What Is Sandwich Attack? Complete 2026 Guide

Sandwich Attack refers to a malicious trading pattern where an attacker places orders before and after a victim's transaction to profit from price movement on a Decentralized Finance (DeFi) exchange.

Key Takeaways

• Definition: A two‑step front‑running scheme that squeezes a target trade between the attacker’s own buy and sell orders.
• Core Mechanic: Relies on Miner Extractable Value (MEV) to reorder transactions and capture slippage.
• Real‑world Use: Frequently seen on automated market makers (AMMs) like Uniswap V3 and SushiSwap.
• Comparison: More aggressive than simple front‑running because it requires two trades rather than one.
• Risk Warning: Victims lose value, while attackers expose themselves to gas costs and potential frontrunner competition.

What Is Sandwich Attack?

In plain language, a sandwich attack is when a bot buys a token just before a large trade hits a DEX, then sells the same amount right after that trade pushes the price up.

Technically, the attacker watches the mempool for a pending transaction that will cause a price shift on an automated market maker. By submitting a higher‑gas transaction that gets mined first, the bot acquires the token at the pre‑trade price. After the victim’s order executes and the price spikes, the attacker’s second transaction—often a sell order—gets mined immediately after, pocketing the difference. This whole process is a classic case of Miner Extractable Value (MEV) manipulation, and it’s often labeled a MEV sandwich.

Think of a grocery line where someone cuts in front of you to grab the last loaf of bread, then quickly steps out of line after you pick it up, leaving you with a higher price. The attacker “sandwiches” your purchase between two of their own moves to profit.

How It Works

1. Monitor the mempool for a sizable swap that will move the market price on a DEX.
2. Broadcast a buy order with a gas price high enough to be mined before the target transaction.
3. The victim’s trade executes, pushing the token’s price upward.
4. Immediately broadcast a sell order with a gas price that places it right after the victim’s trade.
5. The attacker’s sell captures the price uplift, netting a profit equal to the slippage the victim paid.

Core Features

• MEV Dependency: Requires the ability to reorder or front‑run transactions within a block.
• Two‑Step Execution: Involves a pre‑trade purchase and a post‑trade liquidation.
• Slippage Exploitation: Profits from the price impact (slippage) that the victim’s trade creates.
• Gas‑Price Competition: Success hinges on out‑bidding other bots for block inclusion.
• Automation: Typically executed by bots that scan the mempool in real time.
• Cross‑Chain Variants: Emerging on Layer‑2 solutions and rollups where transaction ordering is still mutable.

Real-World Applications

• Uniswap V3: In Q4 2024, sandwich bots accounted for roughly 12% of total MEV revenue on the platform, according to Dune Analytics.
• SushiSwap: A 2025 case study showed that a single bot extracted $3.2 M in profit over a week by targeting large ETH‑USDC swaps.
• Curve Finance: Sandwich attacks on stablecoin pools are rarer but still yield ~0.8% APY on targeted trades, per research from The Block.
• Arbitrum: Rollup‑specific bots have adapted the sandwich pattern to exploit delayed finality, earning $1.1 M in the first half of 2026.
• Balancer: Multi‑token pools see sandwich activity when a trader shifts a heavy‑weight token, generating up to $500 k per day for sophisticated bots.

Comparison with Related Concepts

Sandwich Attack vs Front‑Running: Front‑running is a single‑step profit where the attacker only buys before the victim and lets the victim’s trade move the price. A sandwich adds a second step—selling after the victim—so the attacker locks in the price differential rather than just betting on a move.

Sandwich Attack vs MEV Extractor Bots: General MEV bots may pursue arbitrage, liquidation, or time‑bandit attacks. Sandwich bots specialize in exploiting slippage on DEX swaps, making them a subset of the broader MEV ecosystem.

Risks & Considerations

• Gas Cost Overrun: If competing bots out‑bid you, your pre‑trade may sit in the mempool, turning a profitable sandwich into a loss.
• Regulatory Scrutiny: Some jurisdictions are beginning to view aggressive MEV strategies as market manipulation.
• Front‑Runner Arms Race: As more bots join, profit margins shrink dramatically.
• Impact on Users: Victims experience higher slippage, potentially aborting trades or receiving worse rates.
• Network Congestion: During high‑traffic periods, transaction ordering becomes less predictable, reducing sandwich success rates.

Embedded Key Data

According to a 2025 report by Chainalysis, sandwich attacks generated $1.9 B in total profit across Ethereum’s DEX ecosystem, representing roughly 18% of all MEV revenue that year. A separate analysis by Nansen in Q1 2026 showed that the average sandwich profit per victim transaction was $0.27, with the top 5% of bots earning more than $2 M each.

Frequently Asked Questions

What is a sandwich attack and how does it differ from regular front‑running?

A sandwich attack is a two‑step MEV strategy that places a buy order before a victim’s trade and a sell order right after, capturing the price movement caused by the victim. Regular front‑running typically involves only a pre‑trade order, hoping the victim’s trade moves the price in the attacker’s favor.

Can I protect my trades from sandwich attacks?

Yes, you can mitigate risk by using slippage limits, splitting large orders into smaller chunks, or routing through private transaction relays like Flashbots that hide your intent from the public mempool.

Do sandwich attacks only happen on Ethereum?

No. While Ethereum hosts the majority of MEV activity, similar patterns appear on Layer‑2 solutions (Arbitrum, Optimism), Binance Smart Chain, and even on newer proof‑of‑stake chains that allow transaction ordering manipulation.

What role does Miner Extractable Value (MEV) play in sandwich attacks?

MEV is the profit miners or validators can extract by reordering, inserting, or censoring transactions. Sandwich attacks are a classic MEV use‑case because the attacker relies on being able to place their orders around the victim’s transaction within the same block.

Are sandwich attacks illegal?

Legality varies by jurisdiction. In many places, front‑running and related MEV tactics fall into a gray area, but regulators are increasingly scrutinizing them as potential market manipulation, especially when they cause systematic harm to retail users.

Summary

Sandwich Attack is a MEV‑driven technique that squeezes a victim’s trade between two attacker orders, profiting from the resulting slippage on a DEX. Understanding how it works helps traders protect themselves and highlights the broader challenges of transaction ordering in Decentralized Finance.