worth of USDT held in their address.

Newsletter

Subscribe to Blockworks Daily

Tether’s decision to blacklist the exploiter has drawn criticism from industry participants. 

Uri Klarman, the CEO of bloXrouteLabs, told Blockworks in an interview that the exploiter did exactly what a sandwich bot would do.

“It didn’t hurt the consensus, it didn’t create two blocks at the same time, it gave them an invalid block that didn’t propagate,” Klarman said.

This is similar to what front-running MEV bots do — the only difference, Klarman said, was that it took money from the searcher in a way that they did not anticipate. 

“We don’t do this to others, but this guy managed to trick the searchers and somehow they get blacklisted…it’s a really bad precedent,” Klarman said. 

In response to why the company had decided to blacklist the attacker, a Tether spokesperson told Blockworks that “Tether routinely works with law enforcement agencies around the world as part of our commitment to cooperation, transparency, and accountability.”

Tether has not specified which official entity requested them to blacklist “Sandwich the Ripper” but noted that “we respect official requests to temporarily freeze funds and are proud of our role as industry leaders in promoting cooperation between industry and government authorities.”

“Sandwich the Ripper” has since moved their USDC to a different wallet, a tweet by umbrella_uni noted “Most likely to circumvent USDC blacklist as Circle would have to blacklist all ‘lent’ USDC deposits.”

Loading Tweet..

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

morpho 2 graphic.png

Research

Morpho and the DeFi Mullet

Utilizing a ‘DeFi Mullet’ approach, Coinbase’s Bitcoin-backed loans integration with Morpho demonstrates a powerful blueprint for CEXs to monetize dormant assets by expanding adoption of wrapped products (cbBTC, USDC) while also supporting native and/or preferred DeFi ecosystems (Base) which can further lead to downstream growth in onchain liquidity and increased utilization of the related assets.

by Danny K

/

news

article-image

BusinessEmpire Newsletter

Exclusive: WisdomTree Connect expands to Base, Arbitrum, Avalanche and Optimism

The platform also rolled out 13 tokenized funds for institutions on the Connect platform

by Katherine Ross /
article-image

FinanceForward Guidance Newsletter

New Grayscale launches, filing reflects crypto product innovation boom

The company’s expanded lineup introduces new ETF products, as more and more issuers get into crypto funds

by Ben Strack /
article-image

Markets

US equities, cryptocurrencies fall on Trump’s sweeping global tariffs 

President Donald Trump announced a 10% levy on almost all goods and additional tariffs on so-called “worst offending” countries

by Casey Wagner /
article-image

Lightspeed NewsletterMarkets

Post meme-ism: Solana’s quiet pivot to utility

Solana may be in “recomposition” mode, as new protocols put usefulness ahead of mere virality

by Jeff Albus /
article-image

BusinessForward Guidance Newsletter

Circle plans an IPO, but faces a competitive landscape

The stablecoin issuer will have to contend with bigger players and the interest rates environment

by Ben Strack /
article-image

Forward Guidance NewsletterPolicy

Trump gears up to unveil ‘Liberation Day’ tariffs 

The president reportedly was still working on his tariff policy plans late Tuesday evening

by Casey Wagner /