MEV Sandwich Attacks: Crypto Trading Fraud Explained
Maximal Extractable Value (MEV) sandwich attacks represent a sophisticated form of cryptocurrency fraud where attackers observe pending transactions in the blockchain mempool and strategically insert their own transactions to profit at the victim's expense. When a trader submits a transaction to swap tokens on a decentralized exchange, the attacker places a transaction before it (front-run) to buy the same token, driving up its price, then places another transaction after the victim's trade (back-run) to sell at the inflated price. The victim ends up paying significantly more for their tokens or receiving fewer tokens in return, with losses typically ranging from $500 to $5,000 per attack. According to blockchain analysis firm Flashbots, MEV extraction exceeded $600 million in 2023 alone, with sandwich attacks accounting for approximately 70% of all MEV-related losses. These attacks exploit the transparent nature of blockchain technology where all pending transactions are visible in the mempool before execution, creating a vulnerable window that attackers systematically exploit using sophisticated bots running on high-performance infrastructure.
Common Tactics
- • Monitor the mempool for large token swap transactions, identifying profitable opportunities where price impact will be significant and easy to exploit.
- • Deploy front-running bots that execute transactions in the same block before the victim's transaction, artificially inflating token prices to maximize slippage damage.
- • Execute back-running transactions immediately after the victim's swap settles, capturing additional profit by selling inflated token positions at peak prices.
- • Use private mempools or paid services like MEV-Relay to gain exclusive access to pending transactions before they appear publicly, ensuring execution priority.
- • Target victims with large transaction amounts (over $10,000) and low slippage tolerance settings, since these generate higher MEV extraction opportunities.
- • Disguise sandwich attack transactions using complex smart contracts and token bridges to obscure the attack pattern and avoid detection by security monitoring tools.
How to Identify
- Your token swap executes at a significantly worse price than the quoted amount, with slippage far exceeding normal market volatility (more than 5% difference unexpectedly).
- Transaction details show multiple transactions from unfamiliar addresses buying the same token immediately before your swap, then selling immediately after, in the same block.
- You notice your transaction is grouped with other similar swaps in the same blockchain block, all experiencing identical price deterioration patterns.
- Your pending transaction remains unconfirmed for an unusually long time while other transactions in the mempool execute much faster, suggesting deliberate ordering manipulation.
- Blockchain explorers show your transaction sandwiched between two other trades from the same address, with profits flowing to an address you don't recognize.
- You receive fewer tokens than expected despite the token pair price remaining stable in the time between your transaction submission and confirmation.
How to Protect Yourself
- Set strict slippage limits (1-2%) in your decentralized exchange settings, so transactions automatically fail if price conditions worsen beyond your acceptable threshold.
- Use MEV-protective services like Flashbots Protect or MEV-resistant protocols like CoW Swap that execute swaps via batch auctions rather than transparent mempool ordering.
- Split large token purchases into multiple smaller transactions at different times rather than one large transaction, reducing the MEV extraction opportunity for attackers.
- Use private relays or MEV-resistant RPCs (remote procedure call endpoints) that hide your pending transactions from the public mempool until the moment of execution.
- Enable encrypted mempools when available, which conceal transaction details from other network participants until the block is produced and confirmed.
- Research and use DEX protocols specifically designed with MEV resistance, such as Threshold Encryption or Intent-based architectures, rather than standard constant product market makers.
Real-World Examples
A cryptocurrency trader submits a transaction to purchase 50 ETH worth of a mid-cap altcoin through Uniswap at a quoted price of $1.00 per token. An attacker's bot detects this pending transaction in the mempool and immediately submits a transaction buying 1,000,000 of the same tokens. The victim's transaction executes at $1.15 per token due to the price impact, costing them an extra $7,500. The attacker then sells their tokens for $1.12, profiting $12,000 while the victim loses money on slippage.
A decentralized finance participant decides to swap $3,000 worth of USDC for a new token launching on a DEX with low liquidity. Before their transaction executes, a sandwich attack bot purchases tokens using the same swap path. The victim receives 30% fewer tokens than expected due to artificially inflated prices. After the victim's transaction confirms, the bot sells its position at peak price, extracting $450 in profits directly from the victim's slippage.
An institutional trader uses a decentralized exchange to execute a $50,000 token swap during off-peak hours, believing reduced network congestion would minimize MEV exposure. However, MEV bot operators actively monitor large transactions regardless of time, and a sandwich attack extracts $2,100 in value. The trader's transaction appears to execute normally from their perspective, but blockchain analysis reveals they paid significantly above spot market prices due to the attack.