BNB Chain Faces Record-High Sandwich Attacks, Exposing $1.5 Billion in Trades
On December 1, over a third of BNB Smart Chain’s blocks were hit by sandwich attacks, a record-breaking event targeting decentralized exchange (DEX) users, according to Dune Analytics.
These attacks impacted 35.5% of the chain’s blocks, with over $1.5 billion in trading volume spread across 43,400 transactions in just one day.
This surge highlights the growing risks within DEX platforms. Earlier in May, a single bot exploited the same method to steal $40 million from over 100,000 users in just three months.
What Are Sandwich Attacks?
Sandwich attacks manipulate markets by sandwiching a victim’s transaction between two trades from the attacker. Here’s how it works:
- The attacker places a buy order before the victim’s trade, increasing the token price.
- They immediately place a sell order after the victim’s trade, profiting from the artificially inflated price.
These attacks are usually automated using maximal extracted value (MEV) bots that exploit the structure of DEX systems.
Alejandro Munoz-McDonald, a smart contract engineer at Immunefi, explains that this happens because transactions are temporarily visible in a public "mempool" before they are added to a block by miners.
Miners often prioritize transactions with higher fees, allowing attackers to pay extra to reorder transactions and execute their strategy.
“This means attackers can see others’ transactions before they’re executed and manipulate the order,” Munoz-McDonald added.
Possible Solutions and Prevention
Low liquidity makes it easier for attackers to manipulate prices. Jean Rausis, cofounder of the DeFi platform SMARDEX, suggested increasing liquidity by offering rewards or partnerships to encourage more users to participate. Larger liquidity pools reduce price swings, making attacks less appealing.
Other recommendations include:
Splitting trades: Use DEX aggregators to spread trades across multiple pools.
- Minimum return features: Implement systems that cancel transactions if the expected returns aren’t met.
- Private relayers: Conceal trades until they’re finalized to avoid public visibility in the mempool.
Private mempools: Keep transactions hidden until blocks are validated, as suggested by Jeremiah O’Connor, CTO at Trugard.
Experts also urge blockchain ecosystems to adopt stronger security standards to reduce the risk of such exploits. Educating users and improving protocol designs will be essential to address these vulnerabilities.
