Sandwich attacks in crypto, explained: How to stay safe

What is a sandwich attack?

Sandwich attacks are a form of market manipulation that targets users on decentralized exchanges, exploiting price movements to profit off of a victim’s trade.

It is a type of front-running exploit in which an attacker places two orders around a victim’s trade in a way that profits from price slippage.

In a typical sandwich attack, a malicious actor watches the transaction mempool for large trades that might affect the price of a cryptocurrency. 

After being identified, the attacker executes a “back-running trade” by placing a “sell” order immediately following the victim’s trade and a “buy” order just before it.

The victim’s trade contributes to the manipulated price, which is intentionally inflated or deflated to their benefit. The attacker makes money by selling their coins once the victim’s transaction is completed.

Why sandwich attacks matter for crypto traders

Sandwich attacks matter significantly for crypto traders, especially beginners, due to their impact on maximal extractable value (MEV).

MEV refers to the additional value that can be extracted from block production beyond standard block rewards. In essence, it allows miners or validators to strategically order transactions within a block to maximize their own profits.

Sandwich attacks are a prime example of MEV exploitation. By manipulating transaction order, attackers capitalize on the public nature of the blockchain to front-run and back-run trades, profiting from the price slippage they induce.

Here’s how these attacks impact traders:

• Erosion of trust: The prevalence of sandwich attacks can erode trust in the security and integrity of the decentralized finance (DeFi) ecosystem.
• Reduced profits: Sandwich attacks directly impact traders’ profitability by capturing potential gains through price manipulation.
• Fairness concerns: These attacks undermine the perceived fairness of DEXs, as traders are vulnerable to exploitation by more sophisticated actors.

Due to these concerns, the crypto community actively explores solutions to mitigate the negative impacts of MEV, such as:

• Private transactions: Techniques that conceal transaction details from other network participants, making it harder to identify and exploit profitable trading opportunities.
• MEV boost: A mechanism that allows users to submit transactions directly to miners, potentially reducing the window for front-running.

Did you know? Maximal extractable value was once called miner extractable value. First introduced in the 2019 research paper “Flash Boys 2.0 Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges” by Phil Daian and others, the term was later changed to reflect the growing value that could be extracted through these strategies as the DeFi ecosystem expanded.

How sandwich attacks work: A step-by-step example

The mechanics of a sandwich attack involve manipulating the price of an asset before and after a victim’s trade, using buy and sell orders strategically placed in the transaction queue.

Let’s break down how a sandwich attack happens, using a simple example.

Imagine you’re a crypto trader looking to buy 100 Ether (ETH) on a decentralized exchange (DEX) like Uniswap. Your large order will likely move the market and raise the price of ETH temporarily. An attacker who has been monitoring the network sees your trade. 

But how does an attacker predict a large incoming order?

Attackers predict large incoming orders by monitoring the mempool, a public waiting area for unconfirmed blockchain transactions. Every user’s transaction details — like the tokens being traded, amounts, and slippage tolerances — are visible here before being added to a block. 

Automated bots scan the mempool for large trades or high slippage tolerances, signaling opportunities for profit. Since transactions aren’t encrypted, attackers (via bots) analyze this data in real-time. 

If a transaction looks profitable to manipulate, the attacker can act on it by submitting their own transaction with a higher gas fee, ensuring it’s processed first and exploiting the user’s trade.

Now, let’s understand how the attack unfolds:

• Step 1: The attacker places a buy order for ETH just before your transaction.
• Step 2: Your trade goes through, increasing the price of ETH.
• Step 3: Immediately after your trade, the attacker sells the ETH they purchased in Step 1 at the inflated price, making a profit.
• Step 4: You end up buying at the higher price, and the attacker has profited from your transaction without doing much more than placing orders.

An example in the below image shows a bot spotting a large Saitama token purchase in the mempool and buying the token first, pushing the price up. 

The victim, who then purchases the token, ends up paying a higher price. The bot sells the token at this inflated price, earning over $200,000 in profit. The attack was made possible by delaying the victim’s transaction by over a minute.

Is MEV always negative?

No, MEV is not inherently negative.

While it can be exploited through malicious activities like sandwich attacks, it also has positive aspects. MEV can improve market efficiency by facilitating arbitrage and ensuring timely liquidations. It also provides an additional revenue stream for miners and validators, incentivizing their participation in the network. 

Furthermore, the pursuit of MEV has driven innovation in areas like blockspace auctions (the competitive process of securing space within a block for your transactions to be included and processed) and privacy-preserving technologies. However, it’s crucial to address the potential impact on traders (as discussed above) to ensure a balanced and sustainable crypto ecosystem.

How to prevent sandwich attacks in crypto

By using slippage tolerance settings, breaking down larger trades, using private transaction services and avoiding high-traffic periods, you can reduce your chances of falling victim to a sandwich attack.

Now that you understand how sandwich attacks work, here are some practical tips to avoid falling victim to them.

• Use slippage tolerance settings wisely: Most decentralized exchanges allow you to set slippage tolerance limits. By adjusting this setting, you can control the maximum price deviation you’re willing to accept, preventing malicious actors from manipulating your trade too much.
• Trade smaller amounts: If possible, break down larger trades into smaller orders to reduce the market impact. Large transactions are more likely to trigger price slippage, making them prime targets for sandwich attacks.
• Use private transactions or flashbots: Some users opt for services like flashbots to privately submit their transactions. This minimizes the chance of being targeted by front-running bots, as the transaction details remain hidden until they are confirmed on the blockchain.
• Monitor mempools and avoid busy times: Some traders choose to monitor the mempool (the waiting area for pending transactions) to avoid executing trades when the network is congested with large orders.

Did you know? Two researchers introduced a game-theoretic approach in their paper titled “Eliminating Sandwich Attacks with the Help of Game Theory,” offering an algorithm that significantly reduces the risk of sandwich attacks, outperforming the auto-slippage method used by major automated market makers like Uniswap. This algorithm effectively minimizes transaction costs while safeguarding against the predatory strategies employed by bots in the Ethereum mempool.

Beyond sandwich attacks: Other examples of MEV

MEV includes strategies like liquidation arbitrage, DEX arbitrage, uncle block mining and NFT MEV, each exploiting different market inefficiencies for profit.

MEV encompasses a broader range of strategies, such as:

Liquidation arbitrage

• How it works: Targets users with heavily leveraged positions (often in DeFi lending protocols).
• Example: If a user’s collateral value falls below a certain threshold, they risk liquidation. An MEV bot can front-run the liquidation by repaying the loan and then seizing the collateral at a discount.

DEX arbitrage

• How it works: Exploits price discrepancies between different DEXs.
• Example: If an asset is priced differently on two DEXs, an MEV bot can quickly purchase the asset on the cheaper exchange and simultaneously sell it on the more expensive one, profiting from the price difference.

Uncle block mining

• How it works: Miners can create “uncle blocks” (alternative valid blocks) that are not included in the main blockchain.
• Example: If a profitable transaction is included in a user’s block, a miner can create an uncle block with a slightly higher reward, potentially excluding the user’s transaction and capturing the profit for themselves.

NFT MEV

• How it works: Leverages the unique characteristics of the NFT market.
• Examples: Two common ways MEV is exploited in the NFT market are sniping and order canceling. In sniping, bots constantly monitor NFT marketplaces for newly listed items that are rare or valuable, purchasing them instantly before other buyers have a chance. On the other hand, order canceling involves bots detecting and canceling orders with favorable prices, then immediately relisting the items at a higher price.

To protect against MEV exploitation, you could employ MEV-aware platforms and utilize time-sensitive execution. Additionally, managing transaction timing through algorithms or obfuscation tools reduces the predictability of your trades. 

In the NFT space, choosing contracts resistant to sniping and order cancellation attacks provides added security against manipulation by MEV bots.