1. Home
  2. Sandwich Attack

Sandwich Attack

Subway-themed trading bot makes millions using ‘sandwich’ attacks

The anonymous MEV bot operator’s best day was April 18, where he profited about $950,000.

An anonymous Maximal Extractable Value (MEV) bot operator has cashed in well over $1 million this week by executing “sandwich attacks” against buyers and sellers of two new meme coins.

The wallet address, linked to the Ethereum Name Service (ENS) domain “jaredfromsubway.eth,” made $950,000 from the sandwich attacks on April 18 and profited about $300,000 and $400,000 on April 17 and 19, respectively, according to an April 19 tweet from nonfungible token data platform Sealaunch.

The bot’s ENS domain is a likely tongue-in-cheek nod to the popular sandwich chain and its disgraced former spokesperson Jared Fogle.

Over a 24-hour period between April 18 to 19, 7% of all Ethereum gas fees were spent by the MEV bot, Sealaunch explained in a separate post.

A large proportion of the profits came from attacks on trading activity relating to two new meme coins, Pepe (PEPE) and Wojak (WOJAK), which has helped propel jaredfromsubway.eth to the become the largest gas guzzler over the last day and week, crypto researcher Matt Willemsen explained:

A sandwich attack occurs when an attacker “sandwiches” a victim’s transaction between their own two transactions in order to manipulate the price and profit from the user.

This is possible because the victim’s transaction is first sent to the mempool where it waits to be added to the next block. In the meantime, the attacker sets one transaction with a high gas fee — to ensure it is accepted first — and another transaction with a lower gas fee to ensure it is accepted after the victim's transaction.

The attacker profits by buying the victim’s token at a price cheaper than market value, then sells it within the same block — taking in the difference between the revenue from the transaction minus the gas fees.

The large profits pocketed by jaredfromsubway.eth came from nearly $1.2 million being spent on gas fees between April 18 and 19, according to data shared by Thomas Mattimore, head of platform at the Reserve Protocol.

The MEV bot operator has spent over $7 million in gas fees across 180,000 transactions, according to Sealaunch.

While some are finding the humor in the MEV bot’s domain name and actions, not all are happy.

Related: Tether blacklists validator address that drained MEV bots for $25M

One analyst for on-chain analytics firm Glassnode questioned the “value” of the work jaredfromsubway.eth is providing to the world.

Other Twitter users went one step further, expressing their hatred and frustration toward the MEV bot operator.

According to MEV Blocker, MEV bots have extracted more than $1.38 billion from Ethereum users attempting to trade, provide liquidity and mint NFTs.

Several MEV Block projects have been launched in recent months to help protect Ethereum users from sandwich attacks.

Magazine: Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide

Crypto drainers are retiring as investigators start to close in

Ethereum validator cashes in 689 ETH from MEV-Boost relay

The 689 Ether, worth nearly $1.3 million, is the largest reward received since the 691 Ether reward on March 20 paid to Lido.

A 689 Ether (ETH) reward worth $1.28 million has been paid from a single Miner Extractable Value (MEV)-boost relay block on the Ethereum Beacon Chain in one of the largest rewards in recent months.

Ethereum liquid staking solution Lido was paid the reward from block number 17007842 on the Beacon Chain — which was finalized on April 9, contained 47 transactions and was built by beaverbuild.org, according to transaction data.

The reward almost matched Lido’s most recent high of 691 Ether on March 20.

The figure raised the eyebrows of Martin Köppelmann, the co-founder and CEO of Ethereum-based infrastructure platform Gnosis, who suggested Ethereum users should use a service like MEVBlocker to prevent their transactions from being exploited.

According to MEVBlocker, MEV bots have extracted more than $1.38 billion from Ethereum users attempting to trade, provide liquidity and mint nonfungible tokens (NFTs).

These centralized MEV-boost relays are able to extract value by aggregating blocks from multiple builders in order to select the one with the highest fees.

One of the most common types of MEV exploits is the “sandwich” attack, which occurs when an attacker places a large trade on either side of a target's transaction, manipulating the price and profiting from the price change.

Related: ETH staking on top exchanges contributes to Ethereum censorship: Data

MEV-boost relays stem from the concept of Proposer-Builder Separation (PBS), which was introduced by the Ethereum research organization Flashbots in 2021 in the lead-up to Ethereum’s transition to proof-of-stake in September.

Separating the role of proposers from block builders is intended to promote more competition at the consensus level, further decentralize the Ethereum network and strengthen censorship resistance.

However, Ethereum has encountered several censorship issues since The Merge took place, namely compliance with standards laid down by the Office of Foreign Assets Control (OFAC), although the number of compliant blocks has since fallen.

There are currently 10 active relays, with Flashbots responsible for relaying more than 50% of the MEV-boost blocks since MEV was introduced in 2021, according to MEVBoost.org.

Magazine: Unstablecoins: Depegging, bank runs and other risks loom

Crypto drainers are retiring as investigators start to close in

Hackless Offers Sandwich Attack Protection for BSC and Ethereum Networks

Hackless Offers Sandwich Attack Protection for BSC and Ethereum NetworksAs winners of the ETH hackathon in 2021, the Hackless team is now releasing the beta version of Anti-Sandwich – a gateway to safe and efficient swapping of crypto assets, avoiding public mempools and consequently, getting ‘sandwiched’. The solution has already proved effective for a play-to-earn platform and is now open to a wider audience. […]

Crypto drainers are retiring as investigators start to close in