The transaction did not lose money, but the assets evaporated? How does the MEV sandwich attack accurately harvest your assets?

链源科技PandaLY ｜2025-03-24 11:00

MEV Sandwich Attack: Evolution from sporadic vulnerabilities to a systematic profit-harvesting mechanism

As blockchain technology continues to mature and the ecosystem becomes increasingly complex, MEV (maximum extractable value), which was originally seen as an occasional vulnerability caused by transaction sorting defects, is gradually evolving into a highly complex and systematic profit-making mechanism. Among them, the sandwich attack has attracted much attention because it uses transaction sorting rights to insert its own transactions before and after the target transaction, manipulates asset prices to achieve arbitrage by buying low and selling high, and has become one of the most controversial and destructive attack methods in the DeFi ecosystem.

1. Basic concepts of MEV and sandwich attacks Evolution and current status of MEV sandwich attacks and cases

Origin and technological evolution of MEV:

MEV (Maximum Extractable Value) was originally called miner extractable value, which refers to the additional economic benefits that miners or validators can obtain by manipulating the transaction order, inclusion or exclusion rights during the block construction process. Its theoretical basis lies in the publicity of blockchain transactions and the uncertainty of transaction ordering in the memory pool. With the development of tools such as flash loans and transaction bundles, the original sporadic arbitrage opportunities have gradually been magnified, forming a complete profit harvesting chain. From the initial sporadic events to the current systematic and industrialized arbitrage model, MEV not only exists in Ethereum, but also presents different characteristics on multiple chains such as Solana and Binance Smart Chain.

The principle of sandwich attack:

The transaction did not lose money, but the assets evaporated? How does the MEV sandwich attack accurately harvest your assets?

Sandwich attack is a typical operation method in MEV extraction. The attacker uses the real-time monitoring ability of memory pool transactions to submit transactions before and after the target transaction (Victim Transaction), forming a transaction sequence of "front-run - target transaction - back-run", and then realizes arbitrage through price manipulation. Its core principles include:

Front-Run : When an attacker detects a large or high slippage transaction, they immediately submit their own buy order to push up or down the market price.
Victim Transaction : A victim transaction is executed after the price is manipulated. Because there is a significant deviation between the actual transaction price and the expected price, the trader bears additional costs.
Back-Run : Immediately following the target transaction, the attacker submits a reverse transaction to sell the previously acquired assets at a high price (or buy them at a low price), thereby locking in the price difference profit.

This operation is like "sandwiching" the target transaction between two of its own transactions, so it is called a "sandwich attack."

2. Evolution, Current Status and Cases of MEV Sandwich Attacks

(1) From sporadic vulnerabilities to systemic mechanisms

Initially, due to the inherent deficiencies of the transaction sorting mechanism in the blockchain network, MEV attacks only occurred occasionally and on a small scale. However, with the surge in transaction volume in the DeFi ecosystem and the continuous development of tools such as high-frequency trading robots and flash loans, attackers began to build highly automated arbitrage systems, transforming this attack method from sporadic events to a systematic and industrialized arbitrage model. By leveraging high-speed networks and sophisticated algorithms, attackers can preemptively deploy pre- and post-transactions in a very short period of time, use flash loans to obtain large amounts of funds, and complete arbitrage operations in the same transaction. Currently, there have been cases on multiple platforms where a single transaction can generate hundreds of thousands or even millions of dollars in profits. This transformation marks that the MEV mechanism has evolved from an occasional vulnerability to a mature profit-making system.

(2) Attack modes based on different platform characteristics

Different blockchain networks have different design concepts, transaction processing mechanisms, and validator structures, which makes sandwich attacks present different implementation characteristics. For example:

Ethereum : The open and transparent memory pool allows all pending transaction information to be monitored, and attackers often preempt the order of transaction packaging by paying higher gas fees. To address this problem, the Ethereum ecosystem has gradually introduced mechanisms such as MEV-Boost and Proposer-Builder Separation (PBS) to reduce the risk of a single node manipulating transaction ordering.
Solana : Although Solana does not have a traditional memory pool, due to the relative concentration of validator nodes, some nodes may even collude with attackers to leak transaction data in advance, allowing attackers to quickly capture and exploit target transactions, making sandwich attacks frequent in this ecosystem and making large profits.
Binance Smart Chain (BSC) : Although the ecological maturity of BSC is different from that of Ethereum, its lower transaction costs and simpler structure also provide space for some arbitrage behaviors. Various robots can also adopt similar strategies to realize profit extraction in this environment.

This difference in cross-chain environment has resulted in distinctive attack methods and profit distribution on different platforms, while also placing higher demands on prevention strategies.

(3) Latest data and cases

The transaction did not lose money, but the assets evaporated? How does the MEV sandwich attack accurately harvest your assets?

Uniswap platform case : On March 13, 2025, in a transaction on Uniswap V3, a trader suffered a sandwich attack while trading about 5 SOLs, resulting in asset losses of up to $732,000. The incident showed that the attacker used the previous transaction to seize the block packaging right, inserted transactions before and after the target transaction, and caused the victim's actual transaction price to deviate significantly from expectations.

Continuous evolution on the Solana chain: In the Solana ecosystem, sandwich attacks are not only frequent, but also new attack modes have emerged. Some validators are even suspected of colluding with attackers to leak transaction data in advance to learn about users' transaction intentions and then implement precise attacks. This has caused the profits of some attackers on the Solana chain to increase from tens of millions of dollars to hundreds of millions of dollars in just a few months.

These data and cases show that MEV sandwich attacks are no longer isolated incidents, but are becoming more systematic and industrialized as the transaction volume and complexity of blockchain networks increase.

3. Sandwich attack operation mechanism and technical challenges

As the overall market transaction volume continues to expand, the frequency of MEV attacks and the profit per transaction are on the rise. The transaction cost-to-income ratio of sandwich attacks on some platforms has even reached a high level. The following are several conditions that need to be met to implement a sandwich attack:

Transaction monitoring and capture : The attacker must monitor the pending transactions in the memory pool in real time and identify transactions with greater price impact.
Competition for priority packaging rights : Using higher gas fees or priority fees, attackers can preemptively package their own transactions into blocks, ensuring that they are executed before and after the target transaction.
Accurate calculation and slippage control : When executing pre- and post-trades, the transaction volume and expected slippage must be accurately calculated to drive price fluctuations while ensuring that the target transaction does not fail due to exceeding the set slippage.

Carrying out this attack requires not only high-performance trading robots and fast network response, but also high miner bribes (such as increasing gas fees) to ensure transaction priority. These costs constitute the main expenditure of attackers, and in the fierce competition, multiple robots may try to seize the same target transaction at the same time, further compressing profit margins. These technical and economic barriers constantly prompt attackers to update their algorithms and strategies in a fiercely competitive environment, and also provide a theoretical basis for the design of prevention mechanisms.

4. Industry response and prevention strategies

Prevention strategies for ordinary users:

Set reasonable slippage protection : When submitting a transaction, you should set a reasonable slippage tolerance based on current market fluctuations and expected liquidity conditions to avoid transaction failures due to too low a setting, and avoid malicious attacks due to too high a setting.
Use privacy transaction tools : With the help of technical means such as private RPC and order packaging auction, transaction data is hidden outside the public memory pool to reduce the risk of attack.

Suggested technical improvements at the ecosystem level:

Transaction sorting and proposer-builder separation (PBS) : By separating block construction from block proposal responsibilities, the control of a single node over transaction sorting is limited, thereby reducing the possibility of validators taking advantage of sorting to extract MEV.

MEV-Boost and transparency mechanism : Introducing third-party relay services (Relay) and MEV-Boost and other solutions to make the block construction process open and transparent, reduce dependence on a single node, and improve overall competitiveness.
Off-chain order flow auction and outsourcing mechanism : With the help of outsourced orders (such as the CoW protocol) and the order flow auction mechanism, batch matching of orders can be achieved, which not only increases the possibility of users obtaining the best price, but also makes it difficult for attackers to operate alone.
Smart contracts and algorithm upgrades : With the help of artificial intelligence and machine learning technologies, we can improve the real-time monitoring and prediction capabilities of abnormal fluctuations in on-chain data, helping users avoid risks in advance;

As the DeFi ecosystem continues to expand, transaction volume and complexity continue to increase, MEV and its related attack methods will face more technical confrontation and economic games. In the future, in addition to the improvement of technical means, how to reasonably distribute economic incentives while ensuring decentralization and network security will become an important topic of common concern in the industry.

V. Conclusion

The MEV sandwich attack has evolved from an initial sporadic vulnerability to a systematic profit-harvesting mechanism, posing a severe challenge to the DeFi ecosystem and the security of user assets. The latest cases and data in 2025 show that the risk of sandwich attacks still exists and continues to escalate, whether on mainstream platforms such as Uniswap or Solana. In order to protect user assets and market fairness, the blockchain ecosystem needs to work together in technological innovation, transaction mechanism optimization, and regulatory coordination. Only in this way can the DeFi ecosystem find a balance between innovation and risk and achieve sustainable development .

Author ：链源科技PandaLY
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ：链源科技PandaLY If there is any infringement, please contact the author to remove it.