Author: Frank, PANews
As the Solana ecosystem suffers from a decline in trading volume due to the MEME downturn, a more covert crisis is spreading. Recently, many community users have complained that even if they pay priority fees (Tips), they still frequently encounter sandwich attacks, and some validator nodes are even accused of participating in them. This phenomenon exposes the deep-rooted contradictions in the Solana ecosystem - MEV (Maximum Extractable Value) has evolved from a technical loophole into a systematic harvesting tool.
Data shows that the profit scale of a certain sandwich attacker has soared from $30 million in 2 months to $287 million in 6 months, while users are forced to struggle between "being squeezed" and "paying higher protection fees". Behind this crisis is a triple whammy of validator interest bundling, priority fee mechanism alienation, and user trust collapse.
Industrialization of Sandwich Attacks - From Guerrilla Warfare to Assembly Line Harvesting
Previously, PANews had conducted an in-depth investigation into the MEV situation on the Solana chain and exposed the then most notorious sandwich attack bot on the chain, which had earned over $30 million in 2 months (related reading: A $30 million "grab" in 2 months, the largest sandwich attacker on Solana earns $570,000 a day, sparking public outrage).
After a few months, what is the current status of sandwich attacks on the Solana chain?
First of all, it is very regrettable that the sandwich attacks on the Solana chain have not been curbed despite the community's condemnation and media exposure. Instead, they have adopted new methods and a larger-scale attack matrix.
Taking the previously investigated address Ai4zqY7gjyAPhtUsGnCfabM5oHcZLt3htjpSoUKvxkkt as an example, the address was finally used on November 15, 2024. According to PANews' statistics, this address earned about $287 million in profit over a 6-month period from May to November.
In terms of attack methods, there have also been new changes. To avoid being tracked, the sandwich attack bots on the Solana chain have started using more batched new addresses. They have also established programs to automate the execution of attacks.
For example, this attack program has 77 addresses, and as of March 12, it has conducted 429,000 transactions (since it is specifically for sandwich attacks, all transactions can be considered attacks). Calculating two transactions per attack, this program has carried out 215,000 attacks.
Another address, 4vJfp62jEzcYFnQ11oBJDgj6ZFrdEwcBBpoadNTpEWys, has conducted 210,000 attacks in the past month, cumulatively transferring out about $1.6 million from exchanges, with an average profit of $7.6 per transaction.
In fact, the number of programs conducting large-scale sandwich attacks every day is much higher than half a year ago. However, due to the inability to conduct data statistics, we cannot obtain precise figures.
The Embarrassment of Priority Fees: From 'Acceleration Fees' to 'Protection Fees'
Faced with increasingly frequent attacks, users have tried to avoid risks through trading bots or by increasing priority fees, but the priority fee mechanism has been completely alienated - from a tool to improve transaction efficiency, it has become a de facto 'on-chain tax', further increasing the burden on users.
The beneficiaries are those validator nodes that profit from MEV income.
The SIMD-0228 proposal currently under discussion aims to reduce the staking rewards of nodes, but the premise is that the proposer believes that the current MEV income is already sufficient to maintain the costs of these nodes.
Returning to the topic of MEV, one will find a strange Möbius loop. Sandwich attacks drive users to pay priority fees, and priority fees can increase node income, with some nodes participating in sandwich attacks. When several links are connected, the left-right harvesting strategy of sandwich attackers becomes the most lucrative profit model on the Solana chain.
Users can only choose between "being squeezed and losing their principal" and "paying higher priority fees".
Of course, this dark play was ignored during the bull market, as users were more concerned with the wealth effect and major hacking incidents. For sandwich attacks or small-scale RUG events, the victims are mostly resigned to bad luck, while the attackers simply wait to collect the money.
The Collapse of Trading Volume Leads to a Shift in the Squeeze Model: From 'Bundling' to 'Queue Jumping'
But this logic is also changing as the market declines. According to discussions on social media and PANews' investigation, an efficient sandwich attack is not cheap.
The biggest cost comes from the attackers having to deploy multiple validator nodes globally to be the first to insert transactions. It's important to note that the logic here does not mean that the attacker's node must lead the block to carry out the attack, but rather that when the attacker detects the latest attackable transaction, they need to have the node closest to the leading block physically to send the transaction to realize the operation. Usually, deploying a complete attack node cluster requires millions of dollars.
With such costs, while ensuring a steady stream of income from the attacks, sandwich attackers also face certain profit and loss pressures. As the on-chain trading volume gradually declines, the attackers' income will also decline. Among the attackers, there will also be stronger competition, and whoever can provide a higher priority fee will have the chance to occupy a larger market share.
In this competition, transactions without priority fees can no longer meet the attackers' targets. Therefore, the cases we mentioned earlier of multiple transactions with priority fees still being attacked have emerged.
In this transaction, the victim paid a priority fee of 0.000075 SOL, which in the past would not have been attacked. But now the sandwich attackers have paid a higher fee, up to 0.0044 SOL. In this transaction, the user tried to make a transaction worth about 5 SOL, but was robbed of 0.08 SOL by the attacker.
In fact, according to our investigation of multiple attack transactions, we found that these attacked users generally adopted a priority fee standard of less than 0.001 SOL, and were therefore attacked.
In this process, there is also one point that needs to be explained, that is, the attackers' tactics have also changed. In the past, sandwich attackers generally used the bundling transaction method, that is, they packaged those transactions that did not pay priority fees into a transaction bundle, and the attacker who submitted the transaction could arrange the order at will. But now, since most users will pay a certain priority fee, they will not be packaged into other transactions, so it can be observed on the chain. The current sandwich attacks are mostly non-bundled, but rather two independent transactions before and after this transaction. Therefore, the amount of priority fee has become a very critical standard.
In summary, the evolution of sandwich attacks on the Solana chain has changed from the past where paying priority fees could avoid being bundled and subjected to sandwich attacks, to the current situation where if the priority fees paid are not enough, they may also be inserted before and after the transaction.
For users, the choice ahead is no longer whether to pay priority fees, but whether to pay enough. It seems that this has entered another cycle mentioned earlier.
Only by continuously increasing priority fees can nodes maintain their original income level when trading volume declines. On the other hand, if users are unwilling to compromise, they can only be squeezed and lose more principal.
Increased Risk of Node Leaks Exacerbates Ecosystem Dilemma
But there is also a prerequisite in this process, which is that the leading block nodes need to collude with the sandwich attackers to leak data, so that the attackers can know in advance the transactions that have paid priority fees. Starting from February 27, the founder of Pepe boost has called on the Solana official to pay attention to this issue on the X platform. In addition, the co-founder of GMGN and PinkPunkBot have also publicly raised similar issues on social media. As of March 13, Solana official has not yet responded to this.
As of March 10 data, the daily priority fee on the Solana chain has dropped to around 14,000 SOL, a decline of over 92% from the January high of 183,000 SOL.
The number of active addresses on the Solana chain has also dropped to 2.14 million, a 75% decline from the peak of 8.78 million. In the already severely contracted market environment, continuing to allow the sandwich attack would obviously be tantamount to fishing the pond dry, further driving users away from the Solana ecosystem.
The competition of public chains has never been just a race for TPS numbers, but more about whether the participants in the ecosystem can establish a sustainable value consensus. Amidst the plummeting trading volume and shrinking priority fee income, Solana is facing a difficult situation: if the MEV interest group is allowed to continue to devour user assets, the network activity built up by MEME over the past year may be difficult to appear again. Fishing the pond dry, there will be no fish left.
