Morning Edition · Sunday, June 21, 2026
Ethereum's Most Notorious Trading Bot Is Drained of $7.5 Million by a Reverse Trap
An attacker fed the sandwich bot Jaredfromsubway.eth dozens of fake liquidity pools, then used the bot's own token approvals to take its funds.

For more than three years, the address known as Jaredfromsubway.eth operated one of Ethereum's most aggressive maximal extractable value (MEV) operations, a bot that profited by inserting its own trades around other users' transactions in what is called a sandwich attack. Roughly 70% of Ethereum sandwich attacks were associated with the address, which has operated since early 2023. This week it became the target.
The attack used the bot's own automated decision logic, not a contract bug or a stolen key. According to the security firm Blockaid, the attacker deployed 66 counterfeit token contracts and fake liquidity pools over several weeks, some imitating wrapped ether and the dollar-pegged stablecoins USDC and USDT, so that they looked like profitable MEV opportunities. The bot generated token approvals for attacker-controlled helper contracts, and the attacker then called all 66 backdoors in a single transaction to remove about $7.5 million in WETH, USDC and USDT. Blockaid's chief technology officer, Raz Niv, described it as a counter-MEV honeypot attack.
Loss estimates vary. Onchain trackers cited by BWE News put the figure above $15 million, while CoinDesk and Blockaid place the confirmed drain at roughly $7.5 million. No funds have been reported frozen or recovered, and the operator behind the bot remains unidentified.
The root cause is worth stating plainly. The bot trusted its own profit-seeking logic to grant spending approvals, and an adversary manufactured the exact conditions that logic was built to exploit. Approval-based access control, not a coding error, was where the system failed.
Smaller incidents continued in parallel. Rekt News logged drains and exploits at protocols including Humanity Protocol, Syscoin, Gravity Bridge and DxSale over the same period, the routine background of bridge, mint and access-control failures that keep monthly decentralized finance (DeFi) losses elevated.
- If true, who benefits
The security firm Blockaid gains visibility by naming the "counter-MEV honeypot," and the narrative that a predatory sandwich bot was turned on itself flatters everyone its trades extracted value from.
- The nuance
The $7.5 million figure is corroborated by multiple independent outlets while the $15 million number rests on a single Telegram tracker, and the operator and attacker both remain unidentified, so motive is asserted, not established.
An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.
What this means
MEV bots are among the most sophisticated automated actors on Ethereum, so seeing one defeated by manipulated incentives rather than a code flaw shows that adversaries are now attacking decision logic and approval permissions, not just smart-contract code. That widens the threat surface for any automated agent that grants token approvals based on what it observes onchain.
What to watch
- Whether onchain analysts converge on the $7.5 million or $15 million loss figure, which will clarify the true scale and whether other bots were caught in the same trap.
- Whether more MEV and arbitrage operators adopt stricter approval limits after this, a sign the industry is treating automated-logic manipulation as a first-class risk.
Observations to monitor, not financial advice.
Synthesized from: CoinDesk · Polylog editors
Part of a tracked trend
Bridge and Mint Exploits Sustain Heavy DeFi Losses
Over 3-6 months, recurring bridge proof-validation and unauthorized-mint exploits keep monthly DeFi losses elevated, including drains of deprecated contracts.
More from this edition
- Strategy's Preferred Stock Slips Below Par, Testing the Bitcoin-Treasury Funding Model
- Privacy Chains Pitch Confidentiality as a Requirement, Not a Feature
- Ethereum Researchers Confront the Cost of Improvements No One Wants to Pay For
- Cheaper AI Tools Are Quietly Raising the Bar for Crypto Security
- A $24 Million Polymarket Windfall Revives the Oversight Question for Prediction Markets
- Turkish Lira Stablecoins Outrank the Euro, Exposing Where Token Demand Actually Comes From
- Morgan Stanley Sets a 0.14% Fee on Proposed Ether and Solana Funds, Inviting a Price War
- Hester Peirce to Leave the SEC, Removing the Agency's Most Vocal Crypto Ally
- Bitcoin Holds Near $64,000 as Iran Again Threatens to Close the Strait of Hormuz
- Bitdeer Mines 921 Bitcoin but Keeps Little, Exposing the Squeeze on Miners
- A Resilient US Jobs Market Keeps Reading as a Negative for Bitcoin