On December 1, sandwich attacks infiltrated more than a third of BNB Smart Chain blocks, setting a record for the exploit that preyed on decentralized exchange users, data from Dune Analytics shows.
Analysis shows that 35.5% of blocks contained such attacks, affecting a trading volume of more than $1.5 billion on 43,400 trades in one day.
The spike underlines growing concerns about DEX vulnerabilities. In May, reports highlighted a single bot that siphoned $40 million from more than 100,000 victims using the same attack in just three months.
A Binance spokesperson did not immediately respond to a request for comment.
How sandwich attacks exploit the system
Sandwich attacks are a form of market manipulation in which an attacker places a victim’s transaction between two of their own.
The malicious trader places a buy order just before the victim’s trade, driving up the token price, and a sell order immediately afterwards, taking advantage of the artificially inflated price.
This process is typically automated by MEV (Maximal Extracted Value) bots, using the DEX infrastructure.
Alejandro Munoz-McDonald, smart contract engineer at crypto cybersecurity firm Immunefi, said Declutter that such attacks are a direct result of the way the DEX infrastructure works.
“When a user submits a transaction, it is placed in a public waiting area, the mempool, where a transaction resides until it is included in a block by a miner,” he said.
When a user submits a transaction, it enters the mempool, or “memory pool,” and remains there until a miner selects it for inclusion in a block.
Miners often prioritize transactions that incur higher fees, which can affect the order in which transactions are processed.
Because miners prioritize transactions that incur the highest fees, attackers can bribe them to reorder transactions so that their strategy is executed successfully.
“This essentially means that an attacker can see the intent of someone’s transaction before it is executed and influence the order,” Munoz-McDonald added.
Solutions are in sight, but education is needed
Low liquidity exacerbates the problem by making price swings easier to manipulate, said Jean Rausis, co-founder of decentralized finance platform SMARDEX.
He suggested that protocols can mitigate attacks by incentivizing users to provide more liquidity through rewards or partnerships.
“When pools are larger, the price doesn’t move as much, making attacks less attractive,” Rausis explains.
He also recommended splitting transactions across multiple pools using DEX aggregators to reduce vulnerability.
Munoz-McDonald also urged DEXs to adopt minimum expected return features, which will cause trades to fail if desired returns are not achieved, limiting the impact of sandwiching.
Users can protect themselves in the meantime by using private relayers that hide transactions until they are included in a block, or by separating block creation and validation to keep transactions private.
Another option would be separating block creation and validation, and storing transactions in private mempools, suggested Jeremiah O’Connor, chief technology officer and co-founder of crypto cybersecurity firm Trugard.
“Blockchain ecosystems must adopt common security practices […] as a standard to defend against attacks,” he said Declutter.
Edited by Sebastian Sinclair
Daily debriefing Newsletter
Start every day with today’s top news stories, plus original articles, a podcast, videos and more.