Polylog
The Polylog Crypto Intelligence Brief

Morning Edition · Sunday, June 21, 2026

Ethereum's Most Notorious Trading Bot Is Drained of $7.5 Million by a Reverse Trap

An attacker fed the sandwich bot Jaredfromsubway.eth dozens of fake liquidity pools, then used the bot's own token approvals to take its funds.

Ethereum's Most Notorious Trading Bot Is Drained of $7.5 Million by a Reverse Trap

For more than three years, the address known as Jaredfromsubway.eth operated one of Ethereum's most aggressive maximal extractable value (MEV) operations, a bot that profited by inserting its own trades around other users' transactions in what is called a sandwich attack. Roughly 70% of Ethereum sandwich attacks were associated with the address, which has operated since early 2023. This week it became the target.

The attack used the bot's own automated decision logic, not a contract bug or a stolen key. According to the security firm Blockaid, the attacker deployed 66 counterfeit token contracts and fake liquidity pools over several weeks, some imitating wrapped ether and the dollar-pegged stablecoins USDC and USDT, so that they looked like profitable MEV opportunities. The bot generated token approvals for attacker-controlled helper contracts, and the attacker then called all 66 backdoors in a single transaction to remove about $7.5 million in WETH, USDC and USDT. Blockaid's chief technology officer, Raz Niv, described it as a counter-MEV honeypot attack.

Loss estimates vary. Onchain trackers cited by BWE News put the figure above $15 million, while CoinDesk and Blockaid place the confirmed drain at roughly $7.5 million. No funds have been reported frozen or recovered, and the operator behind the bot remains unidentified.

The root cause is worth stating plainly. The bot trusted its own profit-seeking logic to grant spending approvals, and an adversary manufactured the exact conditions that logic was built to exploit. Approval-based access control, not a coding error, was where the system failed.

Smaller incidents continued in parallel. Rekt News logged drains and exploits at protocols including Humanity Protocol, Syscoin, Gravity Bridge and DxSale over the same period, the routine background of bridge, mint and access-control failures that keep monthly decentralized finance (DeFi) losses elevated.

Veracity: Corroborated
88/100
If true, who benefits

The security firm Blockaid gains visibility by naming the "counter-MEV honeypot," and the narrative that a predatory sandwich bot was turned on itself flatters everyone its trades extracted value from.

The nuance

The $7.5 million figure is corroborated by multiple independent outlets while the $15 million number rests on a single Telegram tracker, and the operator and attacker both remain unidentified, so motive is asserted, not established.

An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.

What this means

MEV bots are among the most sophisticated automated actors on Ethereum, so seeing one defeated by manipulated incentives rather than a code flaw shows that adversaries are now attacking decision logic and approval permissions, not just smart-contract code. That widens the threat surface for any automated agent that grants token approvals based on what it observes onchain.

What to watch

  • Whether onchain analysts converge on the $7.5 million or $15 million loss figure, which will clarify the true scale and whether other bots were caught in the same trap.
  • Whether more MEV and arbitrage operators adopt stricter approval limits after this, a sign the industry is treating automated-logic manipulation as a first-class risk.

Observations to monitor, not financial advice.

2 sources

Synthesized from: CoinDesk · Polylog editors

Part of a tracked trend

Bridge and Mint Exploits Sustain Heavy DeFi Losses

Over 3-6 months, recurring bridge proof-validation and unauthorized-mint exploits keep monthly DeFi losses elevated, including drains of deprecated contracts.