How Sandwich Attacks Are Evolving and How the Ecosystem Is Striking Back
From Simple Front-Running to Jared's Dominance
How have sandwich attacks evolved over time?
Which blockchain upgrades have successfully reduced sandwich attacks?
Can block builders ever successfully filter out harmful MEV?
How do researchers identify sandwich attacks in blockchain data?
Could encrypted mempools be the solution to front-running?
When should blockchain data be transparent vs. private?
Think your slippage protection keeps you safe from sandwich attacks? Advanced bots like Jared are now using other users' transactions to exploit you in ways you never imagined.
During the 5th MEV Space on April 16th, these big brains shared their answers to the question above.
Luis Bezzenberger, Founder of ShutterNetwork
Yixin Cao, Chief Data Scientist of EigenPhi.
We also have Benjamin Hunter, VP of Engineering at BTCS, as the co-host.
Here are some highlights from the speakers.
Luis Bezzenberger's 3 Key Highlights
1. Information Symmetry Philosophy
Luis argues that blockchain needs a careful balance between transparency and privacy. Just like in traditional markets, sometimes information should be visible to everyone, and sometimes it needs protection. The goal is "information symmetry" – ensuring all participants have equal access to relevant information at the right time, creating a fair marketplace where no one has an unfair advantage due to seeing transaction details before others.
2. Distributed Trust Model
Rather than trusting a single entity (like a private mempool operator) not to front-run your transactions, Luis proposes spreading that trust across multiple independent encryption nodes. This approach means no single party can see and exploit your transaction details – the system remains secure even if some nodes are compromised. It's like replacing a single security guard with a committee where a majority must agree before any action is taken.
3. ShutterNetwork's Solution and Progress
ShutterNetwork applies threshold encryption primarily as an encrypted mempool to combat front-running and real-time censorship. Already implemented on Gnosis chain, they're making the case for Ethereum L1 implementation while offering encryption as a service for commit-reveal and time-lock use cases via their Shutter API. Their approach aims to create a neutral base layer where users can safely reveal information without fear of exploitation.
hildobby's 3 Key Highlights
1. Cross-Chain MEV Landscape
hildobby's data analysis spans 15 different blockchain networks, offering a comprehensive view of sandwich attacks across the ecosystem. As head of data at Dragonfly, he's created public dashboards that allow anyone to explore MEV patterns across multiple chains. This bird's-eye perspective reveals how sandwich attacks vary between different blockchain environments and helps identify which networks might be more vulnerable than others.
2. Protocol Upgrades as MEV Circuit Breakers
hildobby's research uncovered dramatic reductions in sandwich attacks following specific protocol upgrades. For example, when Optimism implemented its "Bedrock" upgrade (which introduced a better fee market through EIP-1559), sandwich attacks plummeted on the network. Similarly, Binance Smart Chain's recent "Goodwill Alliance" upgrade showed remarkable results, reducing sandwich attacks from 93% to just 15%. These findings suggest that thoughtful protocol design can significantly impact MEV extraction.
3. Data-Driven Detection Methodology
"I'm looking for a back and forth matching transaction with at least one victim in between where the same pool was affected," explains hildobby about his approach to identifying sandwich attacks. His methodology focuses on transaction patterns that are highly unlikely to occur naturally—like trading on the same pool in the same block back and forth with a victim in between. While acknowledging limitations (such as not accounting for liquidity changes), hildobby's open-source approach allows others to build upon his work, creating a foundation for broader MEV research.
Yixin Cao's 3 Key Highlights
1. The Three Eras of Sandwich Evolution
Yixin mapped the evolution of sandwich attacks into three distinct periods, showing how these exploits have grown increasingly sophisticated.
In the early days before Flashbots' bundle protection, sandwich bots played "guessing games" with gas fees to position their transactions, and sometimes even attacked each other.
The second era began when Flashbots introduced bundle protection in early 2021, which, counterintuitively, led to more creative attacks targeting dozens of victims simultaneously.
We're now in the third era of advanced strategies, where the techniques have become significantly more complex and harder to detect.
2. Jared's Game-Changing Tactics
"In Jared's trades, we can find that sometimes he will split its front-run transaction into two or three," Yixin explains, revealing how the dominant sandwich bot uses unprecedented techniques. What makes Jared particularly dangerous is its ability to use transactions from users who have correctly set slippage protection—previously considered "safe"—to pump up prices for attacking other victims. This sophisticated approach means that even users who follow best practices can unwittingly become part of someone else's sandwich attack, fundamentally changing our understanding of what transactions are vulnerable.
3. Flash Loans: Scaling Attacks Without Capital
Yixin identified a concerning trend in which attackers leverage flash loans from protocols like AAVE or Balancer to execute sandwich attacks using borrowed capital. This innovation enables attackers to scale their operations dramatically without incurring significant costs, effectively removing one of the few limitations that previously constrained sandwich attacks. As a data scientist at EigenPhi, Yixin's research suggests that as these capital-efficient techniques spread, the potential impact and reach of sandwich attacks could expand significantly, posing new challenges for protection mechanisms.
Conclusion: Staying Ahead in the Sandwich MEV Arms Race
The MEV landscape reveals a persistent arms race, as protocols implement upgrades and users set slippage protection, attackers like Jared develop increasingly sophisticated techniques. Protocol-level changes have shown promise, with some upgrades dramatically reducing sandwich attacks, while encrypted mempools offer a structural solution by addressing the information asymmetry that enables front-running. For DeFi users, the key takeaway is sobering: traditional protections are no longer sufficient, and staying informed about these evolving threats is essential.
Want to see sandwich attacks in action and understand how they might affect your trades? Explore EigenPhi's sandwich module to visualize real-time sandwich MEV extraction. Follow EigenPhi for more MEV insights and join our next MEV Space.
You can click this link or open https://bit.ly/hfdefi to download the free ebook Head First DeFi, Decoding the DNA of Crypto Transactions & Strategies. We are adding more intriguing cases in 2024. Let us know if you want to be part of it.
Follow us via these to dig more hidden wisdom of DeFi:
EigenTx | Website | Discord | Twitter | YouTube | Substack | Medium | Telegram