ScamLens
High Risk Average Loss: $2,000 Typical Duration: 1 day

MEV Sandwich Attacks: Crypto Trading Fraud Explained

Maximal Extractable Value (MEV) sandwich attacks represent a sophisticated form of cryptocurrency fraud where attackers observe pending transactions in the blockchain mempool and strategically insert their own transactions to profit at the victim's expense. When a trader submits a transaction to swap tokens on a decentralized exchange, the attacker places a transaction before it (front-run) to buy the same token, driving up its price, then places another transaction after the victim's trade (back-run) to sell at the inflated price. The victim ends up paying significantly more for their tokens or receiving fewer tokens in return, with losses typically ranging from $500 to $5,000 per attack. According to blockchain analysis firm Flashbots, MEV extraction exceeded $600 million in 2023 alone, with sandwich attacks accounting for approximately 70% of all MEV-related losses. These attacks exploit the transparent nature of blockchain technology where all pending transactions are visible in the mempool before execution, creating a vulnerable window that attackers systematically exploit using sophisticated bots running on high-performance infrastructure.

Common Tactics How to Identify How to Protect Yourself Real-World Examples Frequently Asked Questions Where to Report

Common Tactics

  • Monitor the mempool for large token swap transactions, identifying profitable opportunities where price impact will be significant and easy to exploit.
  • Deploy front-running bots that execute transactions in the same block before the victim's transaction, artificially inflating token prices to maximize slippage damage.
  • Execute back-running transactions immediately after the victim's swap settles, capturing additional profit by selling inflated token positions at peak prices.
  • Use private mempools or paid services like MEV-Relay to gain exclusive access to pending transactions before they appear publicly, ensuring execution priority.
  • Target victims with large transaction amounts (over $10,000) and low slippage tolerance settings, since these generate higher MEV extraction opportunities.
  • Disguise sandwich attack transactions using complex smart contracts and token bridges to obscure the attack pattern and avoid detection by security monitoring tools.

How to Identify

  • Your token swap executes at a significantly worse price than the quoted amount, with slippage far exceeding normal market volatility (more than 5% difference unexpectedly).
  • Transaction details show multiple transactions from unfamiliar addresses buying the same token immediately before your swap, then selling immediately after, in the same block.
  • You notice your transaction is grouped with other similar swaps in the same blockchain block, all experiencing identical price deterioration patterns.
  • Your pending transaction remains unconfirmed for an unusually long time while other transactions in the mempool execute much faster, suggesting deliberate ordering manipulation.
  • Blockchain explorers show your transaction sandwiched between two other trades from the same address, with profits flowing to an address you don't recognize.
  • You receive fewer tokens than expected despite the token pair price remaining stable in the time between your transaction submission and confirmation.

How to Protect Yourself

  • Set strict slippage limits (1-2%) in your decentralized exchange settings, so transactions automatically fail if price conditions worsen beyond your acceptable threshold.
  • Use MEV-protective services like Flashbots Protect or MEV-resistant protocols like CoW Swap that execute swaps via batch auctions rather than transparent mempool ordering.
  • Split large token purchases into multiple smaller transactions at different times rather than one large transaction, reducing the MEV extraction opportunity for attackers.
  • Use private relays or MEV-resistant RPCs (remote procedure call endpoints) that hide your pending transactions from the public mempool until the moment of execution.
  • Enable encrypted mempools when available, which conceal transaction details from other network participants until the block is produced and confirmed.
  • Research and use DEX protocols specifically designed with MEV resistance, such as Threshold Encryption or Intent-based architectures, rather than standard constant product market makers.

Real-World Examples

A cryptocurrency trader submits a transaction to purchase 50 ETH worth of a mid-cap altcoin through Uniswap at a quoted price of $1.00 per token. An attacker's bot detects this pending transaction in the mempool and immediately submits a transaction buying 1,000,000 of the same tokens. The victim's transaction executes at $1.15 per token due to the price impact, costing them an extra $7,500. The attacker then sells their tokens for $1.12, profiting $12,000 while the victim loses money on slippage.

A decentralized finance participant decides to swap $3,000 worth of USDC for a new token launching on a DEX with low liquidity. Before their transaction executes, a sandwich attack bot purchases tokens using the same swap path. The victim receives 30% fewer tokens than expected due to artificially inflated prices. After the victim's transaction confirms, the bot sells its position at peak price, extracting $450 in profits directly from the victim's slippage.

An institutional trader uses a decentralized exchange to execute a $50,000 token swap during off-peak hours, believing reduced network congestion would minimize MEV exposure. However, MEV bot operators actively monitor large transactions regardless of time, and a sandwich attack extracts $2,100 in value. The trader's transaction appears to execute normally from their perspective, but blockchain analysis reveals they paid significantly above spot market prices due to the attack.

Frequently Asked Questions

How do attackers know about my transaction before it's confirmed on the blockchain?
All cryptocurrency transactions sit in a public waiting area called the mempool before being included in a block. Attackers constantly monitor this mempool using specialized bots to identify high-value transactions that generate profits through price manipulation. Your transaction is visible to everyone on the network before it executes, creating a vulnerable window that bots systematically exploit.
Why can't decentralized exchange platforms prevent sandwich attacks?
DEX platforms operate on blockchain networks where transaction transparency is a core feature, not a flaw. Preventing attacks would require removing the visibility of pending transactions, which contradicts decentralized principles. However, newer solutions like MEV-protective relays and encrypted mempools are being developed to address this vulnerability at the protocol level rather than the application level.
Is MEV sandwich attacking illegal?
The legal status remains unclear in most jurisdictions since MEV operates in a regulatory gray area. While it may constitute fraud in traditional markets, cryptocurrency MEV extraction has not yet been definitively classified as illegal in most countries. However, some jurisdictions are beginning to investigate whether certain MEV extraction methods violate securities or commodities trading laws.
What's the difference between MEV sandwich attacks and regular slippage?
Normal slippage occurs from natural market liquidity constraints when you swap tokens, typically 0.5-2%. Sandwich attacks cause artificially induced slippage of 5-50% because attackers deliberately manipulate prices by inserting transactions. You can identify attacks by comparing your slippage percentage to normal market volatility for that trading pair during that time period.

Where to Report — United States

Official channels in your region for reporting this scam.

FTC ReportFraud

Reporting

Federal Trade Commission consumer fraud reporting portal.

Visit →

FBI IC3

Cybercrime Unit

Internet Crime Complaint Center for online and crypto fraud.

Visit →

CFPB Consumer Complaint

Financial Regulator

For bank, credit card, loan, and payment-related fraud.

Visit →

AARP Fraud Watch Helpline

Hotline

Free helpline for victims of any age (English/Spanish).

1-877-908-3360 Visit →

Think you encountered this scam?

How to cite this guide

Use this when referencing ScamLens content in articles, research, AI responses, or social media.

According to ScamLens (scamlens.org), mev sandwich attacks: crypto trading fraud explained is described at https://scamlens.org/en/encyclopedia/mev-sandwich-attack.
https://scamlens.org/en/encyclopedia/mev-sandwich-attack