
Solana sandwich attacks make a comeback: priority fees turn into "protection money," on-chain "dark cycle" escalates once again
TechFlow Selected TechFlow Selected

Solana sandwich attacks make a comeback: priority fees turn into "protection money," on-chain "dark cycle" escalates once again
While Solana's ecosystem faces declining transaction volumes amid the MEME token downturn, a more subtle crisis is spreading. Recently, numerous community users have complained that even when paying priority fees (Tips), they frequently suffer sandwich attacks on-chain.
Author: Frank, PANews
While the Solana ecosystem struggles with declining transaction volumes amid the MEME market cooldown, a more insidious crisis is spreading. Recently, many users in the community have complained that even when paying priority fees (tips), they frequently suffer sandwich attacks—with some validators allegedly involved. This phenomenon reveals a deep-rooted conflict within Solana's ecosystem: MEV (Maximal Extractable Value) has evolved from a technical vulnerability into a systemic tool for extraction.
Data shows that one sandwich attacker’s earnings have surged from $30 million over two months to $287 million over six months, leaving users trapped between being front-run and paying higher “protection fees.” Behind this crisis lies a triple squeeze—validator利益 entanglement, distorted priority fee mechanisms, and collapsing user trust.
Industrialized Sandwich Attacks—From Guerrilla Tactics to Assembly-Line Harvesting
Previously, PANews conducted an in-depth investigation into MEV on Solana and exposed the notorious sandwich bot starting with arsc, which had earned over $30 million in just two months (see: "Extracting" $30M in 2 Months, Solana's Largest Sandwich Attacker Earns $570K Daily and Sparks Outrage).
Months later, what is the current state of sandwich attacks on Solana?
Regrettably, sandwich attacks on Solana have not diminished due to public criticism or media exposure. Instead, attackers have changed tactics and expanded into larger-scale attack matrices.
Take the previously investigated address Ai4zqY7gjyAPhtUsGnCfabM5oHcZLt3htjpSoUKvxkkt as an example. Active until November 15, 2024, according to PANews data, this address generated approximately $287 million in profits from May to November—a span of six months.

Attack methods have also evolved. To avoid tracking, sandwich bots on Solana now use batches of new addresses and deploy programs to execute attacks at scale.
For instance, one such program operates across 77 addresses. As of March 12, it executed 429,000 transactions (since these are exclusively used for sandwich attacks, all can be considered attack attempts). Given each sandwich attack requires two transactions, this program carried out about 215,000 attacks.
Another address, 4vJfp62jEzcYFnQ11oBJDgj6ZFrdEwcBBpoadNTpEWys, conducted around 210,000 attacks in the past month alone, transferring roughly $1.6 million to exchanges—an average profit of $7.6 per transaction.
In fact, there are far more of these high-volume daily sandwich attack programs than existed six months ago. However, due to lack of comprehensive data tracking, exact figures remain unavailable.

The Dilemma of Priority Fees: From 'Accelerator' to 'Protection Fee'
Faced with increasingly frequent attacks, users attempt to avoid risks by using trading bots or increasing priority fees. However, the priority fee mechanism has become completely distorted—it has shifted from a tool to improve transaction efficiency into a de facto "on-chain tax," further burdening users.
Those benefiting most are validator nodes profiting from MEV revenue.
The recently discussed SIMD-0228 proposal aims to reduce staking rewards for nodes, based on the assumption that current MEV income is already sufficient to sustain node operations.
Returning to the topic of MEV, one observes a strange Möbius loop: sandwich attacks drive users to pay higher priority fees; higher fees increase validator income; some validators participate in sandwich attacks. When these elements connect, the sandwich attacker’s dual extraction strategy becomes the most lucrative business model on Solana.
Users are left with only two choices: lose principal to sandwich attacks or pay even higher priority fees.
Of course, during bull markets, few care—users focus instead on wealth effects and major hacks. For sandwich attacks or small rug pulls, victims usually accept their losses silently while attackers collect profits effortlessly.
Transaction Volume Collapse Shifts Sandwich Strategies: From 'Bundling' to 'Jumping the Queue'
However, this dynamic shifts during market downturns. According to social media discussions and PANews investigations, running an efficient sandwich attack is not cheap.
The biggest cost involves deploying multiple validator nodes globally to insert transactions instantly. Importantly, attackers don’t need to lead block production—the key is having nodes physically closest to the leader node so they can submit transactions first upon detecting vulnerable trades. Typically, setting up a full cluster of attack nodes costs millions of dollars.
Such high costs create financial pressure for sandwich attackers, especially as on-chain transaction volume declines and attack revenues drop accordingly. Competition among attackers intensifies—those offering higher priority fees gain larger shares of available opportunities.
Under this competitive pressure, transactions without priority fees no longer meet attackers’ targets. Hence, we now see cases like those mentioned earlier—multiple transactions with paid priority fees still get attacked.
For example, a victim paid a priority fee of 0.000075 SOL, which historically might have avoided attack. But now, sandwich attackers paid significantly more—up to 0.0044 SOL—to outbid them. In this case, the user attempted a ~5 SOL trade but lost 0.08 SOL to the attacker.

Based on analysis of multiple attacked transactions, we found that most victims used priority fees below 0.001 SOL, making them vulnerable.
Additionally, attackers’ techniques have evolved. Historically, sandwich bots relied heavily on transaction bundling—packing non-priority-fee transactions into bundles where attackers could freely reorder them. But today, since most users pay some priority fee, their transactions are less likely to be bundled. Observations show that current sandwich attacks mostly occur via independent front- and back-running transactions placed before and after the target trade. Thus, the amount of priority fee paid has become a critical factor.
In summary, avoiding sandwich attacks on Solana is no longer simply a matter of whether you pay a priority fee—but whether the amount you pay is sufficient. If not, attackers can still insert transactions before and after yours. Users now face the same vicious cycle described earlier.
To maintain revenue amid shrinking transaction volume, validators must push users toward ever-higher priority fees. On the flip side, if users refuse to comply, they risk greater capital loss from being sandwiched.
Validator Data Leaks Worsen Ecosystem Crisis
However, one crucial prerequisite enables these attacks: the leader node must leak transaction data so attackers can learn about pending priority-fee-paying transactions in advance. Starting February 27, Pepe Boost’s founder called on Solana’s official team via X (formerly Twitter) to address this issue. Additionally, GMGN co-founder and PinkPunkBot have publicly raised similar concerns on social media. Yet, as of March 13, Solana has not responded.
As of March 10, daily priority fees on Solana had dropped to around 14,000 SOL, down over 92% from the January peak of 183,000 SOL.

Active addresses on Solana have also fallen to 2.14 million, down 75% from the high of 8.78 million. In an already severely contracted market environment, continuing to tolerate sandwich attacks amounts to draining the pond to catch fish—driving users away from the Solana ecosystem.
Public blockchain competition extends beyond TPS benchmarks—it hinges on whether participants can build sustainable value consensus. With plummeting transaction volumes and shrinking priority fee income, Solana now faces a difficult reality: if it allows MEV interest groups to keep extracting user value unchecked, the network activity fueled by MEMEs over the past year may never return. Drain the pond, and eventually, there will be no fish left.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














