US-listed spot Bitcoin exchange-traded funds (ETFs) are enduring a prolonged stretch of withdrawals, registering their largest 30-day net outflow since trading began in January 2024. The move comes during a broader risk-off period for crypto markets and underscores how ETF flows can diverge from short-term price headlines.

According to Galaxy Research data shared on social media, US spot Bitcoin ETFs recorded $6.35 billion in net outflows over the trailing 30 trading days. This also marks a continuation of negative momentum, with the funds completing six straight weeks of outflows, bringing cumulative net flow to $53.4 billion—down from a $63 billion peak reached in October 2025.

Key takeaways

• Galaxy Research reports $6.35B in net outflows across US spot Bitcoin ETFs over the last 30 trading days, the worst since January 2024.
• Six consecutive weeks of withdrawals have reduced cumulative ETF net flows to $53.4B, below an $63B high in October 2025.
• BlackRock’s iShares ETFs chief for US equity ETFs, Jay Jacobs, said day-to-day outflows can have multiple drivers that don’t necessarily reflect a single bearish thesis.
• Bitcoin’s spot market remains pressured by macroeconomic factors and geopolitical risk, though Jacobs argued volatility alone doesn’t change ETF issuers’ long-term positioning.

The worst 30-day outflow since launch

While spot Bitcoin ETFs have not been uniformly positive since their launch, Galaxy Research’s latest tally highlights how quickly the flow picture can worsen when sentiment turns. The firm characterized ongoing daily withdrawals as “still deepening day over day,” suggesting the recent outflows are not merely a short-lived dip.

Galaxy’s figures also frame the withdrawals against the ETFs’ earlier accumulation phase. The current cumulative net flow of $53.4 billion remains positive overall since launch, but it is now well below the $63 billion peak registered in October 2025—indicating that inflows earlier in the cycle have been partially given back.

Why ETF outflows don’t always mean “institutional exit”

Some market participants may read persistent outflows as confirmation of weakening institutional demand. However, BlackRock’s Jay Jacobs pushed back against a simplistic interpretation of daily ETF flow prints.

Speaking to Cointelegraph, Jacobs argued that outflows can result from routine reallocations rather than a broad selloff. In his view, a single day of withdrawals may reflect internal fund switching—such as investors moving exposure from one ETF to another.

“What I think is maybe sometimes misunderstood by the market is that if we see a day of outflows, there could be a million reasons why. It could be someone selling IBIT and buying BITA,” Jacobs said, referring to BlackRock’s iShares Bitcoin Premium Income ETF (BITA), which launched on Wednesday.

This distinction matters for traders and allocators trying to interpret flows as a directional signal. Galaxy Research’s data points to a negative trend over weeks, but Jacobs’ comments suggest that even during such periods, component funds within the broader Bitcoin ETF complex can experience opposite movements as investors rebalance.

Bitcoin price pressure continues alongside flow weakness

At the time of writing, Bitcoin was trading around $64,167, down 17.4% over the past month. Cointelegraph previously reported that Bitcoin has been pressured by macroeconomic factors, including increased US inflation, as well as geopolitical risk tied to the ongoing conflict between the US and Iran. Those drivers can weigh on liquidity and investor risk appetite—conditions that often affect both spot crypto demand and ETF flow behavior.

Even so, Jacobs said BlackRock does not treat BTC volatility as a reason to reconsider the asset’s longer-term role. He characterized volatility as a feature of many markets and pointed to the breadth of assets held across iShares’ ETF lineup.

“Every asset class has volatility… we have over 450 exchange-traded funds within iShares,” Jacobs said, noting that daily inflows and outflows occur across different asset categories including large-cap, small-cap, Bitcoin, and gold.

In his framing, short-term flow reversals do not necessarily change the underlying investment utility. “So we see inflows and outflows every day across a wide range of assets from large cap, small cap, Bitcoin, gold, etc. So in the short term, it’s absolutely not something that changes the way we view the asset or the utility of the asset.”

What investors should watch next

The immediate takeaway is that the ETF complex is still bleeding, with Galaxy Research pointing to deepening daily outflows and the worst trailing 30-day result since launch. The longer question is whether this pattern continues to consolidate into sustained outflow pressure—or whether it stabilizes as investors rotate between funds and as macro and geopolitical conditions evolve.

For market participants, the next milestone will be whether ETF outflows remain concentrated over multiple weeks (supporting a bearish flow narrative) or start to narrow in magnitude as rebalancing activity and sentiment shifts take hold.

US-listed spot Bitcoin exchange-traded funds recorded their largest 30-day net outflow since launching in January 2024 amid a crypto bear market.

According to data from Galaxy Research, US Bitcoin ETFs saw $6.35 billion in net outflows over a trailing 30 trading days. It also comes as they registered their sixth week of outflows last week, bringing their cumulative net flow to $53.4 billion, down from their $63 billion peak in October 2025.

Galaxy Research said the daily outflows are “still deepening day over day.” 

The outflows could reflect waning sentiment from institutional investors for Bitcoin. However, BlackRock US head of equity ETFs Jay Jacobs told Cointelegraph on Thursday that there are many other reasons why outflows occur day to day.

Source: Galaxy Research

“What I think is maybe sometimes misunderstood by the market is that if we see a day of outflows, there could be a million reasons why. It could be someone selling IBIT and buying BITA,” Jacobs said, referring to its iShares Bitcoin Premium Income ETF (BITA), which launched on Wednesday.

Bitcoin is trading at $64,167 at the time of writing, down 17.4% over the past month. The asset has been pressured by macroeconomic factors, including an increase in US inflation, along with the ongoing war between the US and Iran. 

Related: Bitcoin activity nears record highs on microtransaction surge

However, Jacobs said the volatility hasn’t impacted BlackRock’s view of Bitcoin as a global, decentralized, nonsovereign monetary alternative. 

“Every asset class has volatility… we have over 450 exchange-traded funds within iShares,” said Jacobs, referring to the family of ETFs and index mutual funds managed and marketed by BlackRock.

“So we see inflows and outflows every day across a wide range of assets from large cap, small cap, Bitcoin, gold, etc. So in the short term, it’s absolutely not something that changes the way we view the asset or the utility of the asset.”

Magazine: Bitcoin decouples from tech stocks, Ether eyes ‘selling wave’: Market Moves

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

A leading Ethereum MEV bot, Jaredfromsubway.eth, has reportedly been drained of more than $7.5 million after an attacker exploited weaknesses in the bot’s automated execution workflow. The incident highlights a critical, often underappreciated risk for MEV infrastructure: once a bot is trusted with permissions, attackers only need to trick it into granting the right approvals to move funds.

According to Blockaid, the attacker used attacker-controlled contracts to manipulate Jaredfromsubway.eth’s automated MEV execution system into issuing token approvals that were later used to drain funds. Blockaid described the event as neither a classic phishing attempt nor a straightforward smart-contract vulnerability in the bot’s victim contracts.

Key takeaways

• Blockaid attributes the theft to malicious approvals: attacker-controlled contracts induced Jaredfromsubway.eth to authorize spending before sweeping funds.
• The attack was “counter-MEV” in design, targeting the bot’s trust-minimized decision logic and execution pipeline rather than attempting to directly compromise the bot’s private keys.
• Fake token and liquidity artifacts played a central role, with the attacker deploying dozens of contracts designed to resemble major Ethereum assets and venues.
• The event reinforces systemic MEV exposure—even bots that target profitable opportunities can become liabilities if they approve the wrong spending permissions.

What Blockaid says happened

In its account of the incident, Blockaid said the attacker’s main move was to exploit how automated MEV bots operate: by monitoring activity and then executing trades based on what appear to be profitable on-chain opportunities. In this case, the “profitable” paths were set up by the attacker using contracts that behaved like bait.

Blockaid noted that the event on Saturday did not resemble a typical phishing scenario, and it was not characterized as a traditional smart-contract bug in the bot’s victim logic. Instead, the focus was on the automated execution system itself—specifically the token approval steps that enable a bot to interact with assets and helper contracts during MEV operations.

A “honeypot” aimed at the bot’s approvals

Blockaid’s chief technology officer, Raz Niv, told Cointelegraph that the attack functioned as a counter-MEV honeypot. The strategy, he explained, was to target the bot’s trust-minimized decision-making logic—the part that determines which trades to pursue and which contracts to empower.

Over several weeks, the attacker allegedly deployed 66 fake token contracts designed to imitate familiar assets such as Wrapped ETH (WETH), USDC, and USDT, pairing them with fake liquidity pools. The goal was to create the appearance of trade opportunities that automated systems like Jaredfromsubway.eth are programmed to seek.

Once the bot interacted with these counterfeit contracts, Jaredfromsubway.eth reportedly approved certain attacker-controlled helper contracts that would later be used to move real funds. As Niv put it, the bot effectively handed over “the keys” to its treasury—an important reminder that approvals can be as dangerous as vulnerabilities when automation is involved.

“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”

Why this matters beyond one wallet

MEV bots are typically described as automation that scans unconfirmed or pending activity and then reorders or manipulates transactions to extract profit. In doing so, they can impose an “invisible tax” on DeFi users—an issue that has drawn substantial research attention over the years.

Earlier Cointelegraph Research found that sandwich attacks on Ethereum caused roughly $60 million in annual losses for traders, with the analysis also reporting 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025. That same research said around 70% of those attacks were associated with Jaredfromsubway.eth.

This new development turns the spotlight from the bot’s profit extraction methods to the security assumptions that power those same operations. When an MEV system depends on automated approvals and execution pathways, attackers may not need to break cryptography or exploit a bug in victim contracts. They may only need to engineer on-chain interactions that cause the bot to authorize spending to attacker-controlled addresses.

MEV’s reach has been wider than people realize

While this reported drain is by far the most serious outcome, Cointelegraph noted another instance involving Jaredfromsubway.eth: in May, Ethereum co-founder Vitalik Buterin was sandwich attacked while swapping 26,544 DigitalBits (worth $2.11 at the time of Cointelegraph’s writing). The losses in that case were reportedly small, but it underscored that MEV bots can target even relatively modest transactions.

The broader point for market participants is that MEV activity is not limited to high-profile trades. It can reach across liquidity conditions and transaction sizes, depending on how opportunities appear to bots in real time. For users and integrators, that reality has been part of the ongoing debate around fairness, transparency, and how encrypted transaction infrastructure changes the incentives for adversaries.

It’s also a reminder that the line between attacker and victim in MEV is frequently thinner than the public narrative suggests. The same operational patterns that enable profit extraction can be subverted—particularly when bots must make rapid execution decisions and grant permissions without full guarantees about the counterparties they’re dealing with.

Going forward, investors, DeFi users, and builders should watch for two signals: whether this incident triggers wider scrutiny of how MEV bots handle approvals and “helper” contracts, and whether similar “counter-MEV honeypot” tactics appear against other automated systems. The technical details of token-approval misuse are often portable, and the next exploit may be less about one bot’s identity and more about the shared automation patterns that many MEV tools rely on.

MEV bot operator Jaredfromsubway.eth has reportedly lost more than $7.5 million after an attacker used a “counter-MEV” strategy to trick the bot into authorizing spending approvals that were later used to drain its funds. The incident, discovered on Saturday, highlights a growing security risk for automated trading systems: even bots built to exploit market opportunities can be turned against themselves.

Blockaid said the compromise stemmed from attacker-controlled contracts manipulating Jaredfromsubway.eth’s automated MEV execution logic into issuing token approvals. Those approvals—part of the bot’s normal workflow—were then leveraged to transfer assets out of the bot’s treasury.

Key takeaways

• Blockaid attributes the $7.5M+ loss to fake contracts that induced Jaredfromsubway.eth to grant token approvals used for a subsequent sweep.
• The attack was not framed as classic phishing or a flaw in the victim contract itself, but as a targeted manipulation of the bot’s automated decision-making.
• Blockaid’s technical description includes 66 counterfeit token contracts paired with fake liquidity pools to appear like profitable trades.
• The incident underscores that MEV strategies can create predictable authorization paths that attackers may try to repurpose.
• Earlier Cointelegraph Research linked Jaredfromsubway.eth with a large share of sandwich attacks, showing how high-profile MEV actors can become high-value targets.

A rare turnabout for a prominent MEV bot

MEV bots operate by monitoring unconfirmed transactions and attempting to reorder or manipulate trades to extract profit. In practice, this behavior often translates into an “invisible tax” for some DeFi users, especially during sandwich attacks—where an attacker places trades around a target transaction to capture value from price movement.

Cointelegraph Research previously estimated that sandwich attacks on Ethereum have produced around $60 million in annual losses for traders. That same research reportedly found 60,000 to 90,000 sandwich attacks per month between November 2024 and October 2025, with roughly 70% associated with Jaredfromsubway.eth. Against that backdrop, the Saturday incident is notable precisely because it shows an automated profit-seeking system can be engineered to fail in a way that benefits an adversary.

Blockaid: the exploit used approvals, not a direct “victim contract” bug

Blockaid emphasized that this was not a traditional victim-side vulnerability. In a statement on X, the company said the event was neither a classic phishing attack nor a standard smart-contract exploit of the victim contract.

According to Blockaid, the attacker exploited an aspect of how Jaredfromsubway.eth executes MEV strategies. The goal was to steer the bot’s “trust-minimized” automation—its automated, contract-driven decision logic—toward approvals that the attacker could later use to move funds.

Blockaid chief technology officer Raz Niv described the technique as a counter-MEV honeypot attack. Rather than attacking the bot’s private keys directly, the approach aimed to influence what the bot would do once it encountered transactions and on-chain artifacts that looked like opportunities aligned with its programmed objectives.

The “66 backdoors” narrative: fake tokens and liquidity pools

In a conversation with Cointelegraph, Niv said the attacker deployed fake token contracts over a period of weeks. He stated that there were 66 counterfeit token contracts designed to mimic well-known assets, including Wrapped ETH, USDC, and USDt. These fakes were paired with fake liquidity pools intended to make the ecosystem appear to offer profitable trades.

The counterfeit setup was engineered to resemble the kinds of transactions MEV bots typically chase. By presenting plausible trading conditions, the attacker “lured” Jaredfromsubway.eth into executing its normal logic—specifically, approving certain attacker-controlled helper contracts to spend funds on the bot’s behalf.

“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” Niv said.

“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”

The attack’s structure matters for investors and builders because it demonstrates a common automation pitfall: when systems rely on broad or reusable token allowances to operate efficiently, a malicious actor may focus on obtaining those allowances rather than breaking the underlying execution engine.

Why this matters for DeFi and automated trading

MEV activity is often discussed in terms of profitability and market mechanics, but the Jaredfromsubway.eth incident shifts attention to operational security. Even if a bot’s trading logic is intended to be automated and “trust-minimized,” that automation still has to interact with external contracts and grant permissions in order to operate.

The broader implication is that attackers can design environments that comply with the bot’s assumptions while quietly redirecting the outcome. In this case, the environment included fake token contracts and pools meant to look legitimate enough to trigger approvals—turning expected functionality into an exit path.

The timing and visibility of the story also add context. Earlier this year, Cointelegraph reported that Ethereum co-founder Vitalik Buterin was sandwiched by Jaredfromsubway.eth while swapping 26,544 DigitalBits, which was worth $2.11 at the time of writing. The harm in that example was reportedly minimal, but it illustrated that MEV bots may target transactions of any size. Saturday’s loss claim suggests the inverse is also true: high-profile MEV infrastructure can be targeted using the same automation pathways it uses to function.

Crypto investor and commentator David Gokhshtein reacted publicly to the news on X, framing it as a response to a bot that has benefited from sandwiching before—though he also cautioned against celebration.

What to watch next

For now, the key questions are how widespread similar approval-based counter-MEV tactics could be and whether bot operators will adjust their permissioning and contract interaction patterns to reduce exposure to authorization-driven drains. The next signal to monitor will be whether Blockaid’s described counter-MEV honeypot approach becomes a repeatable playbook—or prompts faster defensive changes across automated MEV systems.

One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years. 

According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV execution system into granting token approvals that were later used to drain funds.

“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said on X.

It’s a rare comeuppance for MEV (maximal extractable value) bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users. 

Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.

How Jaredfromsubway.eth was exploited

The attacker created fake wrapper tokens and pools, including fake Wrapped Ether (fWETH), fake USDC (fUSDC) and fake USDt (fUSDT) routes paired with fake Cap (fCAP), Blockaid explained. 

The fakes were designed to look like profitable trades, the kind the MEV bot is programmed to chase. It then did what it was designed to do, approving certain attacker-controlled helper contracts to spend real money on its behalf. 

While in normal cases, the bot would use up the approval during the trade, in this case, the attacker crafted routes that allowed the approvals to stay open. 

Once enough approvals were in place, the attacker conducted a “final sweep” to pull WETH, USDC and USDT from the Jaredfromsubway.eth MEV bot contract via transferFrom. 

“The attacker exploited the bot’s mechanism: its automated system detected what looked like profitable MEV opportunities and generated approvals to attacker-controlled helper contracts.”

“We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news,” crypto investor and commentator David Gokhshtein said.

Magazine: The end of anon? AI could unmask crypto’s hidden identities