What is a Sandwich Attack and How Did a Trader Lose $215,000 in One Simple Transaction?

A sandwich attack is a form of market manipulation that exploits the transparency of blockchain transactions, particularly within decentralised exchanges (DEXs). This type of attack is executed by malicious actors who manipulate the price of a digital asset to their advantage at the expense of unsuspecting traders.

How Does a Sandwich Attack Work?

In a sandwich attack, an attacker monitors the blockchain for pending transactions and strategically places two transactions around the victim’s trade. The process unfolds as follows:

1. Front-Running: The attacker places a buy order for a token just before the victim’s transaction is processed, artificially inflating the token’s price.
2. Victim’s Transaction: The victim’s trade is executed at the inflated price, meaning they receive fewer tokens than anticipated.
3. Back-Running: The attacker then sells the tokens acquired in the front-running phase at the newly elevated price, securing a profit while the victim bears the loss.

Since blockchain transactions are publicly visible before confirmation, attackers exploit this transparency and transaction sequencing to manipulate asset prices and extract value from unsuspecting traders.

The Recent $215,000 Sandwich Attack

On 12 March 2025, a cryptocurrency trader suffered a substantial loss due to a sandwich attack while executing a stablecoin swap on the Uniswap v3 platform. The trader attempted to exchange $220,764 worth of USD Coin (USDC) for Tether (USDT). However, due to the attack, they received only $5,271 in USDT, amounting to a loss exceeding $215,000.

The interesting part here is how did the funds travel before each of the sandwiched txs.

All wallets follow the same path, which is rather long and quite unsual. Let's take a look:

Before getting sandwiched, the funds came from AAVE position: pic.twitter.com/VcATKapXOk

— DeFiac (@TheDEFIac) March 12, 2025

The attack followed this sequence:

• Front-Running: A Maximal Extractable Value (MEV) bot detected the victim’s USDC-to-USDT swap and withdrew all available USDC liquidity from the relevant Uniswap v3 pool.
• Victim’s Transaction: With the liquidity drained, the victim’s trade was executed at an extremely unfavourable rate, resulting in the enormous loss.
• Back-Running: The attacker swiftly restored the USDC liquidity after the victim’s transaction, rebalancing the pool and securing a profit.

Notably, the attacker paid a $200,000 fee to an Ethereum block builder, “bob-the-builder.eth,” and retained an $8,000 profit from the exploit.

Implications and How to Protect Against Sandwich Attacks

This incident highlights the vulnerabilities in decentralised finance (DeFi) platforms and the risks associated with blockchain transaction transparency. Traders can take several measures to mitigate the risk of sandwich attacks:

• Use Large Liquidity Pools: Trading in pools with higher liquidity reduces the impact of individual transactions on market prices, making it harder for attackers to execute sandwich attacks.
• Employ MEV Protection Tools: Some wallets and platforms offer protection features that obfuscate transaction details or reroute trades to minimise exposure to MEV bots.
• Adjust Slippage Tolerance: Setting a lower slippage tolerance can prevent trades from being executed at significantly unfavourable prices, reducing susceptibility to front-running attacks.

Conclusion

Sandwich attacks pose a significant threat to traders operating on decentralised exchanges. The recent case of a $215,000 loss underscores the importance of awareness and protective measures when engaging in DeFi trading. As the DeFi space evolves, so too must the strategies to safeguard against these exploitative tactics.