Detecting Evasive Sandwich Attacks on Solana

1. Introduction

Sandwich attacks remain one of the most visible and toxic forms of MEV extraction. By reordering user transactions to buy before and sell after, malicious validators can systematically extract value from retail users.

In early releases of Sandwiched.me, our detection algorithm (v1) successfully flagged validators executing “vanilla” sandwich attacks (backrun → victim → frontrun). But over the last several weeks, we observed a shift. Dozens of validators adapted their behavior to evade detection by attempting to obfuscate their transactions.

Here we present our findings from our updated algorithm, Sandwich Detector v2, which extends detection capabilities to cover evasive sandwich attacks.

2. Evasive Sandwich Attacks Explained

Unlike straightforward sandwiches, evasive strategies are designed to hide their intent. These attacks often take the form:

• frontrun (multiple) → victim → backrun (multiple)
• Potentially with a token transfer to a different wallet before the backrun

These techniques make attacks more difficult to detect and are a great example of the ongoing cat-and-mouse game between attackers and detection systems. Sandwich bots are crafty and will constantly attempt to adapt their strategies.

Here, the attacker split the frontrun into two buys, transferred the tokens to a different wallet, the victim executed their buy, and then the attacker sold immediately after.

3. Findings (Epoch 841)

3.1 Validator Coverage

In Epoch 841, 82 validators were detected using sandwiching strategies under v2 (validators with ≥5% sandwich rate over a 30-day rolling period, ≥100 blocks produced, and change rate from v1 to v2 ≥5%). Of these, 27 were exclusively evasive and would not have been caught under v1.

3.2 Stake Weight

Flagged validators collectively controlled ~4.61M SOL of stake, equivalent to ~1.14% of total network stake at the time of measurement.

• Evasive validators: ~2.96M SOL (64%)
• Standard sandwichers: ~1.65M SOL (36%)

This distribution underscores that the majority of sandwiching stake shifted to evasive strategies.

3.3 Attack Distribution

Over the past 30 days:

• 25,088 sandwiching blocks were observed.
• 12,328 blocks came from evasive-only validators – nearly half of all detected attacks, invisible to sandwich detector v1.

4. Recent Validator Shutdowns

Following the release of Sandwich Detector v2, many flagged validators have taken drastic action in the past few days.

Several validators shut down entirely and/or raised their commission to 100%, effectively preventing their stakers from receiving rewards for one epoch.

Stakewiz data showing a validator raising their commission to 100% after being detected by Sandwich Detector v2.

5. Case Studies

5.1 Validator Adaptation Example

One validator, anonymized as Validator A, was previously flagged by v1 for obvious sandwiches. After switching to evasive strategies, they temporarily evaded detection – entering what could be called their “redemption era.”

Before Sandwich Detector V2

With v2, however, Validator A was flagged again, contributing hundreds of evasive attacks over the last 30-day period. This adaptation underscores how quickly validator strategies evolve once transparency tools are introduced.

After Sandwich Detector V2

6. Implications

• Transparency drives adaptation: The validator response shows this is a cat-and-mouse game. As detection improves, attackers change tactics -- which means Sandwiched.me must continue to evolve alongside them.
• Profitability remains high: The fact that validators are investing effort into evasive strategies is clear evidence that sandwiching is still lucrative on Solana.
• Activity is concentrated: A relatively small set of validators are responsible for the majority of evasive sandwiching, amplifying the impact of their behavior on the broader network.

7. Stake Pools

Since releasing Sandwich Detector v2, we’ve already seen the Solana Foundation and several stake pools take swift action against malicious validators. We will continue to monitor and provide data to the ecosystem.

8. Conclusion

Sandwiched v2 confirms that evasive sandwich attacks are both widespread and rapidly evolving. While obvious attacks have declined, evasive strategies now account for more than half of all detected sandwiching activity, with just a handful of validators responsible for most of the harm.

The recent wave of validator shutdowns after being identified as sandwichers shows that transparency tools can meaningfully pressure bad actors, but also highlights the cycle of detection and adaptation. As long as sandwiching remains profitable, validators will continue to adapt their tactics.

Looking ahead, vigilance and iteration are essential. Sandwiched.me will continue to advance detection methods, publish open data, and support the Solana community in holding malicious validators accountable.