Sandwich Attacks on Solana: What MEV Is and How to Stay Safe
What is a sandwich attack, why Solana MEV happens, and how to avoid it with slippage and the right tools. A beginner-friendly defense guide, no jargon.
You got robbed and the price chart never even moved
Reported figures put it at around $500 million. That is roughly how much sandwich bots have quietly pulled out of regular Solana traders, a few dollars at a time, while those traders watched a chart that looked completely calm. If you have ever wondered what is a sandwich attack and whether it can happen to you while you buy a token, this guide is written for you, with zero assumed knowledge.
Picture a pizza shop with a board that lists one cheese pizza for $10. You walk up to order. A scalper standing behind you sees what you want, sprints to the counter, buys that pizza first, then turns around and sells it to you for $11. You still get your pizza. You just paid more, and the extra dollar went into a stranger's pocket. That is a sandwich attack, except it happens in software, in under half a second, and the board snaps back to $10 so fast that nobody around you notices anything changed.
No background needed for the rest of this. Every term gets explained the moment it shows up. The practical, do-this-today advice comes first. The heavy-duty material for people running token launches sits at the end, clearly labeled as advanced.
What is a sandwich attack?
A swap is just trading one token for another, like changing dollars for euros at an airport kiosk. When you buy a token, your purchase nudges the price up a little. That is simply how trading pools work: more demand pushes the price.
A sandwich attack is when a bot wraps its own trades around yours to skim money off the top. It spots your incoming trade and does three quick things, all inside a single block of time. A block is one batch of transactions the network confirms together, processed in well under a second on Solana:
- It buys the same token right before you, pushing the price up.
- Your trade goes through next, filling at that worse, higher price.
- The bot immediately sells at the price your own trade just helped lift, pocketing the difference.
You are the filling in the sandwich. The bot is the two slices of bread. Your trade still shows "success", so your app turns green and you move on. The chart can look untouched because the whole round trip happened and reversed within the same instant. The robbery and the cover-up finished faster than you could blink.
What is MEV, and why does this happen on Solana?
The engine behind sandwich attacks has a name: MEV, short for Maximum Extractable Value. In plain words, that is the money bots squeeze out by reordering or inserting transactions around yours. Whoever decides the order of trades in a block has a chance to profit from that ordering, and bots compete hard for it.
Here is the part people get wrong about Solana MEV. On Ethereum, pending trades sit in a public waiting room (called a mempool) where anyone can watch them line up before they confirm. Solana has no such public waiting room. Your trade goes straight to a connection provider (the service that relays your trade to the network), and from there to the next block producer (the computer building the upcoming block). So why do bots still see your trade? Two leaks:
- Some connection providers quietly share, or "gossip", your pending trade with bot networks they have arrangements with.
- The block producer's own queue of waiting trades can be read by bots it works with.
So the Solana problem comes down to two things: a connection provider that leaks, and a queue that bots can peek into. There is no glass waiting room here, just two side doors left open. Most of these attacks are pushed through a system called Jito, which lets someone submit a sealed package of trades (a "bundle") in a fixed order, along with a tip, that the block producer includes all-or-nothing. The twist worth remembering: the same bundle mechanism that bots abuse is also one of the tools honest users can defend themselves with later on.
How a sandwich happens in under a second
Here is the move with real numbers. Say you want to swap $1,000 of SOL into a small memecoin, and you have left your price protection wide open. You hit confirm. Here is the sequence, all within that single block:
- A bot sees your $1,000 buy coming and buys the memecoin a split second before you, pushing the price up about 5%.
- Your trade fills at that worse rate, so you get fewer coins than the screen first suggested.
- The bot sells right after, at the price your trade lifted, and walks away with roughly $40 of your money.
Your wallet shows a successful swap. You hold your memecoin. The $40 leak is invisible unless you go back and compare the rate you expected against the rate you actually got. Multiply that by thousands of trades a day and you arrive at those eye-watering reported totals.
What is slippage, and why is it your number-one free defense?
If you only remember one thing from this whole post, remember slippage, sometimes shown as "kayma toleransı" in Turkish apps. Slippage is the maximum price worsening you agree to accept before your trade auto-cancels. It is like telling a friend: "Buy the bread at $3, but if it goes over $3.30, just skip it." That $3.30 ceiling is your slippage setting. If the price has crept past it, the purchase cancels and you lose nothing but a tiny network fee.
This is why slippage matters so much for MEV protection on Solana, and it is the single most powerful thing a beginner can do, for free. A tight slippage setting caps how much a bot can take from you. If the bot tries to push the price past your limit, your trade simply cancels, and that collapses the bot's whole sandwich. The bot is now stuck holding tokens it bought to trap a trade that never happened. The trade-off is gentle in your favor: a cancelled trade costs you one tiny network fee, a fraction of a cent, while a successful sandwich costs you a percentage of your entire trade.
How tight should you go? It depends on how deep the pool is. A pool is the shared pile of two tokens that a swap trades against. A deep pool has lots of money inside (like SOL paired with USDC), so trades barely move the price and you can keep slippage very tight. A thin pool is small and jumpy (a brand-new memecoin), so you need a touch more room or your trade keeps cancelling. Use these working bands:
| Pool type | Example | Suggested slippage |
|---|---|---|
| Deep / large pools | SOL paired with USDC | 0.5% to 1% |
| Mid-size pools | An established mid-cap token | 1% to 2% |
| Thin / new pools | A fresh memecoin | 2% to 3% |
Setting slippage to something huge like 50% is the equivalent of shouting "fill my order at any price". It practically invites every sandwich bot watching to feast. Going the other direction and setting it razor-thin (like 0.1%) on a jumpy memecoin just means your trades keep cancelling on normal price wiggles, so you end up locked out of trading without gaining any real protection. Match the band to the pool.
How to avoid sandwich attacks: four practical steps
You do not need to become an expert to stay safe. Here is how to avoid sandwich attacks as a normal person making a normal trade. Walk through these in order.
- Set tight slippage using the bands above. This alone defeats most attacks against small trades.
- Use a one-click swap built for honest routing. Pick a tool that routes your trade carefully instead of broadcasting it carelessly. Our one-click token swap tool routes through Jupiter, shows live price quotes before you commit, and runs on-chain execution checks so you can see what you are actually getting.
- Keep trades small, or split a big one into pieces. Most sandwich bots only bother with trades worth roughly $500 to $1,000 or more, because below that their costs (network fee plus tip) eat their profit, so they ignore you. If you need to move a larger amount without becoming a target, our multi-wallet swap splitter runs the same swap across several wallets in a strict order, so one fat $5,000 trade becomes many smaller slices that each land below the bot's threshold. The fee is about 0.0035 SOL per transaction.
- Check the pool before you touch it. A token where ownership is jammed into a few wallets is a riskier, easier-to-manipulate pool. Our token holder snapshot tool shows who holds a token and how concentrated ownership is, so you can judge whether a pool is deep enough and size your trade sensibly before committing real money. The fee is 0.05 SOL.
The single most reassuring fact for beginners: bots usually ignore small trades. If you are swapping $50 or $100 with sensible slippage, you are almost certainly below the radar. The danger zone starts when your trade gets large enough to be worth a bot's effort. The fancy material below is meant for people running launches, so someone buying $200 of a coin can safely skip it.
What changed in 2026?
The defenders have been busy this year, and a few developments are reshaping how the Solana sandwich bot game plays out:
- Jito DontFront: a setting that forces your trade to sit at the very front of any bundle, which blocks the simple "buy right before you" move. It helps a lot, though it does not stop every wider sandwich pattern.
- JitoBAM (encrypted mempool): the newest and most promising structural fix. Your trade is kept secret (encrypted) until the very moment it executes, using secure hardware, so bots cannot read what they cannot see and cannot plan an attack around it. This is rolling out now.
- The Alpenglow upgrade: an upgrade in progress that brings Solana finality (the moment a trade becomes permanent) under about 150 milliseconds, roughly 100 times faster than before. A shorter window squeezes the gap bots rely on, and some current bot strategies stop being worth running. Think of it as reshaping the whole playing field.
None of these is a single magic button. Defense is layered, and the right layer depends on your trade size and the pool depth. The table below is a quick way to decide:
| Your situation | Sensible defense |
|---|---|
| Small trade, under ~$500 | Tight slippage is usually enough on its own; bots tend to ignore you |
| Larger single trade ($1,000+) | Tight slippage plus splitting into smaller swaps across wallets |
| Trading a thin, new memecoin | Check the pool first, then 2% to 3% slippage |
| Coordinated launch entry (advanced) | Your own sealed bundle so snipers cannot wedge in |
Advanced: for token launchers and multi-wallet operators
This section is the ileri seviye material, for people running a token launch or coordinating many wallets at once. If you are a regular trader, you can happily skip it. The four steps above already cover you.
When you launch a token and want several of your own wallets to enter cleanly, the open path leaves a gap for snipers (bots that race to buy the instant a token goes live). The same bundle mechanism that bots abuse can be turned into armor. By submitting your own sealed bundle, a fixed-order package that the block producer includes all-or-nothing, you lock in the exact order of your trades so no outside bot can wedge a transaction between them. On launch day, your wallets all land together instead of leaving gaps for someone to exploit.
- Our multi-wallet bundled buy tool buys from several wallets in the same block via a Jito bundle, with support for Raydium, Pump.fun, and Moonshot. It is live now, with a flat fee of 0.05 SOL.
- The sell-side mirror, our bundled sell tool, applies the same sealed-ordering idea to exits. It is currently on the coming-soon list and not yet live, with a planned flat fee of 0.05 SOL, so keep an eye out rather than expecting it today.
If you want the deeper background on coordinated entries and ordering, the J Tools step-by-step guides collect the longer walkthroughs, and the Solana tag archive gathers everything chain-specific in one place.
Things that look like protection but are not
A few popular "tricks" give a false sense of safety. Do not lean on these:
- Skipping the preflight check. Turning off that pre-send safety check does not hide your trade from bots. It just removes a guardrail and can let a doomed trade through that the check would have caught. The bots still see you.
- Trading at 3 AM. Bots never sleep. They are software running on servers 24 hours a day, and a quiet hour for humans is a normal hour for them.
- A "sandwich-free exchange" badge. Marketing language is not a guarantee. Protection is layered and probabilistic, so ask how it actually works, and if the answer is vague, treat the badge as decoration.
- Slippage set to 0.1% on everything. On a deep pool this is fine, but on a thin memecoin it just makes your trades fail constantly while you assume you are protected.
Where this leaves a normal trader
Sandwich bots are real, they have taken serious money, and for years most people had no idea they were being skimmed. The reassuring part: the fix for ordinary traders is mostly free and mostly simple. Match your slippage to the pool, use a careful one-click swap, keep individual trades modest or split the big ones, and glance at a pool's depth before you commit. For the vast majority of small retail trades, tight slippage by itself is usually enough to make you an unappealing target. The newer protections rolling out in 2026 are tilting the field further toward regular people, which is good news you do not have to do anything to enjoy.
This article is educational and is not financial advice. Token trading carries real risk, including the risk of losing your money, and no defense removes that risk. Do your own research, make your own decisions, and only trade what you can afford to lose.
