What is a sandwich attack in crypto and how can you protect yourself?

What is a sandwich attack in crypto?

A sandwich attack is a form of market manipulation within DeFi and particularly on decentralized exchanges (DEX’s). The attacker carries out the attack on already visible, but not yet executed transactions in the mempool (a kind of digital waiting room for crypto transactions) of a blockchain.

The attack is called a “sandwich” because the victim’s transaction is squeezed between two transactions from the attacker: one before and one after the original order.

Sandwich attacks mainly occur on decentralized platforms, because transactions are visible there before they are executed and permanently included in a block. This allows attackers to look for manipulation opportunities within Automated Market Makers (AMM’s) that work with liquidity pools and algorithmic pricing, such as Uniswap and PancakeSwap.

At its core, a sandwich attack is a form of Maximal Extractable Value (MEV), where block producers or bots try to extract additional value from transactions by strategically manipulating the order of transactions.

Key Takeaways

• A sandwich attack is a form of market manipulation within DeFi where an attacker exploits visible transactions in the mempool to generate profit.
• The attack works by squeezing a large order from a trader between two of the attacker’s own transactions: one before (front-run) and one after (back-run) the original order.
• The attacker’s profit comes directly from the additional slippage experienced by the victim, causing them to receive a worse price than expected.
• Sandwich attacks increase effective trading costs, reduce the efficiency of decentralized exchanges, and can undermine trust in DeFi.
• Although the risk on DEX’s cannot be completely eliminated, traders can better protect themselves by lowering their slippage tolerance, splitting large orders, choosing high liquidity pools, or trading via centralized platforms.

How does a sandwich attack work?

A sandwich attack works by first looking for a large transaction, which has a significant impact and therefore also a higher slippage, in the mempool (the queue of unconfirmed transactions) and exploiting it by immediately placing a transaction with a higher gas fee, giving the attacker priority. After the victim’s order is executed, having bought or sold at a worse price, the attacker places a second transaction in the opposite direction. It works as follows:

1. Detection of a large transaction
An attacker (usually an automated bot) monitors the mempool and detects a large buy or sell order on a DEX. Large orders typically cause significant price impact (slippage) within a liquidity pool.

2. Front-running transaction
The attacker immediately places their own transaction with a higher gas fee so that it is executed before the victim’s transaction.

• In the case of a large buy order, the attacker first buys the same token, pushing the price up.
• In the case of a large sell order, the attacker first sells, pushing the price down.

3. Back-running transaction
Once the victim’s transaction has been executed at a worse price, the attacker executes a second transaction in the opposite direction:

• After a front-run buy, the attacker sells at the now higher price.
• After a front-run sell, the attacker buys back at a lower price.

This allows the attacker to make nearly risk-free profit, while the victim receives a worse execution price than expected.

The attacker’s profit comes directly from the additional slippage experienced by the victim.

Example: Suppose the ETH/USDT pool on Uniswap contains 1,000 ETH and 2,000,000 USDT, which results in a price of approximately 2,000 USDT per ETH. A trader wants to buy 100 ETH in a single transaction. An MEV bot sees this large order in the mempool before it is executed. The bot first buys, for example, 50 ETH itself and pays a higher gas fee so that its transaction is processed earlier. This increases the price of ETH in the pool. The victim’s order is then executed at this higher price, causing them to pay more USDT than expected.

Immediately afterwards, the bot sells its 50 ETH back to the pool at the now further increased price, which was partly driven up by the victim’s large purchase. The attacker profits from the price difference, while the additional costs are borne by the victim in the form of higher slippage.

What is the impact of a sandwich attack?

The impact of a sandwich attack is that victims execute their transaction at a worse price than initially intended, while the attacker profits from the price difference. In practice, sandwich attacks lead to higher effective trading costs for individual users and reduce the efficiency of decentralized exchanges.

Sandwich attacks create additional price impact (slippage) for traders, resulting in higher effective transaction costs and a less favorable execution price, especially in large transactions or low liquidity environments. This often only becomes clear afterwards when the final transaction price turns out to be higher in the case of a buy or lower in the case of a sell than expected. In addition, sandwich attacks negatively impact the image of DeFi. Thanks to the open structure and transparency of transactions, these attacks are possible, with honest traders often paying the price.

How can you protect yourself against sandwich attacks?

Sandwich attacks remain a weak point within the crypto market, especially within DeFi protocols. However, there are several ways to reduce the chance of becoming a victim of a sandwich attack:

1. Lower your slippage tolerance
   By setting a low slippage tolerance, you limit how much price deviation you are willing to accept. If the price is manipulated too heavily, your transaction will fail instead of being executed at a significantly worse price. Keep in mind that a tolerance that is too low, especially for trading pairs with low liquidity, may cause your transaction to fail more often.
2. Avoid placing large market orders at once
   Splitting large transactions into smaller parts reduces visible price impact and makes you less attractive to MEV bots.
3. Use DEX’s with MEV protection
   Some platforms offer protection against front-running and sandwich attacks through private transaction routing or special order mechanisms.
4. Trade in pools with high liquidity
   The higher the liquidity, the smaller the price impact of individual transactions and the less profitable a sandwich attack becomes.
5. Use limit orders when available
   With limit orders, you set the maximum buy price or minimum sell price yourself, protecting you from execution at a worse price than predefined.
6. Trade via centralized platforms (CEX’s)
   On centralized exchanges such as Finst, orders are processed through an internal order book and transactions are not visible in advance in a public mempool. As a result, the classic sandwich attack mechanism, as seen on AMM-based DEX’s, does not apply.

Final thoughts

A sandwich attack shows how the transparency of public blockchains can be both a strength and a vulnerability. By strategically exploiting visible transactions in the mempool, attackers can profit almost risk-free from the price impact of other traders. This results in higher effective trading costs, more slippage, and a less efficient market structure within DeFi.

Although sandwich attacks mainly occur on AMM-based decentralized exchanges, users can significantly reduce the risk by carefully managing slippage settings, order size, and liquidity. In addition, some DEX’s offer extra MEV protection, and centralized trading platforms provide an alternative where the classic sandwich mechanism does not apply. Understanding how these attacks work is therefore essential for anyone active in the crypto market.