What Is a Sandwich Attack in Crypto and How Does It Work?

Key Takeaways

• A sandwich attack is a front-running strategy where an attacker manipulates a token’s price by placing two trades around a victim’s transaction.
• This exploit raises costs for regular traders and is commonly executed by bots on AMM-based DEXs.
• Slippage tolerance, private transactions, and splitting large trades can help traders reduce the risk of being targeted.
• Sandwich attacks are part of a broader category of MEV (Maximal Extractable Value) exploits, which remain a challenge in DeFi trading.

In decentralized finance (DeFi), various types of attacks can exploit vulnerabilities in the system, one of the most notorious being sandwich attacks. These attacks occur when malicious bots manipulate the price of a token during a user’s transaction by executing trades before and after the user’s order, effectively profiting from the price shift caused by the transaction. 

This type of exploit is particularly prevalent on decentralized exchanges (DEXs) that use automated market makers (AMMs), where transaction timing and liquidity dynamics are crucial.

A recent example of such an attack made headlines when a crypto trader suffered a significant loss. On March 12, 2025, the trader was targeted while making a stablecoin swap worth $220,764. In just eight seconds, the MEV (Maximum Extractable Value) bot managed to front-run the transaction, leaving the trader with just $5,271, a loss of almost 98%. 

The bot extracted over $215,500 in profits by manipulating the liquidity of the USDC-USDT pool on Uniswap v3. The attack not only affected this particular transaction but also targeted similar swaps within minutes, raising questions about the extent of such attacks and their implications for DeFi security.

This article explains what sandwich attacks are, how they are executed, key risks involved and how to protect yourself.

Sandwich Attack in Crypto, Explained

A sandwich attack is a type of front-running exploit in DeFi where attackers manipulate token prices by strategically placing trades around a victim’s transaction. 

This form of market manipulation takes advantage of AMMs on DEXs like Uniswap, PancakeSwap, and SushiSwap, leading to increased costs for unsuspecting traders.

If you’ve ever placed a trade on a DEX and noticed that your execution price was worse than expected, you may have fallen victim to a sandwich attack.

How Does a Sandwich Attack Work on DEXs?

Sandwich attacks are common on AMM DEXs because these platforms determine token prices based on supply and demand within liquidity pools, rather than through an order book like centralized exchanges.

The attack typically follows these steps:

1. Mempool scanning: The attacker uses a bot to monitor the blockchain mempool for pending transactions involving large trades.
2. Front-running (buy order): The attacker places a transaction with a higher gas fee so that it gets processed before the victim’s trade. This pushes the token price up.
3. Victim’s trade execution: The victim’s trade executes at a higher price than expected, increasing slippage and giving the attacker an opportunity to profit.
4. Back-running (sell order): Immediately after the victim’s trade, the attacker sells their tokens at the inflated price, making a profit while pushing the price back down.

As a result, the victim pays more for their tokens while the attacker walks away with a risk-free gain.

Real-World Examples of a Sandwich Attack

Here are some notable instances of a sandwich attack:

• Uniswap v3 stablecoin swap attack (March 2025): A crypto trader attempted to swap $220,764 worth of USD Coin (USDC) for Tether (USDT) on Uniswap v3. Attackers identified the pending transaction and executed a sandwich attack, manipulating the price by placing orders before and after the trader’s transaction. This resulted in the trader receiving only $5,271, incurring a loss of approximately 98%.

• PEPE token exploitation (2023): The PEPE token, initially low in liquidity, gained sudden attention when a tweet claimed a $250 investment had surged to $1.5 million. Attackers utilized sandwich bots to front-run buy transactions, artificially inflating the token’s price. This manipulation led to significant losses for investors who purchased at the inflated prices.
• Ethereum validator MEV exploit (2020): An Ethereum validator exploited the network’s transaction mechanics by performing sandwich attacks. By front-running and back-running transactions, the validator extracted over $25 million in profits, highlighting vulnerabilities in Ethereum’s transaction processing system.

Risks of Sandwich Attacks

Sandwich attacks are harmful because they introduce:

• Higher trading costs: Victims pay more for tokens due to price manipulation.
• Slippage exploitation: Attackers take advantage of large price swings.
• Unfair market manipulation: Regular traders unknowingly suffer losses while attackers profit.
• Erosion of trust in DeFi: Users may become wary of using AMM-based DEXs, leading to lower adoption.

How to Prevent Sandwich Attacks

• Set a low slippage tolerance: This limits the price movement attackers can exploit.
• Use private transactions: Flashbots or wallets like MetaMask offer stealth transactions that hide trades from the mempool.
• Break large trades into smaller ones – This reduces visibility to attackers scanning for big transactions.
• Use MEV-resistant DEXs – Some platforms like CoW Swap and Balancer integrate protections against MEV attacks.

By adopting these strategies, you can significantly reduce the risk of falling victim to sandwich attacks and better protect your DeFi transactions from exploitation.

What to Do If You’re Sandwich Attacked

If you find yourself the victim of a sandwich attack, here are the steps you should take:

• Document the attack: Take screenshots of the transaction and gather relevant data, such as transaction hashes, wallet addresses, and timestamps. This will help if you need to report the incident to platform administrators or investigators.
• Report to the platform: Contact the DEX or platform where the attack occurred. Some platforms may have processes in place to investigate MEV-related issues, even if they cannot reverse the transactions. Reporting the attack may help them improve their systems or introduce additional protective measures.
• Check for possible exploitation: Review your wallets and transaction history for any suspicious activity. Attackers may target your funds using multiple tactics, so it’s essential to monitor all your assets after an attack.
• Increase security measures: Consider implementing stronger security practices, such as using hardware wallets, private transaction features, and DeFi platforms that offer MEV protections. This will better safeguard you from future attacks.
• Seek legal advice: In extreme cases where significant financial losses are incurred, it may be beneficial to seek legal counsel. While it can be difficult to recover funds from sandwich attacks, legal professionals specializing in cryptocurrency fraud or DeFi-related crimes may offer guidance on possible courses of action.

Conclusion

Sandwich attacks are a significant concern in the DeFi space, as they exploit vulnerabilities in transaction timing and liquidity pools. 

While these attacks can result in considerable financial losses, there are proactive steps that users can take to minimize their risk, including setting a low slippage tolerance, using private transactions, breaking large trades into smaller ones, and opting for MEV-resistant platforms. 

By understanding how sandwich attacks work and implementing these protective measures, traders can protect themselves from these costly exploits and contribute to a more secure DeFi ecosystem.

FAQs