Nearly half a billion dollars. That’s what Solana users reportedly lost to sandwich attacks over a 16-month period before 2025’s security overhaul. The staggering sum represents not just burned tokens, but a combination of trader losses from price slippage and value extracted by MEV searchers and complicit validators. Pretty brutal math.
These sandwich attacks weren’t exactly rocket science. Attackers would spot a pending buy order, jump in front with their own purchase, let the victim buy at an inflated price, then sell immediately after. Simple but effective. Solana’s high throughput and low fees made this strategy particularly profitable—cheap to execute and easy to scale.
The worst part? Some validators were in on it. They could reorder or insert transactions, fundamentally rigging the system against ordinary users. Traders dealing with low-liquidity tokens or placing large orders got hit hardest. Every cent of slippage meant more profit for the attackers.
Detecting these attacks required serious forensics: transaction trace analysis, gas fee patterns, and orderbook replays. MEV aggregators like EigenPhi helped quantify the damage across various DEXs. Connecting attacks to specific validators wasn’t easy, but patterns emerged through cluster analysis.
The 2025 mitigation efforts finally put teeth into enforcement. Delegation services like Marinade began blacklisting validators caught sandwiching users. Straight-up slashing penalties hit those still trying to game the system. Marinade Select initiative introduced a curated list of trusted validators for safer staking. Good riddance.
These measures arrived alongside a massive shift in Solana’s staking landscape, with 75% of SOL now staked in the new security framework. The community basically voted with their wallets against the sandwich-makers. Similar to other MEV mitigation strategies, Solana implemented a form of private RPC endpoints to prevent searchers from viewing pending transactions.
Will the $500M figure ever be conclusively proven? Probably not. Different reports use different methodologies and timeframes. But the number has become shorthand for Solana’s MEV problem—and a reminder of what was at stake when the network finally decided enough was enough.
