What Are Sandwich Attacks in Crypto? Definition and How to Avoid Them

One of the setbacks coming with popularity is exposure to the risk of attracting the interest of manipulators seeking personal gains. In the same vein, the evolving DeFi space has become vulnerable to various attacks as it continues to grow and gain widespread adoption.

Among the common attacks faced by the industry are sandwich attacks. These attacks pose great risks to crypto investors and their assets. Let’s delve deep into the details of this type of manipulation to understand its basics, how it works, and how to protect against it.

What Is a Sandwich Attack?

A sandwich attack is a kind of digital exploitation, unique to DEXs, that involves manipulating the price of a targeted asset. First, the attacker notices a large pending transaction in the public mempool, a kind of public waiting area for blockchains. Next, they place a transaction ahead of it, pushing the price in their favor. Finally, they immediately follow the victim’s transaction with an order to lock in profits.

Let’s take an example to get a clearer picture. When someone tries to trade one type of cryptocurrency (let’s call it X) for another (Y) to make a big purchase, the attacker uses a sneaky bot to spot the trade and buys up the Y cryptocurrency before the large trade is confirmed.

This causes the price of Y to go up for the original trader, resulting in higher costs. The bot profits by selling the Y cryptocurrency at an increased price. Notably, such attacks are only possible because of the public nature of the mempool, which means that anyone can see pending transactions in the pool. There are a handful of ways to avoid this, which we will discuss in detail below.

Additionally, smart contracts may have unrestricted functions that execute trades, like claiming LP reward tokens and instantly swapping them for another token using a decentralized exchange (DEX).

How Do Sandwich Attacks Work?

Now that we have explained the basics of sandwich attacks, let’s explore exactly how they work with examples.

Sandwich attacks are one of the most common variants of Maximal Extractable Value (MEV). MEV is the profit that traders or miners can make (or extract) by influencing the order in which transactions are processed on a blockchain.

It’s important to note that the entire process of sandwich attacks is done by bots, often known as “MEV bots.” These bots are always searching for large, pending transactions on decentralized exchanges. When one is spotted, it immediately places a transaction with a higher fee than the victim’s. This ensures that the bot’s transaction is processed first, pushing the price in an unfavorable direction for the victim.

The victim’s transaction is then processed at this higher price, giving them a worse price. Sometimes the bot can push the price to such an extreme that the victim will essentially lose the entire investment. The bot then places the final transaction to profit off of the price movement, effectively “sandwiching” the original transaction.

This strategy only works on decentralized exchanges that use automated market maker (AMM) systems. AMMs shift prices automatically in response to trade size and available liquidity, making these attacks possible. While most DEXs still use AMMs, a handful of decentralized platforms like dYdX and Serum use order-based systems, which can’t be manipulated with this strategy as easily.

Sandwich Attacks vs. Other Common MEV Strategies

Sandwich attacks are typically considered the most common strategies used by MEV bots, but there are a variety of ways that these bots take advantage of other traders. Here are a few of the other MEV strategies that are common on most blockchains.

• Front-running: The attacker submits a transaction with a higher fee before a pending trade to profit from the price movement.
• Back-running: The attacker places a trade right after another transaction to benefit from the price difference.
• Arbitrage: Bots exploit price differences across exchanges or liquidity pools.
• Liquidation sniping: Bots watch lending apps, looking to trigger liquidations to profit from liquidation bonuses.

Are Sandwich Attacks and MEV Legal?

Before we even touch on the legality or illegality of MEV and similar tactics, it’s important to note that the cryptocurrency world is still in a deep grey area in many regions when it comes to regulation and legislation. Some tactics may be legal in one jurisdiction but illegal in another. If you ever consider trying to use any MEV strategies, seek out legal advice first.

Typically, much, if not most, MEV activity today seems to be considered lawful in the U.S. This is likely because it only requires using publicly available information (from the public mempool), competing on transaction fees (to order transactions), and following all of the blockchain’s rules without any kind of deception or unauthorized access that could constitute fraud.

Nevertheless, if MEV exploiters aren’t careful, they can stray into legal grey areas or even clear criminality. For example, in 2024, Anton Peraire-Bueno and his brother, James Peraire-Bueno, were charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering for a large MEV exploit.

The charges mostly focus on the brothers’ alleged use of unauthorized access to private transactions on Ethereum, which had been intentionally routed outside of the public mempool.  According to the DOJ, this access was obtained through deception and the abuse of off-chain builder infrastructure, rather than through normal transaction ordering. Notably, the prosecutors did not argue that sandwich attacks themselves are illegal, but rather that the specific methods they allegedly used to carry them out, may constitute wire fraud.

The Peraire-Bueno case ended in a mistrial in November 2025, after the jury was unable to reach an unanimous verdict. However, prosecutors have already filed a request for a retrial for the two brothers, requesting the judge to schedule it “as soon as practicable in late February or early March 2026.”

How to Prevent Sandwich Attacks

Luckily, it’s often rather simple to ward off sandwich attacks if you know what you’re doing. One of the most important tools that DEXs offer to avoid this kind of exploit is slippage tolerance. This allows you to set the maximum price difference that you are willing to accept for your trade. If it exceeds this set tolerance, the transaction will be automatically canceled (assuming the feature is working correctly).

If you don’t want to have to deal with slippage tolerance at all, you may just want to avoid DEXs that use AMMs. You can use centralized exchanges or DEXs that use order-book systems instead. However, these platforms come with their own risks and limitations, such as custodial risk, front-running, or simply reduced decentralization.

Some DEX aggregators and crypto wallets also offer various forms of MEV protections, such as private relays (which avoid the public mempool) or routing trades through multiple platforms. Nevertheless, you still have to trust the platforms offering these services to execute your trades honestly and securely.

How to Identify a Sandwich Attack

Here are a few key factors to watch for to be able to identify a sandwich attack.

• Watch out for sudden changes in the price of the target asset. Sandwich attacks will cause abrupt shifts in asset prices during your trade. If the price of the asset you want to buy seems to change more than expected, it might be a signal.
• Take note of excessive slippage rates, as they can be a signal for sandwich attacks. A spike between the executed and expected prices is likely due to a sandwich attack (or extreme illiquidity).

What Is the Future of Sandwich Attacks?

The rise of sandwich attacks is great for attackers running these MEV bots, but experts agree that it’s bad for the crypto market and its users. These bots typically take advantage of new, inexperienced traders. It’s only natural for a new investor to be immediately turned off of the market forever if they lose hundreds or thousands of dollars in a single trade.

Increasing adoption is essential for the market’s continued growth. If more and more new traders are being taken advantage of, it will likely significantly hamper adoption. On the bright side, there are many ways that decentralized exchanges and educators can help reduce the risks of these kinds of attacks. Simple MEV protections and education about slippage tolerance could essentially eliminate this problem. Until these protections are more widespread, it’s essential to take all of the necessary steps to protect your investments.

FAQs

Julia Sakovich

Senior Editor, 1256 posts

See All Articles

I’m a content writer and editor with extensive experience creating high-quality content across a range of industries. Currently, I serve as the Editor-in-Chief at Coinspeaker, where I lead content strategy, oversee editorial workflows, and ensure that every piece meets the highest standards. In this role, I collaborate closely with writers, researchers, and industry experts to deliver content that not only informs and educates but also sparks meaningful discussion around innovation.

Much of my work focuses on blockchain, cryptocurrencies, artificial intelligence, and software development, where I bring together editorial expertise, subject knowledge, and leadership experience to shape meaningful conversations about technology and its real-world impact. I’m particularly passionate about exploring how emerging technologies intersect with business, society, and everyday life. Whether I’m writing about decentralized finance, AI applications, or the latest in software development, my goal is always to make complex subjects accessible, relevant, and valuable to readers.

My academic background has played an important role in shaping my approach to content. I studied Intercultural Communications, PR, and Translation at Minsk State Linguistic University, and later pursued a Master’s degree in Economics and Management at the Belarusian State Economic University. The combination of linguistic, communication, and business training has given me the ability to translate complex technical and economic concepts into clear, engaging narratives for diverse audiences.

Over the years, my articles have been featured on a variety of platforms. In addition to contributing to company blogs—primarily for software development agencies—my work has appeared in well-regarded outlets such as SwissCognitive, HackerNoon, Tech Company News, and SmallBizClub, among others.