In summary
- On December 1, more than 35% of the blocks on the BNB Smart Chain were infiltrated by sandwich attacks, affecting $1.5 billion in transactions.
- These attacks manipulate prices on DEXs by placing strategic orders before and after victims’ transactions, using MEV bots.
- Experts suggest increasing liquidity, using private relays, and adopting standard security measures to mitigate these attacks.
On December 1, “sandwich attacks” infiltrated more than a third of BNB Smart Chain blocks, setting a record for this type of exploit that preys on users of decentralized exchanges, data from Dune Analytics.
The analysis shows that 35.5% of blocks contained such attacks, with more than $1.5 billion in trading volume affected across 43,400 transactions in a single day.
The rise highlights growing concerns about DEX vulnerabilities. In May, reports highlighted that a single bot siphoned $40 million from more than 100,000 victims using the same attack in just three months.
A BNB Chain spokesperson has not yet responded to a request for comment.
How sandwich attacks exploit the system
Sandwich attacks are a type of market manipulation where an attacker places a victim’s transaction between two of their own.
The malicious trader places a buy order just before the victim’s transaction, raising the price of the token, and a sell order immediately after, profiting from the artificially inflated price.
This process is typically automated by Maximal Extractable Value (MEV) bots, leveraging the DEX infrastructure.
Alejandro Munoz-McDonald, smart contracts engineer at crypto cybersecurity firm Immunefi, told Decrypt that such attacks are a direct consequence of how DEX infrastructure works.
“When a user submits a transaction, it is placed in a public waiting area, the mempool, where a transaction remains until it is included in a block by a miner,” he said.
When a user submits a transaction, it enters the mempool, or “memory pool,” and remains there until a miner selects it for inclusion in a block.
Miners often prioritize transactions that offer higher fees, which can influence the order in which transactions are processed.
Since miners prioritize transactions that offer the highest fees, attackers can bribe them to reorder transactions, ensuring their strategy is executed successfully.
“This essentially means that an attacker can see what the intent of anyone’s transaction is before it is executed and can influence the order,” Munoz-McDonald added.
Solutions are in sight, but education is needed
Low liquidity exacerbates the problem by making price swings easier to manipulate, said Jean Rausis, co-founder of decentralized finance platform SMARDEX.
He suggested that protocols can mitigate attacks by incentivizing users to provide more liquidity through rewards or partnerships.
“When pools are larger, the price doesn’t move as much, making attacks less attractive,” Rausis explained.
He also recommended splitting trades across multiple pools using DEX aggregators to reduce vulnerability.
Munoz-McDonald also urged DEXs to adopt minimum expected return features, which fail transactions if the desired return is not met, limiting the impact of sandwich attacks.
Users, meanwhile, can protect themselves by using private relays that hide operations until they are included in a block or by separating block creation and validation to keep transactions private.
Another option would be to separate block creation and validation, keeping transactions in private mempools, according to Jeremiah O’Connor, chief technology officer and co-founder of crypto cybersecurity firm Trugard.
“Blockchain ecosystems should adopt common security practices (…) as a standard to defend against attacks,” he told Decrypt.
Edited by Sebastian Sinclair
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
For the Latest Crypto News, Follow ©KeynoteUSA on Twitter Or Google News.
Disclaimer: Please note that the information provided on this page is for News purposes only and should not be considered investment or trading advice. ©Crypto.keynoteusa.com strongly recommends that you conduct independent research and/or consult with a qualified professional before making any investment decisions.
