Cryptothreads.io

MEV Sandwich Attack: How You Lose Money on DEXs

MEV sandwich attacks silently drain value from your DEX trades. Learn exactly how bots exploit the mempool, what it costs users, and 4 ways to protect yourself now.

MEV Sandwich Attack: How You Lose Money on DEXs

Key takeaways

  • A sandwich attack is a form of MEV where a bot wraps your trade with two of its own – one before and one after – to extract value from the price movement your transaction creates.
  • The attack is only possible because blockchain mempools are public. Anyone can see your pending transaction before it is confirmed.
  • AMMs price tokens algorithmically based on pool ratios, making the price impact of any trade predictable and exploitable.
  • Practical protection exists today. A private RPC endpoint or an intent-based DEX removes your transaction from the public mempool entirely.

An MEV sandwich attack is a DeFi exploit where a bot detects your pending swap in the public mempool, places a buy order immediately before your transaction to push the price up, and then sells right after your trade fills. The whole sequence happens within a single block, in seconds, without your knowledge.

This is a systematic extraction mechanism running continuously across Ethereum, Solana, BNB Chain, and most AMM-based networks. Understanding how it works is the first step toward not paying for it.

What Is an MEV Sandwich Attack?

Quick answer: A sandwich attack is a specific type of Maximal Extractable Value (MEV) exploit in which a bot profits by placing two transactions around a victim's swap — one immediately before, one immediately after – manipulating the price in between to create a guaranteed spread.

MEV (Maximal Extractable Value) refers to the total profit that block producers and third-party searchers can extract by controlling which transactions enter a block and in what order. Think of it as the monetary value of having the power to cut in line.

Sandwich attacks sit at the most harmful end of the MEV spectrum. Unlike arbitrage, where bots correct price inefficiencies across markets without directly harming any one trader, sandwich attacks extract profit directly from the person making the swap. The victim's loss is the attacker's gain.

Author's perspective: What makes sandwich attacks particularly insidious is that they weaponize the very transparency that makes blockchains trustworthy. Public mempools were designed to ensure openness – anyone can verify pending transactions. But that same openness creates a real-time information feed for bots scanning for exploitable trades. The "invisible tax" framing used widely in MEV research is accurate: most retail traders who get sandwiched never know it happened. They simply receive fewer tokens than the interface projected, attribute it to normal slippage, and move on. The attack is self-concealing by design.

How Does a Sandwich Attack Work? (Step-by-Step)

Quick answer: A sandwich attack works by exploiting the public mempool: a bot spots your pending swap, buys the same token first to push the price up, waits for your trade to fill at that inflated price, then immediately sells.

The mechanics follow a precise three-step sequence that occurs within the same block, often within seconds.

Step 1: Bot detects your pending swap

Before any transaction is confirmed on-chain, it sits in the mempool – a public queue of unconfirmed transactions visible to anyone.

MEV bots continuously scan the mempool for large swaps with loose slippage tolerances. When the bot spots a qualifying trade, it runs a quick profitability calculation:

  • What token is being bought?
  • How large is the order?
  • What is the slippage tolerance set by the user?
  • How much price impact will this trade cause?

If the expected profit exceeds gas costs, the attack proceeds immediately.

Step 2: Front-run – bot buys first

The bot submits its own buy order for the same token, paying a higher gas fee to ensure it enters the block before the victim's transaction.

This front-run transaction does two things simultaneously:

  1. Moves the token price upward (because it's buying into the same pool)
  2. Positions the bot to profit from that the price increase the victim's own trade will create

By the time the victim's swap executes, the price has already been pushed up – often to the very edge of what the victim's slippage tolerance allows.

Step 3: Back-run – bot sells after you

Immediately after the victim's transaction fills, the bot places a sell order – the back-run.

At this point, the victim's large buy has moved the price even further up. The bot sells the tokens it acquired in Step 2 at this elevated price, capturing the spread between what it paid and the price the victim's trade created.

The net result:

  • The victim receives fewer tokens than expected
  • The bot pockets the difference, minus gas costs
  • The entire sequence completes within one block

Real-world example: On March 12, 2025, a trader attempted a $220,764 USDC-to-USDT swap on Uniswap v3. An MEV bot drained the liquidity pool, executed the attack, and left the trader with just $5,271 – a loss of approximately 98% in under eight seconds. The bot extracted over $215,500 in profit from a single transaction. (Source: CCN)

how does a sandwich attack work
The bot enters and exits within the same block. It never holds overnight risk. By the time your transaction confirms, the spread has already been captured.

MEV Sandwich Attack vs Front-Running

Quick answer: A front-running attack uses one transaction placed before yours, while a sandwich attack uses two – one before and one after, making it more profitable and eliminating the attacker's price risk.

Sandwich attacks and front-running are closely related, but they are not the same thing. Here’s a side-by-side comparison:

 

Front-Running

Sandwich Attack

Transactions used1 (placed before victim)2 (before + after victim)
MechanismCopy/preempt the tradeBracket the trade
Victim outcomeWorse entry priceWorse entry price + additional price impact
Bot exposureHolds the positionFlat after back-run (no market risk)
Profit sourcePrice movement from victim's tradeSpread between front-run buy and back-run sell

The key distinction is risk profile.

  • A front-runner takes on price exposure after placing its trade. If the market moves against it, it loses.
  • A sandwich attacker takes on zero directional risk: the back-run closes the position immediately. The victim's own transaction guarantees the price movement the bot needs to profit.

This is why sandwich attacks are considered more predatory than basic front-running. The attacker's profit is structurally locked in before the victim's trade even executes.

Why AMMs Are Vulnerable to Sandwich Attacks

Quick answer: AMMs are vulnerable because they combine two features that work against traders:

  • Pending transactions are publicly visible in the mempool before confirmation.
  • Token prices are calculated by a deterministic formula that makes every trade's price impact predictable in advance.

Sandwich attacks are not a bug in any specific DEX. They are a direct consequence of two architectural features shared by virtually all AMM-based protocols.

1. Public mempools

On most blockchains, pending transactions are broadcast to a public mempool before confirmation. This means the token, amount, direction, and slippage tolerance of every pending swap are readable by any bot before the swap executes. There is no privacy at the transaction layer.

2. Deterministic AMM pricing

AMMs like Uniswap and Curve set token prices algorithmically using a mathematical formula (e.g., x * y = k for Uniswap v2). Because the pricing curve is public and the pool balances are on-chain, any observer can calculate exactly how much a given trade will move the price.

This combination is what makes sandwich attacks mechanically reliable: the bot can see the trade coming, predict the exact price impact, and calculate its profit before submitting a single transaction.

Why this doesn't apply to CEXs: Centralized exchanges use order books processed in private matching engines. Pending orders are not publicly visible before execution. The information asymmetry that enables sandwich attacks simply doesn't exist in that environment.

The slippage tolerance factor: The wider a user's slippage tolerance, the more room the bot has to push the price before the victim's transaction reverts. A 5% slippage tolerance on a $10,000 swap tells the bot it can move the price by up to $500 before the trade fails, and the bot will use every bit of that margin.

why amms are vulnerable to sandwich attacks
On a CEX, your order goes into a private matching engine. No one sees it until it fills. On an AMM, both the order and the math are public before the block closes. That combination doesn't exist anywhere else in finance.

How Much Does A Sandwich Attack Cost DeFi Users?

Quick answer: Sandwich attacks cost DeFi traders an estimated $60 million per year on Ethereum alone and significantly more when Solana and BNB Chain are included, even as attack frequency has declined from its 2024 peak.

According to research by Cointelegraph Research based on exclusive data from EigenPhi covering 95,000+ sandwich attacks from November 2024 to October 2025:

  • Sandwich attacks still cost traders approximately $60 million per year on Ethereum – even as monthly sandwich extraction dropped from nearly $10 million in late 2024 to about $2.5 million by October 2025, while DEX volumes were rising.
  • The average profit per sandwich attack is just above $3, with only six attackers generating more than $10,000 in total profit.
  • An estimated 1.2% of all DEX trades on Ethereum are sandwiched, with an average loss of 0.41% of trade value per attack. For a trader moving $10,000/month, that's approximately $590/year in hidden losses.

The problem extends well beyond Ethereum:

  • On Solana, sandwich bots extracted between $370 million and $500 million over 16 months from January 2024 to May 2025, based on analysis of over 8.5 billion trades and $1 trillion in DEX volume.
  • Looking at the broader MEV landscape, sandwich attacks accounted for $289.76 million – 51.56% of the total MEV transaction volume of $561.92 million in 2025.

One often-overlooked dimension: private RPC routing does not guarantee protection.

Research covering November–December 2024 confirmed 2,932 private sandwich attacks affecting 3,126 private victim transactions, producing $409,236 in user losses – with a single operator accounting for approximately 65% of private front-runs.

How to Protect Yourself from Sandwich Attacks

Quick answer: The most effective protections share a common principle: remove your transaction from the public mempool before a bot can see it. Several practical methods exist today, ranging from a single setting change to choosing a fundamentally different type of DEX.

Use a private RPC (Flashbots Protect/MEV Blocker)

This is the single highest-impact change most users can make.

A private RPC endpoint routes your transaction directly to block builders, bypassing the public mempool entirely. If your pending swap is never visible in the mempool, a bot has no opportunity to front-run it.

How to set it up in MetaMask:

  1. Open MetaMask → Settings → Networks
  2. Select the network (e.g., Ethereum Mainnet)
  3. Replace the RPC URL with:
    • Flashbots Protect: https://rpc.flashbots.net
    • MEV Blocker: https://rpc.mevblocker.io
  4. Save and use as normal

Both are free. MEV Blocker additionally returns a portion of any back-run profits generated from your transactions back to you as a rebate.

Caveat: As noted above, private routing is not a perfect shield – a small fraction of private transactions are still sandwiched. But it eliminates the overwhelming majority of exposure.

Lower your slippage tolerance

Slippage tolerance sets the maximum price deviation you will accept. A high tolerance is an open invitation. The bot knows exactly how far it can push the price before your transaction reverts.

Practical settings:

  • Stablecoin pairs (e.g., USDC/USDT): 0.1%
  • Major pairs with deep liquidity (e.g., ETH/USDC): 0.3%–0.5%
  • Volatile or low-liquidity tokens: 0.5%–1% (accepting more frequent failed transactions)

The trade-off is the transaction failure rate. A very tight slippage setting will cause more reverts during volatile markets, but a failed transaction costs only gas, while a successful sandwich can cost far more.

Use intent-based DEXs (CoW Swap, UniswapX)

Intent-based protocols represent a structural solution rather than a settings-level workaround.

On CoW Swap, users submit intents (what they want to achieve) rather than direct on-chain transactions. Orders are collected off-chain and matched peer-to-peer where possible, then settled by professional solvers if no direct match exists. Because orders never enter a public mempool in the traditional sense, the front-run/back-run sequence has no entry point.

UniswapX uses a Dutch auction mechanism: the price for filling an order decreases over a short window until a solver takes it. This design gives solvers a competitive incentive to fill orders efficiently while eliminating mempool exposure.

Break up large trades

Large swaps are disproportionately targeted because they produce larger price impacts and therefore larger profit opportunities for bots.

Splitting a $50,000 trade into five $10,000 trades reduces the per-transaction price impact. Each smaller trade still carries some risk, but the expected profit per transaction falls below the threshold many bots find worth targeting, particularly when gas costs are factored in.

This approach works best combined with a private RPC, not as a standalone measure.

how to protect yourself from sandwich attacks
Private RPC and intent DEXs (teal) eliminate mempool exposure entirely. A bot cannot attack what it cannot see. Low slippage and split trades (green) don't block the bot but push expected profit below the threshold worth targeting.

Are MEV Sandwich Attacks Illegal?

Quick answer: Sandwich attacks are not yet explicitly illegal in any jurisdiction, but the regulatory landscape is shifting. ESMA formally classified them as potential market manipulation under MiCA in July 2025, and enforcement mechanisms are actively being developed.

Historically, MEV was treated as an unregulated grey area – a technical feature of public blockchains rather than a legal violation. This framing is changing.

ESMA's July 2025 risk analysis formally flagged sandwich attacks and harmful front-running as potential market manipulation under MiCA (Markets in Crypto-Assets Regulation), and the MiCA transitional period for crypto businesses ends July 1, 2026.

The conceptual parallel with traditional finance is relevant here. In regulated securities markets, front-running by brokers is explicitly prohibited. The structural similarity to sandwich attacks is clear.

The main legal distinction has been that DeFi mempool data is public, meaning bots are not acting on "insider" information in the technical legal sense. Whether that distinction holds under MiCA's broader market abuse framework is now an open question regulators are actively examining.

On the protocol side, Ethereum's ePBS (Enshrined Proposer-Builder Separation) upgrade is targeting Q3 2026. This moves the MEV auction into the core protocol, aiming to reduce toxic MEV while preserving beneficial MEV such as arbitrage and liquidation.

Sandwich attacks are increasingly treated as harmful market manipulation by both regulators and protocol designers, even if enforcement mechanisms are still being developed.

Sources and Further Reading

Disclaimer:The content published on Cryptothreads does not constitute financial, investment, legal, or tax advice. We are not financial advisors, and any opinions, analysis, or recommendations provided are purely informational. Cryptocurrency markets are highly volatile, and investing in digital assets carries substantial risk. Always conduct your own research and consult with a professional financial advisor before making any investment decisions. Cryptothreads is not liable for any financial losses or damages resulting from actions taken based on our content.
mev
ethereum
attack
eth

FAQ About MEV Sandwich Attacks

Yes. Solana's architecture differs from Ethereum's, but sandwich attacks still occur, particularly on AMM-based DEXs like Raydium and through PumpFun. Solana's high throughput means the window for attack is narrower, but the economic incentive remains. Jito's private mempool on Solana was partly a response to this problem.

BytebyByte
WRITTEN BYBytebyByteBytebyByte is a blockchain developer and crypto market researcher contributing technical analysis and research at Cryptothreads. His work focuses on the infrastructure, economic design, and market structure of digital asset systems. With a background spanning blockchain development, quantitative analysis, and financial market dynamics, BytebyByte specializes in examining how crypto protocols operate—from consensus mechanisms and token economics to on-chain market behavior. His research often explores the intersection between blockchain technology and the broader financial system, translating complex technical concepts into structured insights accessible to a wider audience. At Cryptothreads, BytebyByte contributes in-depth articles covering blockchain architecture, protocol economics, and emerging narratives shaping the digital asset ecosystem. His work aims to help readers better understand the mechanisms behind crypto markets and the technological foundations that drive the industr
FOLLOWBytebyByte
XFacebook

More articles by

BytebyByte

Hot Topic