On December 1, sandwich attacks infiltrated over a third of BNB Smart Chain blocks, setting a record for the exploit that preys on decentralized exchange users, data from Dune Analytics reveals.
Analysis shows that 35.5% of blocks contained such attacks, with over $1.5 billion in trading volume affected across 43,400 transactions in a single day.
The spike underscores growing concerns around DEX vulnerabilities. In May, reports highlighted a single bot siphoning $40 million from over 100,000 victims using the same attack within just three months.
A spokesperson for Binance did not immediately respond to a request for comment.
How sandwich attacks exploit the system
Sandwich attacks are a type of market manipulation where an attacker sandwiches a victim’s transaction between two of their own.
The malicious trader places a buy order just before the victim’s transaction, driving up the token price and a sell order immediately after, profiting from the artificially inflated price.
This process is typically automated by maximal extracted value (MEV) bots, taking advantage of DEX infrastructure.
Alejandro Munoz-McDonald, smart contract engineer at crypto cybersecurity firm Immunefi, told that such attacks are a direct consequence of how DEX infrastructure works.
“When a user submits a transaction, it is placed in a public waiting area, the mempool, where a transaction sits until it is included in a block by a miner,” he said.
When a user submits a transaction, it enters the mempool, or “memory pool,” and remains there until a miner selects it for inclusion in a block.
Miners often prioritize transactions offering higher fees, which can influence the order in which transactions are processed.
Since miners prioritize transactions offering the highest fees, attackers can bribe them to reorder transactions, ensuring their strategy executes successfully.
“This essentially means an attacker can view what the intention of anyone’s transaction is before it’s executed and can influence the ordering,” Munoz-McDonald added.
Solutions are in sight, but education needed
Low liquidity exacerbates the issue by making price swings easier to manipulate, noted Jean Rausis, cofounder of the decentralized finance platform SMARDEX.
He suggested that protocols can mitigate attacks by incentivizing users to provide more liquidity through rewards or partnerships.
“When pools are bigger, the price doesn’t move as much, making attacks less attractive,” Rausis explained.
He also recommended splitting trades across multiple pools using DEX aggregators to reduce vulnerability.
Munoz-McDonald also urged DEXs to adopt minimum expected return features, which fail transactions if the desired return isn’t met, limiting the impact of sandwiching.
Users, meanwhile, can protect themselves by using private relayers that conceal trades until inclusion in a block or separating block creation and validation to keep transactions private.
Another option would be separating block creation and validation, keeping transactions in private mempools, suggeted Jeremiah O’Connor, chief technology officer and co-founder at crypto cybersecurity firm Trugard.
“Blockchain ecosystems should adopt common security practices […] as a standard to defend against attacks,” he told .
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
