The new DEFI platform enters the market! Earn passively - token sale 0.25 $ I'm going in!

How a “sandwich attack” can worsen your crypto deal

4 min reading

As the crypto space grows every day, its vulnerability to various types of attacks and hacks is also increasing, increasing the risk for investors.


As the crypto space grows every day, its vulnerability to various types of attacks and hacks is also increasing, increasing the risk for investors. The decentralized finance (DeFi) landscape offers many opportunities, but smart contract exploitation is becoming increasingly worrisome as fraudsters can take advantage of faulty code.

DeFi is a new area that gives users a lot of power without a lot of regulatory limitations and you have to be extra careful because it is vulnerable to many types of attacks. Such attacks are called sandwiches, which may not be very popular but can lead to problematic situations in DeFi. The co-founder of Ethereum warned about it in 2018. Sandwich attack concept

Sandwich attacks target DeFi protocols and platforms and can have significant market manipulation consequences. In simple terms, an attacker will try to stake a user's transaction with the two transactions before and after it, causing the user to lose. “This type of attack is most common on decentralized exchanges (DEXs). Most DEXs use an algorithmic market maker protocol (AMM),” said Raj Karkara, Chief Marketing Officer, ZebPay. "In this protocol, the price of the token is largely dependent on the depth of liquidity."

How do you recognize a sandwich attack?

This type of attack depends on the slip tolerance set by the victim. The price of the token usually depends on the depth of liquidity. Gaurav Dahake, Founder and CEO of Bitbns, said, "This attack degrades performance because the blockchain is open and all these transactions can be monitored and verified what types of transactions have taken place." A user places an order to buy 1000 Y tokens at a price of 100 USDT each and the slip ratio is set to 10%. During trading, DEX allows trading as long as the price is below 110 USDT. The attacker must check the maximum number of tokens that the attacker can buy to increase the price and ensure that the price change is not higher than the pass set by the user.

How do attacks work?

The first step in this attack is bots that spy on trade transactions. The bot looks for deals with low gas prices as well as deals with liquidity pools where users can claim prices and convert them into the symbols they need. Most sandwich attacks are carried out via automated market creation solutions or AMMs. Due to their pricing algorithm, liquidity is always in demand and transactions are made continuously. "Once these transactions were identified, the bots made transactions with higher fees that preceded normal transactions," said Karkara of Zebpay.

How dangerous is a sandwich attack?

Because the blockchain is open, sandwich attacks can make transactions difficult. The attacker can verify the type of transaction made by the victim. Sandwich attacks can actually help perpetrators manipulate asset prices.

This type of attack might be too easy in reality. Despite the lower profits, this hacking technique can be used over and over again without any consequences. The sandwich attack affected the amount of crypto a real user would receive, Dahake said. "This allows the performer to fill the order at the price he wants. Therefore, the next deal will be at a much higher price."

Protection against sandwich attacks

There are not many ways to avoid such attacks, but developing precautions to protect investors is essential. "When doing big business with DEX, you have to properly adjust the slip tolerance to a level it can withstand," says Karkara of Zebpay. “The best strategy is to reduce slippage as trade size increases.” The protocol also tries to incorporate new technologies such as ZK snarks to help users disguise commercial information so that bots cannot identify it. “Basically, you have to be careful not to open your wallet address, and you also be very careful about adding an additional layer of data protection and transaction rollover. This is called access control aggregate, where you can mask your transactions,” added Dahake of BitBns.

Currency Exchange rate Buy cryptocurrency

Buy crypto now

Dear customer,

We use cookies to provide our services correctly and safely. Cookies are small text-based data sets that shall be saved on the device you are using in connection with the use of this instnat website. Cookies are created in order to ensure proper functioning of thes instant website. By clicking the button "I accept and go to the website", you implicitly agree to creation of the cookies on your computer and to deploy automatic tracking and data collection and processing on behalf of the Lushup Holdings FZ LEE. Click the above-captioned button is also tantamount to accepting website's privacy policy. Closing the notification by means of "X" is unequivocally connected with your consent. If you do not agree to any of the above, please discontinue using our Website.

“Cookies” shall make an identification of the software used by you and to customization of this instant website to your needs. Cookies contain the name of the domain from which they origin, duration of period of their storage on your computer and an assigned value.

Third party cookies:
We also use third-party cookies for the following purposes:

  • creating statistics - helping to understand the way Users use the Website, which allows to improve its structure and content with use of the analytical tools
  • defining a user profile - in order to display custom-tailored content in advertising networks.

External entities that might be source of any third-party cookies on this instant Website are as follows:

Using a settings of your web browser or by using pre-set configuration tools available in our service you can independently and at any time change the settings concerning your use of the “cookies”, specifying the conditionsof their storage and how your device is creating and downloading them. These settings can be changed to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time.

Detailed information about the options related to use of “cookies” is available in the settings of your software (web browser).

Service privacy policy

This instant document lays out the principles of the Privacy Policy on the website (hereinafter referred to as the "Website" or "Service"). The administrator of the Website is Lushup Holdings FZ LEE, Fujairah - Creative Tower, P.O.Box 4422 Fujairah, United Arabs Emirates.

The full document to read the Tokeneo privacy policy is available in this document.

Advanced settings can be changed in your browser.