There’s a substantial amount of money, billions in fact, flowing through the crypto space, which naturally attracts opportunistic individuals looking to get their hands on a piece of the pie.
Crypto markets, much like any tradable markets, are susceptible to manipulation. However, these manipulative practices come in various forms and sizes, depending on factors such as the market type, regulatory measures in place, and the underlying technologies. Fortunately, armed with the right information, most of these scams can be avoided.
This article spotlights the increasingly prevalent sandwich attack, typically aimed at DEXs and DeFi users. A sandwich attack involves malicious actors manipulating transactions on DEXs to generate profits for themselves, often at the expense of other traders.
The roots of sandwich attacks can be traced back to traditional stock markets, where unethical employees at brokerage firms took advantage of insider information, using this to execute personal trades before fulfilling customer orders and making illicit profits. Such activities are considered illegal in conventional finance and carry legal consequences.
However, the decentralized nature of DeFi creates a less regulated environment, making it easier for attackers to carry out sandwich attacks without facing legal repercussions.
Between May 2020 and April 2022, the Ethereum network experienced over 450,000 sandwich attacks, resulting in a total profit of 60,000 ETH. These attackers divert the value that rightfully belongs to individual traders who use DEXs for their transactions.
While sandwich attacks don’t lead to a complete loss of funds like rug pulls and other types of DeFi scams, they significantly limit the profit potential for traders.
Surprisingly, sandwich attacks account for more than 20% of all Maximal Extractable Value (MEV), which is the maximum profit that validators and other network participants can extract via transaction manipulation on the Ethereum network.
Read on to learn how sandwich attacks occur on DeFi platforms and strategies to limit your exposure to such attacks within the DeFi ecosystem.
TL:DR
Sandwich attacks are front-running manipulations prevalent in decentralized finance (DeFi).
- Attackers exploit blockchain transparency to prioritize their transactions, profiting while traders suffer losses.
- In this three-stage attack, the malicious actor scans the mempool, executes transactions with higher gas fees, and manipulates prices.
- Between May 2020 and April 2022, over 450,000 sandwich attacks on Ethereum resulted in a total profit of 60,000 ETH.
- Although they don’t cause complete fund losses, sandwich attacks limit traders’ profits. They constitute more than 20% of all Maximal Extractable Value (MEV) on the Ethereum network.
- Traders can safeguard against these attacks by using low slippage, flashbot transactions, limit orders, and staying informed about potential threats and security practices in DeFi.
What Is a Sandwich Attack?
A sandwich attack is a pretty interesting form of front-running attack where the attackers actors try to benefit themselves by reducing the value that traders get when they make their trades. They do this by capturing the expected value for themselves.
The thing about sandwich attacks is that they take advantage of the transparency of blockchains and the vulnerabilities in DeFi systems and smart contracts. What’s tricky about them is that the traders involved might not even realize they’re being targeted.
In a DeFi sandwich attack, the attacker mostly takes advantage of price slippage, which occurs when there is a difference between the expected price and the actual executed price due to market fluctuations and liquidity constraints. By exploiting high slippage, the attacker can manipulate the transaction to their benefit.
Now, a single sandwich attack might not make the attackers filthy rich, but when they carry out these attacks across multiple trades, the profits start to add up pretty quickly. It’s all about the cumulative effect.
How Do Sandwich Attacks Work?
Sandwich attacks exploit the vulnerabilities of decentralized exchanges (DEXs) and Automated Market Makers (AMMs), allowing attackers to profit at the expense of other traders. It derives its name from its execution which occurs in layers, resembling a sandwich. Understanding the mechanics of these attacks and taking precautions can help limit exposure to such manipulative tactics in the DeFi ecosystem.
A sandwich attack is executed in three stages described below:
- 1. Scanning the Mempool:
When a trade is initiated on a DEX, it enters the mempool, a temporary holding area where miners or validators confirm transactions. Miners prioritize transactions with higher gas fees for greater rewards. Attackers scan the mempool to identify profitable opportunities and exploit the information about a victim’s transaction.
- 2. Execution of the Attack:
Once a potential transaction is found, the attacker performs a similar transaction but pays a higher gas fee. Simultaneously, they add a second transaction to the mempool that mirrors the victim’s transaction but with a lower fee. This creates three transactions in the mempool, with the victim’s transaction sandwiched between the attacker’s transactions in terms of gas fee priority.
- 3. Profit Generation:
The attacker’s transaction with the highest fee is prioritized, followed by the victim’s transaction. Finally, the last transaction, which is also the attacker’s, is executed, resulting in the attacker making a profit. The victim experiences a loss due to the price manipulation.
Alternate Approach:
Alternatively, attackers can act as liquidity providers within a liquidity pool to initiate sandwich attacks. They add liquidity to the pool and strategically remove it when the victim places a trade order. This creates a discrepancy between the expected and actual prices of the victim’s trade. After the victim’s trade is completed, the attacker reintroduces the liquidity back into the market, profiting from the price differences.
Example of a Sandwich Attack:
In a hypothetical scenario, a trader wants to exchange 1 USDT for LINK in an AMM liquidity pool and sets a slippage tolerance of 5%, meaning they are willing to accept up to a 5% difference in the final value they receive, taking into account potential market fluctuations during the transaction process.
At the same time, an attacker, who intends to carry out a sandwich attack, monitors the mempool, discovers this trader’s transaction, and quickly executes a transaction with a higher gas fee, manipulating the pool’s values. As a result, the liquidity pool now contains 51 USDT and 49 LINK (1 USDT was added, and 1 LINK was removed).
At this point, when the victim’s trade is executed, they will receive approximately 0.96 LINK for their 1 USDT. Since this value falls within the 5% slippage range set by the victim, the trade is executed without raising any suspicions, and the victim may not realize they have fallen victim to a sandwich attack.
After the victim’s trade is completed, the liquidity pool will be left with 52 USDT and 48.04 LINK. The attacker then sells back the 1 LINK they obtained from the pool, which is now worth 1.08 USDT. As a result, the attacker makes an extra 0.08 USDT more than their initial investment in buying LINK.
This trade will be profitable only if the attacker retains some USDT after deducting the gas fees and protocol fees incurred during the execution of their buy and sell trades.
Sandwich attacks are typically orchestrated by specific bots designed for such attacks. In some instances, a single sandwich attack has generated profits of up to 39.17 ETH and 56 ETH. However, profitability depends on the victim’s trade value exceeding the gas and protocol fees paid to liquidity providers.
Are Sandwich Attacks Illegal?
DeFi sandwich attacks are widely regarded as unethical due to their exploitative nature. However, in the current state of the DeFi space, there is a lack of comprehensive legal regulations specifically addressing the legality of sandwich attacks.
It is worth noting that these types of attacks are generally illegal within traditional systems and may also be prohibited in the DeFi space once regulatory measures are implemented.
Consequences Of Sandwich Attacks
Sandwich attacks in DeFi have several consequences that can impact users and the ecosystem as a whole. Some these consequences include:
- Financial loss: DeFi users who fall victim to sandwich attacks often experience financial losses. They receive less value than expected for their trades, resulting in missed profit opportunities and diminished returns.
- Loss of confidence in DeFi: DeFi is a relatively new concept and has not yet gained the same level of adoption and popularity as traditional finance. Repeated sandwich attacks undermine DeFi principles and potential. These attacks lead to bad user experiences (such as high gas fees in the case of Ethereum) and may discourage potential users from participating in DeFi, hindering its growth and acceptance.
- Stricter regulations: While the DeFi industry operates under limited regulations, negative incidents like sandwich attacks can trigger tighter regulatory measures from governing bodies. This increased regulation could impose tighter restrictions on DeFi activities, potentially hindering participation in the ecosystem.
How to Protect Yourself from Sandwich Attacks in DeFi
To safeguard your trades and minimize the risk of falling victim to sandwich attacks in DeFi, consider implementing the following strategies:
Use Low Slippage
The vulnerability for a sandwich attack rises when a trader deliberately sets a high slippage. Traders often opt for high slippage to ensure their trades are executed even during periods of high volatility or lower liquidity, particularly when dealing with assets like memecoins. This practice opens up an opportunity for attackers to exploit and manipulate the trader’s transactions, causing them to execute trades at significantly inflated prices.
Avoid setting high slippage for your trades. By keeping slippage low, ideally around 2%, you reduce the potential rewards for attackers attempting to manipulate your transactions. This is particularly important in public networks with high transaction fees like Ethereum.
Use Flashbot Transactions
Flashbot transactions are an innovative solution developed to counter sandwich attacks. Unlike traditional transactions that are broadcasted to public mempools and rely on miners or validators for verification, flashbots send transactions directly to miners/validators.
This method ensures that transaction data remains private, making it impossible for attackers to manipulate trades. Traders can leverage decentralized exchanges like 1inch to access exclusive opportunities for initiating flashbot transactions that are inaccessible to attackers.
Use Limit Orders
Opt for limit orders whenever possible. Limit orders provide greater control and predictability over your trades compared to market orders, reducing vulnerability to sandwich attacks.
Although limit orders are commonly used on centralized exchanges (CEXs), DEXs like Polkadex offer the option to place limit orders as well. Using limit orders on DEXs allows you to better understand the expected trade outcomes, thus minimizing the likelihood of being exploited by a sandwich attack.
Break Down Large Trades
A single large trade easily attracts the attention of attackers seeking to manipulate it. Instead of executing a single large trade, consider breaking it down into smaller transactions. Doing so minimizes the likelihood of being targeted by sandwich attacks and maintains a higher level of security in your DeFi activities.
Trade Liquid Pairs
Highly liquid pairs have tight bid-ask spreads, minimal slippage, and are less profitable for sandwich attacks. Attackers are more likely to target less liquid pairs for larger profits and significant price movements, so stick to the more liquid options.
Avoid Trading In Volatile Market Conditions
Sandwich attacks thrive in highly volatile market conditions. To mitigate the risk, refrain from trading during periods of high volatility when price discrepancies are more pronounced. Stable market conditions offer less opportunity for attackers to manipulate trades.
Consider Paying Higher Gas Fees
While it is an unconventional approach, increasing the gas fee for your initial trade can potentially reduce the incentive for attackers to profit from your trades. In a public blockchain network like Ethereum, where gas fees can be quite pricey, paying an amount higher than the average gas fee would make it economically unfeasible for an attacker to execute a sandwich attack. However, make sure you always strike a balance between cost and transaction speed.
Do Due Diligence
Stay vigilant and conduct thorough due diligence on the markets and tokens you engage with in DeFi. By paying careful attention to market trends, DeFi users can identify the potential for a sandwich attack in that market and prepare appropriate solutions to counter such a threat.
When you conduct thorough due diligence in your DeFi activities, you can limit your exposure to various scams, including sandwich attacks. For instance, in the case of PEPE, a memecoin that recently experienced significant trading volumes, DeFi enthusiasts recognized that the PEPE market was susceptible to front-running and sandwich attacks as attackers sought to exploit the coin’s momentum.
Stay Informed
Keep educating yourself about emerging threats, security best practices, and advancements in the DeFi space. Engage with the community, follow reputable sources, and seek advice from experienced users to improve your understanding and awareness.
Disclaimer: This article is intended solely for informational purposes and should not be considered trading or investment advice. Nothing herein should be construed as financial, legal, or tax advice. Trading or investing in cryptocurrencies carries a considerable risk of financial loss. Always conduct due diligence.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
![EthCC[9]](https://defi-planet.com/wp-content/uploads/2026/01/EthCC9-1-150x150.webp)
