A sandwich attack is a sophisticated form of Maximal Extractable Value (MEV) exploitation. A predatory bot identifies your pending swap, wraps your transaction between its own buy and sell orders, and siphons off profit from the artificial price volatility it creates.
While common on Ethereum, this phenomenon is rampant across all AMM-based ecosystems, including Solana, BSC, Base, and Monad. For most retail traders, these attacks are the primary cause of "invisible losses" — slippage that feels like market volatility but is actually a calculated extraction.
The Illusion of Chronological Processing
To grasp how a sandwich attack is even possible, we must debunk the myth that blockchains process transactions in the exact order they are received.
Blockchains operate in batches called blocks. Instead of executing your swap the microsecond you click the button, the network collects all incoming requests within a specific time window. The order of execution within that block is determined by validators — often influenced by who pays the highest priority fee.
In 2026, block times vary significantly across chains. Solana leads at roughly 0.4 seconds, Arbitrum pushes 0.25 seconds, and major Layer 2s like Base, Optimism, and Polygon operate on 2-second intervals. BNB Chain runs at 3 seconds, and Ethereum remains the slowest at 12 seconds.
Regardless of speed, the vulnerability is the same: submission time does not equal execution order. A transaction submitted at 12:00:01 PM might end up as the 5th trade in a block, while a transaction submitted at 12:00:10 PM — carrying a massive priority fee — lands in the 1st slot. MEV bots exploit this mechanic to position themselves perfectly around your trade.
The Anatomy of a Sandwich: Three Steps
A sandwich attack exploits the price impact of your trade. Every time you buy a token, you push its price up slightly. The bot simply ensures it profits from that move.
1. Detection
The bot monitors the public transaction pipeline — the mempool on Ethereum, or the forwarding layer on Solana. It spots your pending buy order and calculates exactly how much your trade will move the price.
2. Front-Run
The bot submits a buy order for the same token with a much higher fee, forcing the validator to place the bot's trade immediately before yours. The bot buys at the current market price, which raises the price for you.
3. Victim Execution + Back-Run
Your trade executes at the inflated price. You receive fewer tokens than expected. Within the same block, the bot sells its position into your buying pressure and pockets the difference as pure profit.
A real-world example: a bot buys $616 worth of a token, the victim buys a small amount at a marked-up price, and the bot sells for $617.84. Less than a second, nearly $2 extracted from a single small trade. Scale this across thousands of trades per hour and the MEV tax becomes a multi-million dollar industry.
When Does Your Trade Become a Target?
MEV bots are profit-maximizing algorithms. They target specific conditions:
- Low liquidity pools — A $100 trade moving the price by 1–2% is a goldmine for bots.
- Excessive slippage settings — Setting 10% slippage essentially gives bots permission to steal up to 10% of your trade's value.
- Large orders — The bigger your swap relative to pool depth, the more predictable the price movement and the more likely you are to be sandwiched.
How to Protect Your Capital
1. Use Private Transaction Routing
The most effective defense is staying invisible. If the bot can't see your transaction, it can't sandwich it.
On Solana: Route all trades through Jito Bundles. These bypass the public pipeline and go directly to the Jito Block Engine. If you use a trading bot or DEX that asks for a "Jito Tip," you are already using this protection.
On Ethereum/EVM: Use a private RPC like Flashbots Protect or MEV Blocker. These services keep your transaction in a private queue until it is safely included in a block.
2. Aggressive Slippage Management
Don't use auto-slippage on volatile tokens. Manually set your slippage to the lowest amount that allows the trade to succeed — usually 0.5% to 1.5%. This leaves almost zero profit margin for a bot after paying their own transaction fees.
3. Order Splitting
Don't swap $10,000 in one transaction. Break it into five $2,000 swaps. Smaller trades have less price impact, often making them not worth the gas cost for an MEV bot to attack.
4. Verify Your History
Use transparency tools like sandwiched.me to scan your wallet's history. Frequent "Sandwiched" flags indicate your current RPC or DEX settings are leaking value to bots.
Sandwich Attack vs. Normal Market Volatility
It is important to distinguish a sandwich attack from a regular price drop.
If the price of your token goes down 10% over an hour, that's the market. However, if the price spikes a split second before you buy and crashes a split second after — all within the same block — you have been sandwiched.
By using MEV-protected routing, tightening your slippage, and avoiding low-liquidity traps, you can ensure your capital stays in your wallet rather than feeding the bots.
Top comments (0)