Executive Summary
- Solana’s DeFi ecosystem is experiencing a surge in “sandwich attacks,” a predatory bot activity that exploits transaction ordering to extract value from users through “bad fills.”
- These attacks, particularly “wide sandwich attacks,” have led to significant value extraction, with over 18,000 SOL reportedly taken from more than 202,000 victims in October 2025 alone.
- In response, Jito, a prominent Solana block builder, has banned 15 validators for their complicity, following previous action in 2024 where the Solana Foundation ousted over 30 validators for enabling similar MEV practices.
The Story So Far
- Solana’s high-throughput blockchain architecture, while fast, is susceptible to “sandwich attacks,” a type of predatory bot activity where transactions are front-run and back-run to exploit price differences, often resulting in “bad fills” for users. These attacks, which are a form of Maximal Extractable Value (MEV), are particularly effective on Solana due to its transaction ordering design, with some validators complicit in facilitating them for profit, leading to significant value extraction from users and ongoing efforts by entities like Jito and the Solana Foundation to maintain network integrity.
Why This Matters
- The escalating “sandwich attacks” on Solana’s decentralized finance ecosystem are directly impacting users through financial losses and “bad fills,” while also raising concerns about network integrity and validator complicity. This has prompted significant action from prominent block builder Jito and the Solana Foundation, who are actively banning validators to combat these predatory practices, underscoring the ongoing challenge of maintaining a fair and secure environment within high-throughput blockchains.
Who Thinks What?
- Users and observers report that sandwich attacks are a predatory form of bot activity resulting in “bad fills” and significant financial losses for users, with large sums being extracted by attackers.
- Jito, a prominent Solana block builder, and the Solana Foundation view sandwich attacks as a critical threat to network integrity and user protection, taking decisive action by banning validators found to be complicit.
- Critics argue that Solana’s transaction processing design, particularly its speed-focused architecture, and validators’ prioritization of fees enable these “wide sandwich attacks,” allowing bots to exploit the system and potentially siphon billions annually.
Solana’s decentralized finance (DeFi) ecosystem is reportedly experiencing a surge in “sandwich attacks,” a form of predatory bot activity that exploits transaction ordering to extract value from users. This escalating issue has prompted Jito, a prominent Solana block builder, to intensify its crackdown, recently banning 15 validators found to be complicit in these attacks.
Rising Concerns Over Sandwich Attacks
Sandwich attacks involve bots front-running and back-running large user transactions, particularly those involving meme coins or other volatile assets, to profit from price manipulation. While not illegal, these attacks leverage Solana’s transaction processing design, often resulting in “bad fills” where users receive less than expected for their trades.
An observer on X reported on October 29, 2025, that over 864 SOL had been extracted by 3,928 attackers, impacting more than 15,900 victims across Solana DeFi protocols. The majority of these were “wide sandwich attacks,” where validators hold a victim’s transaction in a leader slot, allowing bots to insert front-run and back-run transactions in subsequent slots, making them difficult to detect.
These wide sandwich attacks are particularly lucrative for validators, as they can be hard to trace due to the victim’s transaction being separated by many others. This mechanism, critics argue, prioritizes fees and allows bots to exploit Solana’s speed-focused architecture, potentially siphoning billions annually.
Jito and Solana Foundation Respond
The scale of extraction is significant; in October 2025 alone, over 18,000 SOL were reportedly extracted from more than 202,000 victims across Solana DeFi, with attackers spending less than 340 SOL cumulatively. On October 30, two bots alone managed to rake in 46 SOL by spending less than 0.1 SOL on their sandwich attacks.
In response to the growing problem, Jito has taken decisive action, banning 15 additional validators. This move follows an analysis of 16 months of data by an analyst who identified 23 validators, primarily staking via Jito and Marinade pools, whose leader slots contained a high percentage of wide sandwich attacks targeting retail traders. Six of these flagged validators also received subsidies from the Solana Foundation.
This is not the first time such measures have been taken. In 2024, the Solana Foundation itself ousted over 30 validators for enabling Maximal Extractable Value (MEV) practices, indicating an ongoing effort to maintain network integrity and protect users from predatory trading strategies.
Addressing Network Integrity
The crackdown by Jito and the Solana Foundation underscores the ongoing challenge of MEV and sandwich attacks within high-throughput blockchain environments. As the Solana ecosystem continues to grow, addressing these exploits remains critical for fostering a fair and secure trading environment for all participants.
