Verify a decision

{"actor":"system:backfill","investigation_id":"519ca7fe-f6d3-4a79-b3c8-40273e5a5481","kind":"publish","page_slug":"solana-mev-sandwich-bots","published_at":"2026-05-25T19:18:59.540Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Solana MEV Sandwich Bots","sections":[{"content":"Sandwich attacks on Solana operate by observing a pending swap transaction — typically submitted to a private mempool or RPC node — and placing two transactions around it: a front-run buy that drives up the asset price, followed by a back-run sell executed immediately after the victim's trade settles at the inflated price. The attacker profits from the spread, and the victim receives a worse execution price than quoted.\n\nOn Solana, the attack is structurally enabled by the network's leader-based block production model. Each validator serves as a block leader for its assigned slot window, giving it discretionary control over transaction ordering within that slot. Malicious validators can reorder, insert, or delay transactions to their advantage without any visible mempool for users to monitor.\n\nA variant called the 'wide' or 'multi-slot' sandwich — where the front-run and back-run occur across different validator leader slots rather than within a single block — has grown sharply in prevalence. According to data from Ghostlogs' sandwich.me tracker presented at Accelerate 2025, wide sandwiches grew from approximately 1% to 30% of all sandwich attacks in recent months and now account for 93% of all sandwich activity by count, having extracted over 529,000 SOL in the preceding year. Wide sandwiches are particularly difficult to detect because the front-run and back-run appear in separate blocks produced by different validators, defeating simple per-block heuristics.\n\nJito Labs' block engine — used by a large share of Solana validators — was originally designed with a public mempool that allowed transaction visibility. After Jito shut down its public mempool in March 2024 due to sandwich attack concerns, MEV activity migrated to private mempool networks. Private services such as DeezNode allegedly offered validators 50% of MEV profits in exchange for routing transactions through their private order-flow channels, replicating the attack surface in a less transparent form.","heading":"Mechanism of Attack","severity":"critical","sources":[{"credibility":2,"name":"Solana MEV Exposed: Sandwich Attacks, Arbitrage, and Validator Behavior Analysis (Ghostlogs / Accelerate 2025)","type":"research","url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"credibility":1,"name":"Quantifying the Threat of Sandwiching MEV on Jito: A Measurement of Solana's Leading Validator Client (ACM IMC 2025)","type":"research","url":"https://dl.acm.org/doi/10.1145/3730567.3764493"},{"credibility":2,"name":"Solana MEV Report: Trends, Insights, and Challenges (Helius)","type":"research","url":"https://www.helius.dev/blog/solana-mev-report"},{"credibility":2,"name":"A New Era of MEV on Solana (bloXroute)","type":"research","url":"https://bloxroute.com/pulse/a-new-era-of-mev-on-solana/"}]},{"content":"The most widely cited estimate of total extraction — $370M to $500M over the 16 months from approximately January 2024 through May 2025 — was produced by Ghostlogs, the team behind the sandwich.me on-chain tracking tool, and presented publicly at the Accelerate 2025 conference. The figure is derived from analysis of over 8.5 billion trades representing roughly $1 trillion in cumulative DEX volume on Solana.\n\nAt the per-validator level, the December 2024 period offers a documented case study. The validator and RPC cluster operator known as DeezNode allegedly ran a sandwich bot program (on-chain address vpeNAL...oax38b) that executed approximately 1.55 million transactions in a single month, generating 65,880 SOL in profit — equivalent to roughly $13.43 million at December 2024 prices. Annualized, that rate would project to approximately 801,540 SOL ($163 million) per year. An earlier incident attributed to a separate validator identified as Arsc had been associated with approximately $60 million in MEV extraction, though the precise methodology for that figure has not been independently verified.\n\nA separate analysis by Solana Floor identified bot address E6YoRP3adE5XYneSseLee15wJshDxCsmyD2WtLvAmfLi as accounting for 42% of all sandwich volume, processing over $1.6 billion in trades across a 30-day window with a net profit of approximately 49,400 SOL after Jito tips. The second-ranked bot (89Ny6a4mALkQgEVN8UbKSc9TdLi6t9rFYdtihrXZEpq6) processed $433 million in trades at approximately 11.2% market share.\n\nAcademic researchers at the 2025 ACM Internet Measurement Conference documented over 500,000 discrete sandwiching incidents resulting in more than $7.7 million in direct victim losses over their four-month measurement window covering early 2025 Jito usage, with users deploying over 2.4 million defensive transactions that provided limited protection. Separately, monthly extraction figures from on-chain monitoring showed a record of approximately 87,000 SOL extracted in January 2025.","heading":"Scale of Extraction","severity":"critical","sources":[{"credibility":2,"name":"Solana MEV Exposed: Sandwich Attacks, Arbitrage, and Validator Behavior Analysis (Ghostlogs / Accelerate 2025)","type":"research","url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"credibility":2,"name":"A Deep Dive into Solana's MEV: One Bot Captures 42% of the Market (Solana Floor)","type":"news_article","url":"https://solanafloor.com/news/a-deep-dive-into-solana-s-mev-one-bot-captures-42-of-the-market"},{"credibility":2,"name":"This Solana validator extracted over $13M from users in one month using sandwich attacks (CryptoNews)","type":"news_article","url":"https://cryptonews.net/news/security/30712979/"},{"credibility":1,"name":"Quantifying the Threat of Sandwiching MEV on Jito: ACM IMC 2025","type":"research","url":"https://dl.acm.org/doi/10.1145/3730567.3764493"},{"credibility":2,"name":"Sandwich Attacks Spiraling Out of Control on Solana, Over $3.2M Of SOL Crypto Extracted In October (Yahoo Finance)","type":"news_article","url":"https://finance.yahoo.com/news/sandwich-attacks-spiraling-control-solana-112345764.html"}]},{"content":"Sandwich activity on Solana is not uniformly distributed across validators. Research by Ghostlogs identified 23 validators whose leader slots showed sandwich attack rates exceeding 6% — meaning that in more than 6% of blocks they produced, at least one sandwich attack was present. Some validators showed exploitation rates as high as 27% of their produced blocks. These validators allegedly obtained significant delegated stake through Marinade Finance's mSOL pool and Jito's staking program, which critics argued created a systemic incentive misalignment.\n\nThe validator operating under the name DeezNode (on-chain address HM5H6...jdMRA) accumulated delegated stake of approximately 811,604 SOL — roughly $168.5 million — with its stake growing from approximately 307,900 SOL in November 2024 to 802,500 SOL by December 9, 2024. Approximately 19.89% of that stake reportedly originated from Marinade's mSOL pool. The rapid stake accumulation while conducting alleged sandwich attacks was flagged by on-chain researcher vitorpy (founder of DarkLake) in a public report published on March 18, 2025.\n\nThe bot program designated by researchers as 'vpe' (short address vpeNAL...oax38b) is described by Jito's internal analysis as responsible for nearly half of all sandwich attacks on Solana. Researchers from chrischang43 on X documented in January 2025 that sandwiching on Solana was dominated by six bots, analyzing their strategies across buy and sell directions, Jito tipping behavior, and Pump.fun bonding curve targeting. The top bot paid approximately 22,760 SOL ($4.63 million) in Jito tips during one 30-day period while retaining approximately 49,400 SOL in net profit — a tip-to-profit ratio of roughly 15–20%, compared to arbitrage bots that pay 50–60% of profits to validators.\n\nA notable single-transaction event involved the $POPE meme coin: the top sandwich bot allegedly earned 8,400 SOL profit from sandwiching a single 20,000 SOL transaction on February 25, 2025. Memecoin traders are identified as the primary victim class due to their higher slippage tolerance settings, with 16 of the top 20 most-sandwiched tokens having been created on Pump.fun.","heading":"Key Operators and Validators","severity":"critical","sources":[{"credibility":2,"name":"Solana MEV Report: Trends, Insights, and Challenges (Helius)","type":"research","url":"https://www.helius.dev/blog/solana-mev-report"},{"credibility":2,"name":"This Solana validator extracted over $13M from users in one month (CryptoNews)","type":"news_article","url":"https://cryptonews.net/news/security/30712979/"},{"credibility":2,"name":"A Deep Dive into Solana's MEV: One Bot Captures 42% of the Market (Solana Floor)","type":"news_article","url":"https://solanafloor.com/news/a-deep-dive-into-solana-s-mev-one-bot-captures-42-of-the-market"},{"credibility":3,"name":"chris (@chrischang43) on X: Sandwiching dominated by 6 bots","type":"social_media","url":"https://x.com/chrischang43/status/1880354695186653531"}]},{"content":"Jito Labs' block engine is used by a dominant share of Solana validators. It originally included a public mempool that allowed transaction visibility and drove MEV activity, including sandwich attacks. In March 2024, Jito Labs shut down the public mempool specifically citing sandwich attack concerns. The closure was intended to reduce harmful MEV but produced an unintended consequence: sandwich activity migrated to private mempool services that operate with even less transparency.\n\nPrivate mempool operators — including the network associated with DeezNode — allegedly shared upcoming transaction order flow among validators who paid for access, effectively recreating the attack surface in a less observable form. Jito's DontFront feature, which routes transactions through Jito's bundle system to prevent front-running within that system, was introduced as a partial defense; however, transactions submitted directly to validators that bypass Jito are not protected by this mechanism.\n\nThe Jito Foundation established a Blacklist Committee with authority to remove validators from JitoSOL staking allocations. In October 2025, following an on-chain report from 0xGhostLogs documenting widespread abuse, the committee banned 15 additional validators from receiving JitoSOL stake. An earlier governance proposal during Epoch 789 had also executed a blacklisting of validators identified as conducting sandwich attacks.\n\nThe concentration of block-engine usage through Jito has been noted by researchers as a systemic risk: it creates a single coordination point that, if abused or captured, enables large-scale MEV extraction. Academic research published at ACM IMC 2025 confirmed that sandwiching was measurable and systematic within Jito's validator client during early 2025.","heading":"Role of Jito Block Engine and Private Mempools","severity":"high","sources":[{"credibility":1,"name":"MEV Protection with Jito DontFront (Solana official developer guide)","type":"official","url":"https://solana.com/developers/guides/advanced/mev-protection"},{"credibility":2,"name":"Solana users are paying millions to stop bots attacking their trades (DL News)","type":"news_article","url":"https://www.dlnews.com/articles/defi/solana-users-use-jito-to-stop-sandwich-attacks-and-mev/"},{"credibility":1,"name":"Quantifying the Threat of Sandwiching MEV on Jito: ACM IMC 2025","type":"research","url":"https://dl.acm.org/doi/10.1145/3730567.3764493"},{"credibility":2,"name":"Jito bans 15 additional validators (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/jito-bans-15-additional-validators-after-data-emerges-of-widespread-sandwich-attacks/"},{"credibility":2,"name":"Jito cracks down on Solana validators (CryptoRank)","type":"news_article","url":"https://cryptorank.io/news/feed/4d1c4-jito-bans-15-additional-validators-after-data-emerges-of-widespread-sandwich-attacks"}]},{"content":"The Solana Foundation took its first major enforcement action in June 2024, when Validator Relations Lead Tim Garcia announced on the Foundation's Discord server that more than 30 validator operators had been removed from the Solana Foundation Delegation Programme for participating in mempools that enable sandwich attacks. Garcia stated: 'Decisions in this matter are final. Enforcement actions are ongoing as we detect operators participating in mempools which allow sandwich attacks.' Because Solana is a permissionless network, removed validators retained the ability to continue operating; they lost only the Foundation's delegated SOL subsidy.\n\nMarinade Finance, operator of the mSOL liquid staking pool with approximately $2 billion in delegated user funds, announced in December 2025 that it had blacklisted over 50 validators identified through on-chain analysis as conducting sandwich attacks. Marinade also introduced a 'Marinade Select' tier for vetted validator options. The coordinated actions by Jito, Marinade, and the Solana Foundation were estimated to have reduced sandwich attack profitability by approximately 60–70% in 2025, with user complaints related to front-running and excessive slippage falling by roughly 60% across major Solana DEXs.\n\nNo regulatory body (SEC, CFTC, or equivalent) has issued formal enforcement actions specifically targeting Solana sandwich bots as of May 2026. The legal status of sandwich attacks in crypto markets — which may implicate market manipulation statutes — remains untested in courts.","heading":"Ecosystem and Regulatory Response","severity":"high","sources":[{"credibility":1,"name":"Solana Foundation removes certain operators from delegation program over malicious sandwich attacks (The Block)","type":"news_article","url":"https://www.theblock.co/post/299244/solana-foundation-removes-certain-operators-from-delegation-program-over-malicious-sandwich-attacks"},{"credibility":2,"name":"Solana Foundation restricts validators involved in sandwich attacks (CryptoBriefing)","type":"news_article","url":"https://cryptobriefing.com/solana-fnd-validator-mev-restrictions/"},{"credibility":2,"name":"Marinade Finance Blacklists Over 50 Validators to Stop Sandwich Attacks (CryptoNews)","type":"news_article","url":"https://cryptonews.net/news/security/32181951/"},{"credibility":2,"name":"Solana Foundation expels validators for sandwich attacks on retail users (CryptoSlate)","type":"news_article","url":"https://cryptoslate.com/solana-foundation-expels-validators-for-sandwich-attacks-on-retail-users/"}]},{"content":"Several application-layer and infrastructure-layer defenses have been deployed or proposed, though none provides universal protection as of May 2026.\n\nJupiter Aggregator implemented dynamic slippage in August 2024, routing swaps to reduce MEV exposure. Its Ultra V3 product, launched in October 2025, introduced what the company describes as 34x better MEV protection compared to competing trading UIs by routing trades through its Beam private delivery system rather than selling order flow to external MEV searchers. Jupiter reported average positive slippage of +0.63 bps for users over a representative 7-day period.\n\nEllipsis Labs released Plasma, an audited open-source reference implementation of a sandwich-resistant AMM design, in which swaps execute at the price locked at slot start rather than mid-slot, breaking the timing window required for atomic sandwich attacks. The project notes that multi-slot 'wide' sandwiching remains possible at slot boundaries even with this design.\n\nTWAP-based price checks — which revert a swap if the post-trade pool price deviates from a time-weighted average price by more than a configurable threshold — have been identified as an effective defense against atomic sandwiches, as a single front-run transaction cannot move the TWAP enough to pass the check. Implementation across major Solana AMMs is not yet universal.\n\nJito's DontFront feature routes transactions through Jito's bundle system to prevent sandwiching within that routing path. Transactions that bypass Jito — submitted directly to validators or through other RPC providers — are not protected.\n\nThe Paladin Priority Port (P3) system, which attempts to enforce fair transaction ordering at the validator level, had approximately 80 validators representing 6% of network stake participating as of early 2025. Broader adoption would require protocol-level changes.\n\nMultiple Concurrent Leaders (MCL) — a consensus architecture change that would remove single-validator block discretion — has been described by Solana developers as requiring 'several years of development' and is not near deployment.\n\nThe fundamental limitation across all current defenses is that no on-chain recourse exists for victims after the fact. Users who have been sandwiched cannot reverse the transaction or claim compensation. Detection without specialized tools is generally not possible for retail users.","heading":"Available Defenses and Limitations","severity":"high","sources":[{"credibility":2,"name":"Solana MEV Report: Trends, Insights, and Challenges (Helius)","type":"research","url":"https://www.helius.dev/blog/solana-mev-report"},{"credibility":2,"name":"Introducing Plasma: A Reference Implementation of a Sandwich-Resistant AMM (Ellipsis Labs)","type":"official","url":"https://www.ellipsislabs.xyz/blog-posts/introducing-plasma"},{"credibility":2,"name":"Plasma GitHub repository (Ellipsis Labs)","type":"official","url":"https://github.com/Ellipsis-Labs/plasma"},{"credibility":1,"name":"Jupiter launches Ultra V3 with MEV protections (The Block)","type":"news_article","url":"https://www.theblock.co/post/375184/solana-decentralized-exchange-aggregator-jupiter-unveils-ultra-v3-improved-trade-execution-mev-protections-gasless-support"},{"credibility":1,"name":"MEV Protection with Jito DontFront (Solana developers)","type":"official","url":"https://solana.com/developers/guides/advanced/mev-protection"},{"credibility":2,"name":"What is MEV and How to Protect Your Transactions on Solana (QuickNode)","type":"research","url":"https://www.quicknode.com/guides/solana-development/defi/mev-on-solana"}]},{"content":"Retail users on Solana face two primary forms of financial harm from sandwich attacks. The first is direct price impact: the victim's swap executes at a worse price than quoted, with the difference captured by the bot operator. The second is implicit: users submitting high-priority fee transactions to avoid sandwich attacks are in effect paying 'protection fees' to validators, transferring wealth to the validator set without receiving proportional benefit.\n\nMemecoin traders are disproportionately affected because they frequently set high slippage tolerances (10–50%) to ensure their transactions execute during volatile price movements. These wide tolerance windows are exploitable by sandwich bots. Helius data indicates that 16 of the top 20 most-sandwiched tokens were launched on Pump.fun.\n\nVictims typically cannot detect whether they were sandwiched without querying on-chain transaction history and comparing their execution price against contemporaneous block data — a task requiring specialized tools. The sandwich.me tracker developed by Ghostlogs provides retrospective detection capabilities, but real-time user-facing alerts are not broadly available.\n\nAcademic research at ACM IMC 2025 documented that users employed over 2.4 million 'defensive behaviors' during the measurement period that provided little or no measurable protection against sandwiching, suggesting users are attempting to defend themselves without adequate information about which measures are effective.\n\nNo platform-wide defense mechanism is currently deployed across all Solana DEX infrastructure. Users relying on DEX interfaces that do not implement MEV protection routing remain fully exposed.","heading":"User Risk and Detection","severity":"high","sources":[{"credibility":1,"name":"Quantifying the Threat of Sandwiching MEV on Jito: ACM IMC 2025","type":"research","url":"https://dl.acm.org/doi/10.1145/3730567.3764493"},{"credibility":2,"name":"Solana MEV Report: Trends, Insights, and Challenges (Helius)","type":"research","url":"https://www.helius.dev/blog/solana-mev-report"},{"credibility":3,"name":"Solana MEV Wars: Understanding the Game and Protecting Your Alpha (Astralane / Medium)","type":"other","url":"https://medium.com/@astralaneio/solana-mev-wars-understanding-the-game-protecting-your-alpha-43ba5e4846e9"}]},{"content":"Solana sandwich attacks differ structurally from those on Ethereum in several ways that affect both their scale and their detectability. On Ethereum, MEV is largely mediated through Flashbots' MEV-Boost relay infrastructure, which is transparent and publicly monitored; block builders publish bundles and researchers can audit them post-facto. Solana has no equivalent public relay transparency standard.\n\nSolana's sub-second block times (approximately 400ms per slot) mean that bots must operate with extremely low latency, creating barriers to entry but also reducing the time window for users or monitoring tools to detect and respond to pending attacks. Transaction fees on Solana are significantly lower than Ethereum, making it economically viable to execute large volumes of small sandwich attacks that would be unprofitable on Ethereum after gas costs.\n\nSolana's lack of a global public mempool — by design — means there is no universal pending-transaction feed. MEV activity is therefore invisible to standard monitoring tools that rely on mempool observation. The Jito block engine partially fills this role but is itself the infrastructure through which attacks occur.","heading":"Comparison to Ethereum MEV","severity":"medium","sources":[{"credibility":2,"name":"Solana MEV Exposed: Sandwich Attacks, Arbitrage, and Validator Behavior Analysis (Ghostlogs / Accelerate 2025)","type":"research","url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"credibility":2,"name":"MEV: A Guide to Maximal Extractable Value in Crypto (Arkham)","type":"research","url":"https://info.arkm.com/research/beginners-guide-to-mev"}]}],"sources_used":[{"credibility":2,"name":"Solana MEV Exposed: Sandwich Attacks, Arbitrage, and Validator Behavior Analysis (Ghostlogs / Accelerate 2025)","type":"research","url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"credibility":1,"name":"Quantifying the Threat of Sandwiching MEV on Jito: ACM IMC 2025 (Gerzon, Weintraub, In, Mislove, Nita-Rotaru)","type":"research","url":"https://dl.acm.org/doi/10.1145/3730567.3764493"},{"credibility":2,"name":"Solana MEV Report: Trends, Insights, and Challenges (Helius)","type":"research","url":"https://www.helius.dev/blog/solana-mev-report"},{"credibility":2,"name":"A Deep Dive into Solana's MEV: One Bot Captures 42% of the Market (Solana Floor)","type":"news_article","url":"https://solanafloor.com/news/a-deep-dive-into-solana-s-mev-one-bot-captures-42-of-the-market"},{"credibility":2,"name":"This Solana validator extracted over $13M from users in one month using sandwich attacks (CryptoNews)","type":"news_article","url":"https://cryptonews.net/news/security/30712979/"},{"credibility":1,"name":"Solana Foundation removes certain operators from delegation program over malicious sandwich attacks (The Block)","type":"news_article","url":"https://www.theblock.co/post/299244/solana-foundation-removes-certain-operators-from-delegation-program-over-malicious-sandwich-attacks"},{"credibility":2,"name":"Solana Foundation restricts validators involved in sandwich attacks (CryptoBriefing)","type":"news_article","url":"https://cryptobriefing.com/solana-fnd-validator-mev-restrictions/"},{"credibility":2,"name":"Marinade Finance Blacklists Over 50 Validators to Stop Sandwich Attacks (CryptoNews)","type":"news_article","url":"https://cryptonews.net/news/security/32181951/"},{"credibility":2,"name":"Jito bans 15 additional validators after data emerges of widespread sandwich attacks (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/jito-bans-15-additional-validators-after-data-emerges-of-widespread-sandwich-attacks/"},{"credibility":1,"name":"MEV Protection with Jito DontFront (Solana official developer guide)","type":"official","url":"https://solana.com/developers/guides/advanced/mev-protection"},{"credibility":1,"name":"Jupiter launches Ultra V3 with MEV protections (The Block)","type":"news_article","url":"https://www.theblock.co/post/375184/solana-decentralized-exchange-aggregator-jupiter-unveils-ultra-v3-improved-trade-execution-mev-protections-gasless-support"},{"credibility":2,"name":"Introducing Plasma: A Reference Implementation of a Sandwich-Resistant AMM (Ellipsis Labs)","type":"official","url":"https://www.ellipsislabs.xyz/blog-posts/introducing-plasma"},{"credibility":2,"name":"Plasma GitHub repository (Ellipsis Labs)","type":"official","url":"https://github.com/Ellipsis-Labs/plasma"},{"credibility":2,"name":"Solana users are paying millions to stop bots attacking their trades (DL News)","type":"news_article","url":"https://www.dlnews.com/articles/defi/solana-users-use-jito-to-stop-sandwich-attacks-and-mev/"},{"credibility":2,"name":"Sandwich Attacks Spiraling Out of Control on Solana, Over $3.2M Of SOL Crypto Extracted In October (Yahoo Finance)","type":"news_article","url":"https://finance.yahoo.com/news/sandwich-attacks-spiraling-control-solana-112345764.html"},{"credibility":2,"name":"A New Era of MEV on Solana (bloXroute)","type":"research","url":"https://bloxroute.com/pulse/a-new-era-of-mev-on-solana/"},{"credibility":2,"name":"Solana Foundation expels validators for sandwich attacks on retail users (CryptoSlate)","type":"news_article","url":"https://cryptoslate.com/solana-foundation-expels-validators-for-sandwich-attacks-on-retail-users/"},{"credibility":2,"name":"What is MEV and How to Protect Your Transactions on Solana (QuickNode)","type":"research","url":"https://www.quicknode.com/guides/solana-development/defi/mev-on-solana"},{"credibility":3,"name":"chris (@chrischang43) on X: Sandwiching on Solana dominated by 6 bots","type":"social_media","url":"https://x.com/chrischang43/status/1880354695186653531"}],"summary":"Solana MEV sandwich bots are a class of automated programs that exploit Solana's leader-based block production model and private mempool infrastructure to front-run and back-run retail swap transactions, extracting an estimated $370M–$500M from users over the 16 months preceding May 2026. The threat is systemic rather than tied to a single actor: a small set of dominant programs — with one address accounting for an alleged 42% of total sandwich volume — operate in coordination with complicit validators and private mempool services, primarily Jito-adjacent infrastructure. Ecosystem countermeasures including validator blacklisting by Jito and Marinade Finance, as well as application-layer defenses by Jupiter and Ellipsis Labs, are deployed but do not yet offer universal protection.","timeline":[{"date":"2022-11-01","event":"Jito Labs launches public mempool for Solana, enabling transaction visibility that is later exploited for sandwich attacks.","source":"Solana Compass / Ghostlogs Accelerate 2025 presentation","source_url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"date":"2024-03-01","event":"Jito Labs shuts down its public mempool due to sandwich attack concerns. Sandwich activity migrates to private mempool services.","source":"Solana Compass / Ghostlogs Accelerate 2025 presentation","source_url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"date":"2024-06-09","event":"Solana Foundation Validator Relations Lead Tim Garcia announces removal of 30+ validator operators from the Delegation Programme for participation in sandwich-enabling mempools.","source":"The Block","source_url":"https://www.theblock.co/post/299244/solana-foundation-removes-certain-operators-from-delegation-program-over-malicious-sandwich-attacks"},{"date":"2024-06-01","event":"Marinade Finance introduces Stake Auction Marketplace, which critics later argue inadvertently enabled pay-for-stake dynamics exploited by sandwich validators.","source":"Helius MEV Report","source_url":"https://www.helius.dev/blog/solana-mev-report"},{"date":"2024-06-01","event":"sandwich.me MEV tracking tool launches (initial version), developed by Ghostlogs to provide on-chain sandwich attack analytics.","source":"Solana Compass / Ghostlogs Accelerate 2025","source_url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"date":"2024-08-01","event":"Jupiter Aggregator implements dynamic slippage as an application-layer MEV defense.","source":"Helius MEV Report","source_url":"https://www.helius.dev/blog/solana-mev-report"},{"date":"2024-11-13","event":"DeezNode validator begins rapid stake accumulation, growing from approximately 307,900 SOL to over 800,000 SOL delegated stake within weeks, while alleged sandwich attacks continue.","source":"Helius MEV Report / CryptoNews","source_url":"https://cryptonews.net/news/security/30712979/"},{"date":"2024-12-01","event":"DeezNode's sandwich bot program executes approximately 1.55 million transactions in December 2024, generating an alleged 65,880 SOL ($13.43M) in profit. Jito internal analysis associates program vpeNAL...oax38b with nearly half of all Solana sandwich attacks.","source":"Helius MEV Report / CryptoNews","source_url":"https://www.helius.dev/blog/solana-mev-report"},{"date":"2025-01-01","event":"January 2025 sets a record for wide sandwich extraction at approximately 87,000 SOL extracted in a single month.","source":"Ghostlogs / Accelerate 2025 presentation (via Solana Compass)","source_url":"https://solanacompass.com/learn/accelerate-25/scale-or-die-at-accelerate-2025-the-state-of-solana-mev"},{"date":"2025-02-25","event":"The top sandwich bot (E6YoRP3adE5XYneSseLee15wJshDxCsmyD2WtLvAmfLi) allegedly earns 8,400 SOL profit from a single sandwich on a 20,000 SOL $POPE meme coin transaction.","source":"Solana Floor","source_url":"https://solanafloor.com/news/a-deep-dive-into-solana-s-mev-one-bot-captures-42-of-the-market"},{"date":"2025-03-18","event":"On-chain researcher vitorpy (founder of DarkLake) publishes analysis exposing DeezNode's December 2024 extraction, prompting broader ecosystem attention.","source":"CryptoNews","source_url":"https://cryptonews.net/news/security/30712979/"},{"date":"2025-10-01","event":"Jito Blacklist Committee bans 15 additional validators from receiving JitoSOL staking assets following the 0xGhostLogs on-chain report identifying widespread sandwich abuse across 23 validators.","source":"Cryptopolitan / KuCoin","source_url":"https://www.cryptopolitan.com/jito-bans-15-additional-validators-after-data-emerges-of-widespread-sandwich-attacks/"},{"date":"2025-10-01","event":"Jupiter launches Ultra V3, claiming 34x better MEV protection than competing trading interfaces through its Beam private delivery system.","source":"The Block","source_url":"https://www.theblock.co/post/375184/solana-decentralized-exchange-aggregator-jupiter-unveils-ultra-v3-improved-trade-execution-mev-protections-gasless-support"},{"date":"2025-12-23","event":"Marinade Finance announces blacklisting of over 50 malicious validators identified through on-chain analysis, protecting approximately $2 billion in delegated user stake. Ecosystem coordinated response estimated to have reduced sandwich attack profitability by 60-70%.","source":"CryptoNews","source_url":"https://cryptonews.net/news/security/32181951/"},{"date":"2026-01-01","event":"ACM Internet Measurement Conference 2025 publishes peer-reviewed paper 'Quantifying the Threat of Sandwiching MEV on Jito,' documenting over 500,000 sandwiching incidents and $7.7M in direct victim losses over a four-month Jito measurement window.","source":"ACM Digital Library","source_url":"https://dl.acm.org/doi/10.1145/3730567.3764493"}]},"v":1}