Hey folks, if you’ve been on crypto twitter lately, you’ve probably already seen Elon Musk’s super-ultra-trending video telling Bob Iger, the CEO of Disney to “Go f*ck yourself” for blackmailing Twitter for pulling advertising revenue:
Once Elon uttered the letters “G-F-Y,” it was inevitable that a new memecoin, $GFY, would be launched immediately. And consequently in true memecoin fashion, over the past 24 hours, $GFY has skyrocketed in price, with nearly 15,000 different transactions and almost 4,000 unique holders:
Congratulations for those of you that have already seen multiples on your returns, but if we take a quick peek behind the curtains, you’ll see something odd about some of those transactions:
The wallet address that’s making automated consecutive trades is none other than the infamous jaredfromsubway.eth MEV bot, who is sandwich-attacking the hell out of many unknowing victims. From the graphic above you can see that in just one sandwich attack, jaredfromsubway.eth was able to extract 0.05 $ETH, from their victim —adding to the 10s of millions of dollars that he/she has been able to extract from countless other victims over the past year alone.
For today’s article, I’m going to go into a deep dive of how these bots work, and what you can do to prevent yourself from getting sandwich attacked in the future.
Let’s get into it shall we?
How do sandwich attacks work?
Sandwich attacks occur on decentralized exchanges and liquidity pools such as Uniswap, where all trades, whether they are buying or selling, are submitted publicly on the blockchain. A sandwich attacker monitors incoming trades and is able to frontrun your trade by paying a higher gas fee. Subsequently after the frontrun trade and your trade are made, a third trade is executed in the opposite direction to basically profit off the trade in the middle. Thus, there are a total of three trades, with the victim’s trade in the middle making it a sandwich attack.
If you take look at the difference in amounts in $WETH that 1FaE13 makes below, you can see the three trades in sequence, they net a difference of 0.0056 $ETH:
By front running 07cbf8’s transaction, 1FaE13 was able to force 07cbf8 to sell at a lower price, and consequently 1FaE13 was able to recoup their principal transaction at a lower price.
Now at a glance 0.0056 $WETH worth of profit might not seem a lot, but I’ve seen the bot execute at times more than 10 different transactions (at least 5 different sandwich attacks) a minute. And by looking at their wallet history on , you can tell that this wallet is constantly siphoning money, hundreds of thousands of dollars, out of their account:
Where do most sandwich attacks occur?
$GFY is a perfect target for MEV-bots looking for sandwich attacks because of 3 qualities:
- It’s on Ethereum Mainnet — Now to be clear, there’s definitely MEV bots on other networks, but I think Ethereum Mainnet is just the most likely target because most altcoins (a.k.a. $h!itcoins) exist on Mainnet.
- Speaking of $h!tcoins, if you’re buying selling something that has an extremely low marketcap, this is super MEV-bot prone because there’s high volatility in price action.
- High number of transactions — For obvious reasons, if there’s not a lot of activity with different retailers buying and selling, then there’s a limit to how much profit can be made from sandwich attackers. Therefore it’s more profitable for MEV-bots to look for altcoins, especially memecoins that are highly trending.
So sandwich attacks suck, but how can I protect myself from becoming a victim?
As I mentioned before, sandwich attacks occur when the attacker is able to view incoming trades. The attacker is essentially able to publicly access and extract all details of your transaction request which includes not only what you’re wanting to trade, but specifics such as what your slippage setting is at and how much gas you’re willing to pay. The simple remedy to prevent this problem is to mask your transactions so that this data isn’t publicly available — something that can be done through alternate RPCs.
An RPC, otherwise known as a “Remote Procedure Call” is essentially a server that allows users (like you and me) to read blockchain data and to send transactions across a given network. Data you send through an RPC goes through a “mempool” (otherwise known as a memory pool), where it can be read by sandwich bots. To put things plainly, there are some RPCs that have public mempools and there are other ones that are private. Incidentally, the ones that are private cannot be read by sandwich bots.
Because of the increasing notoriety of sandwich attacks, there are thankfully different options out there that will not only help you mask your transactions, but also get rebates on your transactions through backrunning. In other words, users are able to get compensated through whitehat MEV-bots if there was an arbitrage opportunity exploited through your transaction. To date, the ones that I could find are:
MEVBlocker.iois perhaps the most vanilla on Ethereum, but is also from what I found is also the easiest to setup.
Backrunmefour different RPCs (2-Ethereum, 1-BSC, 1-Polygon)
Flashbotsis probably the most widely known and most OG service that exists for Etheruem, and many use it because it prevents users from having any failed transactions.
Personally the only I’ve used myself is Flashbots, but I have yet to have read any negative reviews from others that have used MEVBlocker or Flashbots.
Even though we’re all degens trading things like $PEPE or $GFY, I still get a sinking feeling when I see anyone, let alone myself, get sandwiched attacked when they’re making a transaction. However given the options that are available today, there’s really no reason why we should be left vulnerable, so before you ape into that next memecoin, I highly encourage everyone to considering using one of the options that I’ve listed above.
And as always, thanks for taking the time to read this and be sure to follow me on twitter (https://twitter.com/CryptosWith) to get all my latest updates. Also, looking for a gift for your Crypto-loving/hating friend? Give them a REKT journal to cheer them up!
Disclaimer: This is not financial advice and this is for educational and entertainment purposes only. Please as always, do your own research and find what investments are best for you. Cheers everyone!
