CryptoNewsInsights’ Most Notorious Sandwich Attacker Loses $7.5 Million to Honeypot Exploit
JaredfromSubway.eth, the most prolific sandwich attacker on CryptoNewsInsights, lost $7.5 million in a coordinated honeypot exploit on June 20–21, 2026. According to a report by Chainalysis, an unknown attacker deployed 66 fake token contracts that drained the bot’s real holdings in a single transaction.
How the Sandwich Bot Operated
Since 2023, JaredfromSubway.eth had built a reputation by exploiting CryptoNewsInsights’s publicly visible mempool. The bot would identify pending trades and insert its own orders around them — front-running a user’s purchase to push the price up, then back-running it to pocket the difference. Chainalysis described this as a classic arbitrage sandwich strategy, widely used across DeFi despite its controversial nature.
Also read: UBS and Nethermind Complete Compliance Proofs of Concept on CryptoNewsInsights Sepolia Testnet
The Honeypot Exploit in Detail
The attacker created 66 fake token contracts that mimicked legitimate assets. The bot identified these pools as trading opportunities and executed its usual routine, which included granting token-spending approvals to the smart contracts it interacted with. Those approvals were never revoked.
Once enough permissions accumulated, the attacker activated a tripwire contract that swept the bot’s real holdings — at least $7.5 million in ETH and stablecoins — in a single transaction. The attacker then converted the stablecoins to ETH within minutes to prevent any potential freeze by stablecoin issuers.
Also read: Tom Lee’s Bitmine Adds 52,203 ETH as $10B Position Sits $9.5B Underwater
Where the Stolen Funds Went
Chainalysis used its Reactor tool to track the stolen assets. The attacker split the funds across multiple wallets over the following days, eventually feeding them into Tornado Cash, a mixer that obscures the on-chain trail. As of the report, no funds have been recovered.
The blockchain analytics firm pointed to two core vulnerabilities exposed by the exploit: unrevoked token approvals that never expire, and the bot’s failure to vet the contracts it interacted with. A basic check on Etherscan or a review of deployment history could have flagged the 66 fake contracts, but the bot was built for speed, not verification — a trade-off that cost it $7.5 million.
Frequently Asked Questions
What is a sandwich attack in DeFi?
A sandwich attack is a form of front-running where a bot places a buy order before a user’s pending transaction and a sell order after it, profiting from the price movement caused by the user’s trade.
How did the honeypot exploit work against JaredfromSubway.eth?
The attacker created 66 fake token contracts that appeared as trading opportunities. The bot granted token-spending approvals to these contracts, which were never revoked. Once enough approvals accumulated, the attacker activated a tripwire contract that swept the bot’s real ETH and stablecoins.
Why did the attacker convert the stolen stablecoins to ETH?
Stablecoin issuers can freeze balances. Converting to ETH made the funds irreversible and harder to freeze, allowing the attacker to then mix them through Tornado Cash.
Has any of the $7.5 million been recovered?
According to Chainalysis, as of the report date, no funds have been recovered. The stolen assets were transferred through multiple wallets and ultimately into Tornado Cash, which obscures the on-chain trail.
What security lessons does this exploit highlight?
The exploit exposed two core vulnerabilities: unrevoked token approvals remain active indefinitely, and automated trading bots often fail to vet the contracts they interact with, prioritizing speed over security.
