A sandwich attack is a type of MEV attack where a bot places one transaction before a user’s trade and another transaction after it to profit from the price movement caused by that trade. It is called a “sandwich” because the user’s transaction gets placed between two attacker transactions.
In DeFi, sandwich attacks usually happen on decentralized exchanges when traders swap tokens through automated market makers. A bot sees a pending swap, buys the token before the user, lets the user’s trade push the price higher and then sells after the user’s transaction is executed.
The result is simple: the user receives a worse final price while the attacker captures the difference.
What Is MEV?
MEV stands for Maximal Extractable Value. It refers to value that can be extracted by changing the order, inclusion or timing of transactions inside a block. On public blockchains, pending transactions can often be seen before they are confirmed. Bots monitor these transactions and look for profitable opportunities.
Not all MEV is harmful. Arbitrage can help align prices across markets. However, sandwich attacks are generally harmful because they use a trader’s pending swap and slippage tolerance against them.
How a Sandwich Attack Works
A sandwich attack usually happens in three steps.
First, the bot sees a pending trade in the mempool. It checks the trade size, token pair, liquidity depth and slippage setting. Large trades in low-liquidity pools are more attractive because they can move the market price.
Second, the bot front-runs the user. It places a buy transaction before the user’s swap. This pushes the token price higher before the user’s transaction executes.
Third, the user’s trade goes through at a worse price. Because the bot already moved the price, the user receives fewer tokens than expected.
Finally, the bot back-runs the trade. It sells the token after the user’s swap pushes the price even higher. The bot profits from the difference between its buy and sell price.
Simple Sandwich Attack Example
Imagine a trader wants to swap 100 ETH for Token A. A bot sees the pending transaction and buys Token A first. This pushes the price up before the user’s trade is confirmed. The user’s swap then executes at the higher price. The user still receives Token A, but receives fewer tokens than expected. After that, the bot sells Token A back into the pool at the higher price.
The bot makes a profit. The user pays for that profit through worse execution.
Why Sandwich Attacks Happen
Sandwich attacks happen because DeFi transactions are transparent and automated market maker prices move based on pool balances. When a large swap enters a pool, it changes the ratio between the two assets. Bots can predict this price movement and place trades around it.
Sandwich attacks are more likely when:
- The trade size is large
- Pool liquidity is low
- The token is volatile
- Slippage tolerance is high
- Price impact is significant
- The transaction is visible before confirmation
Sandwich Attack vs Arbitrage vs Liquidation MEV
| Concept | Meaning | User impact |
|---|---|---|
| Sandwich attack | A bot places one trade before and one trade after a user’s trade | Usually gives the user worse swap output |
| Arbitrage | A trader profits from price differences across markets | Can help align market prices |
| Liquidation MEV | A bot captures liquidation opportunities | Usually affects lending markets |
Why Slippage Matters
Slippage is the difference between the expected trade price and the final execution price. When users set slippage tolerance, they define how much price movement they are willing to accept before the transaction fails. For example, a 1% slippage setting means the trade can still execute if the final output is up to 1% worse than expected.
High slippage can make a trade more vulnerable because it gives bots more room to move the price against the user. However, slippage that is too low can cause failed transactions during volatile market conditions. The goal is to use realistic slippage based on liquidity, volatility and trade size.
Who Is Most at Risk?
Not every swap has the same sandwich attack risk. Small trades in deep liquidity pools are usually less attractive to bots. Large trades in thin liquidity pools are more exposed because they create bigger price movements.
Higher-risk trades often involve:
- Meme coins
- New tokens
- Low-liquidity pairs
- Volatile assets
- Large swap sizes
- Fragmented liquidity
- High price impact
How to Reduce Sandwich Attack Risk on KyberSwap
Users cannot remove all onchain execution risk, but they can reduce exposure.
- Use realistic slippage settings. Avoid setting slippage much higher than needed.
- Check price impact before confirming a swap. High price impact may signal higher risk.
- Avoid oversized trades in low-liquidity pools. Splitting trades or using better routing can help reduce price movement.
- Trade through deeper liquidity. More liquidity usually means less price impact for the same trade size.
- Use tools with MEV-aware execution features. Better routing and execution design can help reduce avoidable value leakage.
Protect your swap trades (taker protection)
KyberSwap helps reduce front-running impact by letting you set Max Slippage for each swap. This makes your trade only execute if the final price stays within your slippage interval—limiting losses from price movement caused by MEV strategies. See Max slippage here: Instantly Swap At The Best Rate and the MEV overview at Maximal Extractable Value (MEV).
Use MEV-protected RPCs on Ethereum (RPC protection)
On Ethereum, KyberSwap lets you choose MEV-protected RPCs (marked with a green shield icon). Transactions routed this way use a different ordering process and get protection from multiple MEV strategies. Guide: Switching Networks
Blink Protect RPC (example):
- Routes transactions to the Blink builder instead of the public mempool
- Provides front-running protection
- No failed transactions: included only if it doesn’t include reverts (with an “uncled / mempool / later included” caveat) Details: MEV protection on Ethereum
How KyberSwap Helps Improve Swap Execution
KyberSwap is a non-custodial DeFi platform for swapping, earning and trading crypto across chains. KyberSwap Aggregator connects to 420+ liquidity sources across 17 chains, helping users access competitive rates without manually checking many DEXs.
This matters because poor routing, thin liquidity and high price impact can increase the risk of bad execution.
KyberSwap helps users compare liquidity sources, find efficient routes and control swap settings such as slippage. This gives traders more control over the maximum price movement they are willing to accept.
KyberSwap Smart Settlement also adds execution-time intelligence to swaps. Instead of relying only on the best quote before submission, Smart Settlement compares available execution options at settlement and aims to improve the final swap output when the transaction executes onchain.
KyberSwap has facilitated over $150B in aggregator trading volume, showing the scale of trading activity routed through the platform.
While no DeFi product can remove every risk, better routing, deeper liquidity, realistic slippage and execution-aware tools can help traders reduce avoidable value loss.
Final Thoughts
A sandwich attack is a harmful MEV strategy where a bot places one trade before and one trade after a user’s swap.
The user’s transaction still executes, but the final output is worse because the bot moved the price first.
To reduce risk, traders should use realistic slippage, check price impact, avoid large trades in low-liquidity pools and use tools that search deeper liquidity across multiple sources.
KyberSwap helps improve swap execution through its aggregator, 420+ liquidity sources across 17 chains, customizable slippage and Smart Settlement.
FAQ
What is a sandwich attack in crypto?
A sandwich attack is an MEV attack where a bot places one transaction before and one transaction after a user’s swap to profit from the price movement caused by that swap.
Why is it called a sandwich attack?
It is called a sandwich attack because the user’s transaction is placed between two attacker transactions.
Does high slippage increase sandwich attack risk?
Yes. High slippage gives bots more room to move the price against a trade while still allowing the transaction to execute.
Can small trades be sandwiched?
Yes, but small trades are usually less attractive because the bot still needs to cover gas and execution costs.
Can a DEX aggregator prevent all sandwich attacks?
No. A DEX aggregator cannot remove all execution risk, but it can help improve routing, access deeper liquidity and reduce avoidable value leakage.
How does KyberSwap help traders?
KyberSwap Aggregator scans 420+ liquidity sources across 17 chains to find efficient swap routes. Smart Settlement adds execution-time intelligence to help improve final swap output when the transaction settles onchain.
