MEV Sandwich Attack Scams via Cryptocurrency
Malicious bots front-run and back-run on-chain swap transactions, extracting value from traders by sandwiching their transactions between manipulated orders.
Part of: MEV Sandwich Attack Scams
Last reviewed: 8 June 2026
Maximal Extractable Value (MEV) sandwich attacks are a form of on-chain market manipulation specific to decentralized exchanges. A bot detects a pending swap transaction in the mempool, places a buy order just before it to drive up the price, then immediately sells after the victim's transaction executes at the inflated price. The victim receives fewer tokens than expected, and the bot extracts the difference.
While not a traditional scam in the social-engineering sense, MEV sandwiching is a form of value extraction that costs retail crypto traders real money on every significant swap. Scammers also exploit awareness of MEV by selling fake MEV-protection tools or advertising services that claim to shield users while actually front-running them.
How this scam works on cryptocurrency
When a user submits a large swap on a decentralized exchange with a high slippage tolerance, automated bots monitoring the mempool detect the pending transaction. The bot inserts its own buy transaction with a higher gas fee to ensure it executes first, artificially raising the token price. The victim's swap executes at the elevated price. The bot then immediately sells its position into the victim's liquidity, completing the sandwich.
Scam-adjacent MEV exploitation also appears in fake MEV-protection services promoted through crypto communities. These services claim to route transactions through private mempools but actually direct transactions through a malicious relayer that extracts value before submission or simply holds funds.
Common red flags
- Swap consistently receives fewer tokens than the quoted estimate, even with low market volatility
- MEV protection service charges a fee but cannot show a verifiable audit or third-party endorsement
- Slippage on large trades is consistently higher than quoted by the DEX interface
- A recommended MEV tool was promoted through an unverified Telegram or Discord channel
- The protection service requires connecting your wallet with broad approval permissions
- Transaction routing through the service cannot be independently verified on a block explorer
How to protect yourself
- Use lower slippage tolerance settings on DEX swaps to reduce the profitability of sandwich attacks
- Break large swaps into multiple smaller transactions to reduce the extractable value
- Use DEXs or aggregators that offer verified private-mempool routing or flashbot protection
- Research any MEV protection tool through its published source code and independent security reviews
- Avoid setting slippage tolerance above the minimum required for a trade to execute
- Monitor your actual received amounts versus quoted amounts and investigate significant discrepancies
How to report it
- Report suspected malicious MEV tools to the protocol's official security disclosure channel
- File a complaint with the CFTC at cftc.gov/complaint if the manipulation constitutes market fraud
- Report to the IC3 at ic3.gov if significant funds were lost to a fake MEV protection service
- Alert DeFi security research communities to help catalog active attack vectors
Frequently asked questions
Is MEV sandwich trading legal?
The legality is debated and varies by jurisdiction. While the underlying mechanism is an emergent property of public blockchains, it is widely considered harmful to retail traders. Fake MEV protection services are a clearer fraud.
How do flashbot-style private transactions reduce MEV?
Private transaction relayers submit transactions directly to miners or validators without broadcasting to the public mempool, denying bots the visibility needed to front-run.
What slippage tolerance should I use on a DEX?
For stable pairs, 0.1-0.5% is typical. For volatile tokens, up to 1-3% may be needed. Very high slippage tolerance, above 5%, significantly increases MEV sandwich vulnerability.