Sandwich attacks are becoming quite common types of cyber manipulation faced in the decentralized finance (DeFi) space. Therefore, it is crucial to familiarize oneself with its basics. Let us explore everything there is to learn about sandwich attacks in this extensive review.
One of the notable setbacks that come with popularity is exposure to the risk of attracting the interest of manipulators looking for personal gains. In the same case, the evolving DeFi space has become vulnerable to different attacks since it keeps growing and gaining mass adoption.
Among the usual attacks encountered by the sector are sandwich attacks. The attacks pose great risks to crypto traders and investors, together with their assets. Let’s learn the basics, how it works, and how to protect yourself against it.
The Sandwich Attack Concept
The sandwich attack is a type of digital exploitation that features manipulating the price of a specific and targeted asset. While decentralized protocols and services are the main targets of sandwich attacks, they are just malicious activities where the exploiter places two transactions before and after the transaction of the victim.
For instance, when someone attempts to trade one kind of crypto (let’s call it A) for another (B) to make a large purchase, a trader with a greedy goal utilizes a sneaky bot to spot the trade and purchases the B crypto before the large trade is confirmed.
That activity causes the price of B to rise for the original trader, which results in higher costs. The bot then profits by selling the Y crypto at a higher price. Interestingly, these attacks are common since blockchains are public, meaning they let anybody see transactions in the pool unless they have a direct link to a mining pool.
Furthermore, smart contracts might have unrestricted functions that execute trades, such as claiming LP reward tokens and quickly swapping them for another token by using a decentralized exchange (DEX).
Sandwich Attacks: Scenarios
So far, it has been seen that the exploiters who adopt sandwich attacks for their malicious schemes do that through certain strategic ways. Therefore, let us explore the scenarios where sandwich attacks can take place.
The Case Of A Liquidity Taker Vs. Taker
In this case, different liquidity takers might target one another. Imagine a regular market taker with a pending transaction on the blockchain. The attacker seizes the opportunity by sending extra transactions – back-running and front-running – to make a profit.
Later, the miners decide which transaction to approve first. In case the attacker pays a higher transaction cost, their malicious transaction stands a greater chance of being prioritized. While success is not guaranteed, it shows how a sandwich attack can be attempted quite readily.
The Case Of Liquidity Provider Vs. Taker
In this scenario, a liquidity provider can target a liquidity taker using a similar strategy. The first steps are the same, but the malicious actor has to execute three actions:
- They get rid of liquidity to increase the victim’s slippage.
- They re-add liquidity to ensure the original pool balance is restored.
- They swap asset B for A to reset the asset balance to its original pre-attack state.
Withdrawing liquidity before the victim’s transaction prevents the commission fee for that transaction. Although it harms the take financially, since liquidity providers normally earn a small fee for pool activities, the attacker sacrifices their commission in the process.
Examples Of Sandwich Attacks
Previously, the sector recorded a sneaky Ethereum (ETH) validator making off with over $25 million in crypto by swindling an Ethereum MEV bot engaged in sandwich trades. The stolen funds were dispersed among three addresses:
- A large share of over $20 million in 0x3c98;
- A smaller amount of about $2.3 million in 0x5b04;
- Another amount of nearly $3 million in 0x27bf.
Additionally, the PEPE token, renowned for its inception inspired by memes, serves as another illustration of sandwich attacks and front-running concerns. In its earlier stages, when the PEPE network faced low liquidity and limited recognition, it experienced a sudden surge in popularity following a tweet that indicated a PEPE bag purchased at $250 had surged to $1.5 million.
That tweet fueled lots of excitement and interest in the PEPE token, resulting in a surge in its value. Nonetheless, an address leveraged a sandwich attack bot to front-run PEPE buy transactions, raising PEPE token prices.
The attacker also manipulated CHAD token prices using bots, incurring more than $1.28 million in transaction fees within 24 hours. The attacker profited by over $1.4 million at the expense of traders who bought these tokens at inflated prices.
Identifying A Sandwich Attack
To be able to identify a sandwich attack, it is crucial to remember this:
- Always be on the lookout for abrupt changes in the price of your target asset. Sandwich attacks will cause abrupt shifts in asset prices during your trading process. In case the price of the asset you want to buy seems to change more than expected, it might be a sign of an impending attack.
- Take note of insulation slippage rates, since they can be a signal for sandwich attacks. An increase between the executed and expected prices might indicate the occurrence of a sandwich attack.
- Normally, unexplained transaction delays can also be a way to identify sandwich attacks. In case your trades encounter unexplained delays, it might be a notable sign of interference, as sandwich attacks can disrupt smooth operations and transactions.
Nevertheless, potential traders need to take note of the following to help protect themselves against sandwich attacks.
- Time your moves wisely, avoiding busy hours and extensive market swings.
- Use the tools that keep an eye out for all unexpected twists, even if your trade does not go as planned.
- Check every detail before making your move – know your rates, fees, and amounts.
- Stay safe on the crypto protocols, and do not use insecure channels or networks.
- Utilize liquidity pools that block the tricky moves that involve paying higher fees.
There is no doubt that the rising rate of sandwich attacks shows the rapid increase of security challenges in the world of decentralized finance (DeFi). That calls for the implementation of important measures to stop the spread of strategic exploitations.
While that has not yet been reviewed, DeFi users are advised to familiarize themselves with these attacks, watch keenly, and use the stated protection measures to avoid falling prey to these criminals.