MEV Sandwich Attack Scams on Discord
Fake MEV protection tools and bots are promoted through Discord DeFi communities, collecting deposits or wallet approvals under the guise of shielding users from front-running attacks.
Part of: MEV Sandwich Attack Scams
Last reviewed: 9 June 2026
As awareness of MEV sandwich attacks has grown in the DeFi community, so has a secondary scam layer: fake protection services that exploit users' desire to defend against front-running. Discord DeFi servers are where traders discuss MEV strategies and share tools, making them an ideal distribution channel for fraudulent protection products.
The scam flips the original attack on its head: instead of front-running a trade, the fraudster collects fees or approvals in exchange for protection that is never delivered. The technical language surrounding MEV creates a plausible justification for why a specialized, paid protection service might be necessary, and legitimate MEV research does exist, blurring the line for non-expert users.
How this scam works on Discord
In Discord DeFi servers, community members or bots post about a new MEV protection bot or private RPC endpoint that routes transactions away from public mempools. The service claims to prevent sandwich attacks by submitting through private channels, citing real MEV protection concepts. A subscription fee is charged in cryptocurrency or wallet approval is required to register.
Some fake tools are partially functional: they route transactions through a private endpoint but extract a hidden fee on each trade, or they collect a subscription without providing any meaningful protection and cannot demonstrate their effectiveness in any verifiable way. More harmful variants are outright credential collectors, requiring wallet signature that grants the tool broad spending permissions.
Common red flags
- MEV protection tool was introduced through an unsolicited DM or a Discord bot rather than through established DeFi security communities
- Service requires you to sign a broad wallet approval or connect with permissions beyond what transaction routing requires
- Tool claims guaranteed protection from all MEV attacks without explaining the technical mechanism
- Subscription must be paid in cryptocurrency with no refund option
- The service cannot point to verifiable independent testing or security audit of its protection mechanism
- The tool's GitHub repository or smart contracts cannot be found or verified publicly
- Discord account promoting the tool was created recently and has no prior technical contributions to the community
How to protect yourself
- Use only MEV protection tools from established, publicly verified projects with open-source code and known security researchers behind them
- Never sign wallet approvals for a trading tool beyond the specific permissions needed for transaction submission
- Verify any private RPC endpoint through the protocol's official documentation rather than Discord recommendations
- Research MEV protection options through established DeFi research platforms rather than Discord promotions
- Remember that no tool can guarantee elimination of all MEV extraction - be skeptical of absolute protection claims
- Test any new trading tool with minimal funds before routing significant transaction volume through it
How to report it
- Report the Discord account or bot to Discord Trust and Safety at discord.com/safety
- Report suspected fraudulent tools to the legitimate DeFi security community so they can issue warnings
- File a complaint with the IC3 at ic3.gov if financial losses occurred
- Report to the CFTC at cftc.gov/complaint if the fraud involves commodity market manipulation
Frequently asked questions
Are any MEV protection services legitimate?
Yes. Legitimate MEV protection involves routing transactions through established private relayer networks with verifiable open-source code and no requirement for broad wallet approvals. Key projects in this space have public security research backing and documented performance data.
How can I tell if a Discord-promoted DeFi tool is trustworthy?
Check whether the tool has an established GitHub repository with a history of contributions from known developers, independent security audits, and references from reputable DeFi research publications rather than only Discord promotion.
What permissions does a legitimate transaction router actually need?
A private RPC endpoint for transaction submission requires no wallet approvals at all - it simply receives and submits signed transactions. Any tool asking for token spend approvals or wallet signatures beyond a simple connection handshake is requesting more than routing requires.