tl;dr

On December 1, sandwich attacks affected over a third of BNB Smart Chain blocks, impacting $1.5 billion in trading volume across 43,400 transactions. This underscores concerns about DEX vulnerabilities, with a spokesperson for BNB Chain yet to respond. Sandwich attacks involve market manipulation, w...

December 1: Sandwich attacks infiltrated over a third of BNB Smart Chain blocks, affecting $1.5 billion in trading volume and raising concerns about DEX vulnerabilities.

How Sandwich Attacks Exploit the System: Market manipulation through sandwich attacks, driven by MEV bots leveraging DEX infrastructure.

Solutions Are in Sight, but Education Needed: Mitigating attacks through liquidity incentives, trade splitting, minimum expected return features, and user protections.

On December 1, sandwich attacks affected over a third of BNB Smart Chain blocks, impacting $1.5 billion in trading volume across 43,400 transactions. This underscores concerns about DEX vulnerabilities, with a spokesperson for BNB Chain yet to respond.

Sandwich attacks involve market manipulation, where an attacker places a buy order before the victim's transaction and a sell order immediately after, profiting from the inflated price. These attacks exploit DEX infrastructure, and solutions include incentivizing liquidity, using DEX aggregators, and adopting security features. Users can protect themselves by using private relayers and separating block creation and validation.

On December 1, sandwich attacks infiltrated over a third of BNB Smart Chain blocks, setting a record for the exploit that preys on decentralized exchange users, data from Dune Analytics reveals. Analysis shows that 35.5% of blocks contained such attacks, with over $1.5 billion in trading volume affected across 43,400 transactions in a single day. The spike underscores growing concerns around DEX vulnerabilities. In May, reports highlighted a single bot siphoning $40 million from over 100,000 victims using the same attack within just three months. A spokesperson for BNB Chain has yet to respond to a request for comment.

SANDWICH ATTACKS EXPLOIT THE SYSTEM: Sandwich attacks are a type of market manipulation where an attacker sandwiches a victim's transaction between two of their own. The malicious trader places a buy order just before the victim’s transaction, driving up the token price and a sell order immediately after, profiting from the artificially inflated price. This process is typically automated by maximal extracted value (MEV) bots, taking advantage of DEX infrastructure. Alejandro Munoz-McDonald, smart contract engineer at crypto cybersecurity firm Immunefi, told Decrypt that such attacks are a direct consequence of how DEX infrastructure works. “When a user submits a transaction, it is placed in a public waiting area, the mempool, where a transaction sits until it is included in a block by a miner,” he said.

When a user submits a transaction, it enters the mempool, or "memory pool," and remains there until a miner selects it for inclusion in a block. Miners often prioritize transactions offering higher fees, which can influence the order in which transactions are processed. Since miners prioritize transactions offering the highest fees, attackers can bribe them to reorder transactions, ensuring their strategy executes successfully. “This essentially means an attacker can view what the intention of anyone’s transaction is before it’s executed and can influence the ordering,” Munoz-McDonald added.

SOLUTIONS ARE IN SIGHT, BUT EDUCATION NEEDED: Low liquidity exacerbates the issue by making price swings easier to manipulate, noted Jean Rausis, cofounder of the decentralized finance platform SMARDEX. He suggested that protocols can mitigate attacks by incentivizing users to provide more liquidity through rewards or partnerships. “When pools are bigger, the price doesn’t move as much, making attacks less attractive,” Rausis explained. He also recommended splitting trades across multiple pools using DEX aggregators to reduce vulnerability. Munoz-McDonald also urged DEXs to adopt minimum expected return features, which fail transactions if the desired return isn’t met, limiting the impact of sandwiching. Users, meanwhile, can protect themselves by using private relayers that conceal trades until inclusion in a block or separating block creation and validation to keep transactions private. Another option would be separating block creation and validation, keeping transactions in private mempools, suggested Jeremiah O’Connor, chief technology officer and co-founder at crypto cybersecurity firm Trugard. “Blockchain ecosystems should adopt common security practices as a standard to defend against attacks,” he told Decrypt.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 4 Dec 24
 4 Dec 24
 4 Dec 24