So You’ve Been Sandwiched

2021 Review of Sandwich Attacks on Ethereum

As we set into 2022, we begrudgingly present a 2021 data review on sandwich attacks on Ethereum. Why begrudgingly? Well…it ain’t pretty. The numbers are staggering. Read on to find out how and why DEX traders lost over $250 million to sandwich bots in 2021, and why this will continue in 2022 and beyond.

Data Summary

The data dashboard can be viewed here. Note: the last page of the raw data includes non-aggregated data, but that shouldn’t affect the accuracy of the rest of the dataset.

This data was collected from the BigQuery public dataset, bigquery-public-data.crypto_ethereum. This is subset of sandwiches that:

• Is formed by three transactions — first and last are from attacker sharing from and to address. Middle is from the victim and has a different send address than the first two transactions
• Includes swapping to or from wETH
• Was profitable for the attacker

The complete data summary appears at the end of the blog.

Why did we bother doing this?

Well, as you will see from the size of the figures, it’s a huge issue that garners very little attention from the wider trading community. We believe, in no uncertain terms, that this is a crisis, and one that will likely result in high user churn over the long term, hampering adoption.

There are multiple philosophical approaches to this issue. Some believe it’s best to let it exist but democratize access to it, and others, including Eden Network, believe that protecting traders from it is the best path forward.

Data Highlights (or Lowlights?)

Trader Losses: Let’s not sugarcoat it — over $254 million (84,000 ETH) across nearly 500,000 individual transactions was extracted by sandwich bots in 2021. That is $254 million essentially stolen from every day crypto traders.

To put that into perspective, if sandwich attacks were considered theft similar to other crypto hacks, this would rank as the second largest hack of 2021.

The spikes you see in May and June coincide with instances of high volatility. In May we saw a huge market dump, followed by the dog money frenzy in June. These two events were responsible for more value extraction than any other times of the year by a considerable margin.

Sandwich bot profits: Of the $254 million extracted, sandwich bots profited over $80 million, with the top bot operator profiting over $16 million, and the second over $11 million. While there are hundreds of bots competing with each other, the top 10 bots by USD profit collectively took home $44 million, showing how top heavy and difficult the nefarious space is to compete in.

Note: This chart tracks extracted ETH, but our summary lists the USD conversion for digestibility.

Biggest losing tokens/communities: Sorry dog money and other meme tokens, you were the biggest losers in 2021. SHIB traders lost over $11.7 million via sandwich attacks, more than double the next closest token (excluding stablecoins).

Meme tokens are synonymous with high price volatility due to low liquidity, and generally popular with less experienced crypto traders, furthering our opinion that these hidden taxes via sandwich attacks could end up being responsible for hampering adoption in the long term.

Overall, meme tokens held four of the top 10 spots on the unenviable most sandwiched tokens list:

1. SHIB ($11.7 million lost)
2. USDC ($5.9 million lost)
3. LEASH ($5.4 million lost)
4. ELON ($3.9 million lost)
5. USDT ($3.8 million lost)
6. TRU ($3.6 million lost)
7. AKITA ($3.5 million lost)
8. SPELL ($2.6 million lost)
9. DAI ($2.5 million lost)
10. STARL ($1.8 million lost)

Note: This chart tracks extracted ETH, but our summary lists the USD conversion for digestibility.

Highest sandwiched DEXs: An old narrative was that Uniswap was the problem, and looking at the graph in early 2021, you’d be forgiven for thinking that. However, where there was opportunity for exploitation, bots would find it, and by year end, only ~20% of sandwich attacks occurred on Uniswap v2. This is not a Uniswap problem, this is a fundamental DEX problem.

1. Uniswap v2 ($141.3 million lost)
2. 1Inch ($32.5 million lost)
3. Uniswap v3 ($25 million lost)
4. SushiSwap ($12.2 million lost)
5. MetaMask ($12 million lost)

Can DEX aggregators solve this by spreading the buys and sells across multiple DEXs? No. At the end of 2021, 1Inch was experiencing roughly the same volume of sandwich attacks as Uniswap v2, while DEX aggregators accounted for roughly 20% of all volume versus Uniswap v2 with about 80%.

Notably, MetaMask traders lost over $12 million. While primarily a wallet app, a swap function is also available, anecdotally used mostly by new crypto users entering the space to purchase NFTs and the latest hyped meme or metaverse token. Count this as another data point in sandwich attacks affecting the newest and most vulnerable users.

So where do we go from here?

As DeFi grows, DEX trading becomes more prevalent and market volatility continues, traders will continue to be sandwiched and value will continue to be stolen. There are various opinions and philosophies about how to best deal with this, but we strongly believe that traders require protection for the long term health of the ecosystem.

In 2021, Eden Network launched the Eden Rocket RPC, a product developed specifically to protect traders from sandwich bots, rather than “democratizing” and profiting off them.

When using Eden Rocket RPC to trade on Ethereum, your transactions bypass the public pool and are sent to our private network of mining partners who process these transactions at no extra cost. It’s completely free to use and prevents any nefarious bots from spying on and exploiting DEX trades.

At the time of writing, the crypto market has just experienced another large drawdown, and while we haven’t looked at the data yet, we are certain that sandwich bots profited handsomely as they did all the previous times. The status quo remains, but in less than two minutes and the click of a few buttons, you can submit sandwich-resistant DEX trades and beat the bots. Eden Rocket RPC is the way.

Data Summary continued

Data was obtained with three steps:

1.Collecting — The BigQuery public dataset bigquery-public-data.crypto_ethereum was queried for transaction arrangement where there were three consecutive transactions that included the above criteria. This formed a raw-sandwich.

2. Parsing — Not all transaction arrangements fitting the above conditions are sandwiches, so they required further parsing. To find a common-pool within raw-sandwich, an address was found with which Tx #1 and Tx #2 had a swap in the same direction, and Tx #3 had a swap in the opposite direction.

Further restrictions were imposed, including that the attack had to occur over a single pool (e.g. this sandwich attack was not detected), and the swap was either from or to wETH. To determine extracted value and victim-amount-in, all transfers to and from common-pool were analysed.

In order to aggregate the data, all values needed to be expressed. For sandwiches where the victim bought a token with wETH, this was easy and required no conversion. For attacks where the victim sold a token for wETH, there were two approaches — ‘Preswap’ and ‘afterswap’ values could be used if the attacker first bought the token the victim was selling on a different market for wETH. However, if this was not the case, the price of the token was determined by the swapping price in the first transaction of the attack. The latter method can give rise to inaccuracies as attacker swaps reach deep into pool liquidity and affect asset price.

3. Formatting

• Attacker profit extractedVal — minerReward — burnedFees
• Miner reward priorityFee + internalTransfers
• ETH-USD daily price and ERC20 info was obtained from CoinGecko
• Victim contract and miner labels were obtained from Etherscan