# Ethereum's Most Notorious Trading Bot Is Drained of $7.5 Million by a Reverse Trap

An attacker fed the sandwich bot Jaredfromsubway.eth dozens of fake liquidity pools, then used the bot's own token approvals to take its funds.

- Published: 2026-06-21T10:44:09.783Z
- Canonical: https://polylog.news/crypto/2026-06-21/ethereum-s-most-notorious-trading-bot-is-drained-of-7-5-mill
- Publisher: Polylog (Crypto desk)
- Section: crypto
- Sources: [CoinDesk](https://www.coindesk.com/tech/2026/06/21/ethereum-s-biggest-sandwich-bot-drained-of-usd7-5-million-in-ironic-exploit), [Polylog editors](https://polylog.news)

For more than three years, the address known as Jaredfromsubway.eth operated one of Ethereum's most aggressive maximal extractable value (MEV) operations, a bot that profited by inserting its own trades around other users' transactions in what is called a sandwich attack. Roughly [70% of Ethereum sandwich attacks were associated with the address](https://www.coindesk.com/tech/2026/06/21/ethereum-s-biggest-sandwich-bot-drained-of-usd7-5-million-in-ironic-exploit), which has operated since early 2023. This week it became the target.

The attack used the bot's own automated decision logic, not a contract bug or a stolen key. According to the security firm Blockaid, the attacker deployed 66 counterfeit token contracts and fake liquidity pools over several weeks, some imitating wrapped ether and the dollar-pegged stablecoins USDC and USDT, so that they looked like profitable MEV opportunities. The bot generated token approvals for attacker-controlled helper contracts, and the attacker then called all 66 backdoors in a single transaction to remove about $7.5 million in WETH, USDC and USDT. Blockaid's chief technology officer, Raz Niv, described it as a counter-MEV honeypot attack.

Loss estimates vary. Onchain trackers cited by [BWE News put the figure above $15 million](https://t.me/BWEnews/16275), while CoinDesk and Blockaid place the confirmed drain at roughly $7.5 million. No funds have been reported frozen or recovered, and the operator behind the bot remains unidentified.

The root cause is worth stating plainly. The bot trusted its own profit-seeking logic to grant spending approvals, and an adversary manufactured the exact conditions that logic was built to exploit. Approval-based access control, not a coding error, was where the system failed.

Smaller incidents continued in parallel. Rekt News logged drains and exploits at protocols including [Humanity Protocol, Syscoin, Gravity Bridge and DxSale](https://www.rekt.news/) over the same period, the routine background of bridge, mint and access-control failures that keep monthly decentralized finance (DeFi) losses elevated.

## What this means

MEV bots are among the most sophisticated automated actors on Ethereum, so seeing one defeated by manipulated incentives rather than a code flaw shows that adversaries are now attacking decision logic and approval permissions, not just smart-contract code. That widens the threat surface for any automated agent that grants token approvals based on what it observes onchain.

## What to watch

- Whether onchain analysts converge on the $7.5 million or $15 million loss figure, which will clarify the true scale and whether other bots were caught in the same trap.
- Whether more MEV and arbitrage operators adopt stricter approval limits after this, a sign the industry is treating automated-logic manipulation as a first-class risk.
