Solana’s Sandwich Attack Issues

Solana (SOL) has one of the most expensive networks to maintain, prompting validators to seek subsidies or use Maximum Extractable Value (MEV) techniques. A report indicates that DeezNode, a Solana validator and RPC cluster provider, made over $13 million in just one month from sandwich attacks on SOL users.

According to a post by vitorpy, the founder of DarkLake, DeezNode’s sandwich bot executed 1.55 million transactions in December 2024. This exploitation earned the attacker 65,800 SOL, valued at over $13 million at the time of the post.

Annualized, this amounts to about 801,540 SOL stolen from users, totaling around $163.4 million.

This phenomenon is a result of promoting the closure of Jito’s public mempool as a solution for MEV abuse. Reports indicate that this approach merely shifted extraction to private networks like those run by DeezNode, increasing the exploitation speed.

> “After analyzing transaction flows across validators, one thing is clear – Jito’s public mempool shutdown didn’t eliminate MEV, it pushed extraction into private networks.”
>
> — vitorpy
>
>
> Fun fact: DeezNode’s sandwich bot executed 1.55M transactions in December
> Profit: 65,880 SOL ($13.43M)
> Annualized: 801,540 SOL potential
>
> This is a fundamental design failure allowing daylight robbery.
>
> — vitorpy (@pyvitor) March 18, 2025

Notably, Solana has faced similar issues before. Previous reports indicated higher exploits, such as one from Arsc, which resulted in over $60 million from MEV sandwich attacks.

What are Sandwich Attacks on Solana?

Sandwich attacks are harmful exploits in decentralized exchanges (DEXes) where an attacker front runs users’ transactions for profit.

In Solana, an MEV sandwich attack involves malicious actors exploiting transaction ordering to profit at the expense of standard users. This manipulation ensures users receive the worst prices while attackers benefit.

Typically, these actors, who are often validators or have access to private mempools, place two transactions surrounding a target user’s transaction: one to buy the asset at a low price and another to sell at a higher price, effectively “sandwiching” the user’s trade.

Such practices increase transaction costs and reduce fairness in the trading environment, benefiting only a handful of validators who control transaction order in Solana’s leader-based production system.

The architecture of Solana is particularly conducive to these attacks due to its fast transaction processing and lack of an in-protocol mempool. Some validators and RPC providers utilize private mempools, allowing them to view and manipulate transactions before finalization. Consequently, significant MEV revenue is generated for these validators, often at the expense of user experience and network integrity.

Furthermore, Solana’s setup makes it challenging for external observers to detect MEV tactics like sandwich attacks, raising concerns about data transparency and questioning how much of Solana’s Real Economic Value (REV) stems from predatory practices.

This issue is pertinent as SOL advocates often tout REV as a significant metric that places Solana ahead of competitors like Ethereum (ETH). However, Mert—CEO of Helius Labs, Solana’s largest RPC provider—stated that sandwich attacks only represent a small fraction of the chain’s REV.

> “The last piece of data on this [sandwich attacks] is that it’s a single digit of total rev. The vast majority of revenue comes from prioritizing [transactions] to land faster.”
>
> — Mert

As the situation continues to evolve, traders, investors, and enthusiasts engage in discussions regarding MEV sandwiching attacks and potential solutions. Other blockchains, such as MultiversX (EGLD), BNB Chain (BNB), Algorand (ALGO), and Cardano (ADA) are actively exploring ways to mitigate these exploits.

Featured image from Shutterstock