In the crypto ecosystem, attacks are legion. Hackers compete in ingenuity to create new ones for the sole purpose of robbing users of their assets. Knowing their modus operandi helps to avoid being tricked.
The MEV bot Sandwish attack: to take advantage of exchanges on DeFi
The MEV (Maximum Extractable Value) bot Sandwish attack may not inspire many crypto users. Yet those who frequently use a decentralized finance (DeFi) service should be aware of it.
It is this crypto attack whose vocation is to subtly take advantage of user exchanges on the blockchain. As its name suggests, it operates in “sandwiching” the user’s transaction, especially one deemed profitable.
How does the MEV bot Sandwish attack work?
To take advantage of users’ crypto transactions, the MEV bot Sandwish attack uses a well-established process. A multi-step procedure involving distinct operations.
First, a so-called transaction “front run” :
The goal of the front run is simple: identify a profitable transaction, awaiting validation (swap) on a given blockchain. Once done, via a bot, the attacker performs a swap similar to the user. This, by getting ahead of the latter, with a view to raising the price of the token he wishes to buy.
Then, an operation called “back-run” :
Here, the attacker’s objective is to directly sell the token at the increased price. To achieve this, the latter pays fewer transaction fees, thus lowering the costs of the operation. Being integrated in the same block as the first transaction, the second is validated without problem. Ultimately, for sandwiching the user’s swap, the attacker makes a margin at the end of the trade.
How to protect yourself from an SRM bot Sandwish attack?
While there are many ways to avoid falling victim to this attack, there is one antidote that stands out. It’s about “slippage”. This method allows the user to cancel any transaction that shows a difference between the displayed price and the actual price.
Other more or less complex processes also exist. Among these is the division of large transactions into smaller transactions. Or the use of DeFi protocols that promote the fight against these attacks.
Note that basically, the MEV bot Sandwish attack is not illegal in itself. However, it represents a risk for the security and stability of a blockchain. This explains the work of the developers to minimize the effects.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
