As the Solana ecosystem experiences a decline in transaction volume due to the fading MEME trend, a more insidious crisis is spreading. Recently, many users in the community have complained that even after paying priority fees (Tips), they still frequently fall victim to sandwich attacks. Some validator nodes are even accused of participating in these attacks. This phenomenon exposes a deep-seated issue within the Solana ecosystem—MEV (Maximum Extractable Value) has evolved from a technical vulnerability into a systematic harvesting tool.

Data shows that the revenue of a single sandwich attacker has skyrocketed from $30 million in two months to $287 million in six months. Meanwhile, users are forced to choose between being “sandwiched” or paying higher “protection fees.” Behind this crisis lies a triple threat: validator interest bundling, the distortion of the priority fee mechanism, and the collapse of user trust.

Sandwich Attacks Industrialized: From Guerrilla Warfare to Assembly Line Harvesting

Previously, PANews conducted an in-depth investigation into MEV on the Solana chain, exposing the most notorious sandwich attack bot at the time, which made over $30 million in profits within two months (related reading:Solana’s biggest sandwich attacker earns $570,000 a day after “grabbing” $30 million in 2 months, sparking public outrage）

Months later, the situation has only worsened. Sandwich attacks on Solana have not been curbed by community backlash or media exposure. Instead, attackers have adopted new methods and larger-scale attack matrices.

For example, the address Ai4zqY7gjyAPhtUsGnCfabM5oHcZLt3htjpSoUKvxkkt, which was active until November 15, 2024, generated approximately $287 million in profits over six months, according to PANews statistics.

Attack methods have also evolved. To avoid detection, sandwich attack bots on Solana now use a larger batch of addresses and execute attacks programmatically. One such program, with 77 addresses, conducted 429,000 transactions (all of which can be considered attacks) by March 12. Assuming each attack requires two transactions, this program executed 215,000 attacks.

Another address, 4vJfp62jEzcYFnQ11oBJDgj6ZFrdEwcBBpoadNTpEWys, carried out 210,000 attacks in the past month, transferring approximately $1.6 million to exchanges, with an average profit of $7.6 per transaction.

In reality, the number of daily sandwich attacks far exceeds what was seen six months ago. However, precise statistics are unavailable due to the lack of comprehensive data.

The Dilemma of Priority Fees: From “Acceleration Fees” to “Protection Fees”

As attacks become more frequent, users attempt to mitigate risks by using trading bots or increasing priority fees. However, the priority fee mechanism has been distorted—transforming from a tool to improve transaction efficiency into a de facto “on-chain tax,” further burdening users.

The beneficiaries are the validator nodes that profit from MEV income.

The SIMD-0228 proposal, currently under discussion, aims to reduce node staking income. However, this is based on the assumption that current MEV income is sufficient to sustain these nodes’ fees.

This creates a vicious cycle: sandwich attacks drive users to pay priority fees, which increase node income, and some nodes participate in sandwich attacks. This interconnected system makes sandwich attacks the most lucrative profit model on Solana.

Users are left with a grim choice: lose principal to sandwich attacks or pay higher priority fees.

During bull markets, this dark gameplay is often overlooked, as users focus on wealth effects and major hacking incidents. Victims of sandwich attacks or small-scale RUG pulls are often left to accept their losses, while attackers sit back and collect profits.

Declining Transaction Volume Shifts Attack Models: From “Bundling” to “Queue Jumping”

However, this logic is changing as the market declines. According to social media discussions and PANews research, executing an efficient sandwich attack is not cheap.

The primary cost comes from the attacker’s need to deploy multiple validator nodes globally to insert transactions at the right moment. Deploying a full cluster of attack nodes can cost millions of dollars.

While these costs ensure a steady stream of attack revenue, they also create profit and loss pressure for sandwich attackers. As on-chain transaction volumes decline, so do the attackers’ incomes. This leads to increased competition among attackers, with those offering higher priority fees likely to capture a larger market share.

As a result, transactions without priority fees are increasingly unable to meet attackers’ targets. This has led to cases where even transactions with priority fees are still being attacked.

For example, in one transaction, the victim paid a priority fee of 0.000075 SOL, which would have previously been safe from attacks. However, the sandwich attacker paid a higher fee of 0.0044 SOL. In this transaction, the user attempted a trade worth about 5 SOL, but the attacker took away 0.08 SOL.

In fact, investigations into multiple attack transactions reveal that users who paid less than 0.001 SOL in priority fees were often targeted.

Attack methods have also shifted. Previously, sandwich attackers used bundled transactions, packaging non-priority fee transactions together and arranging them in any order. Now, since most users pay some priority fee, attackers have adopted a non-bundling approach, initiating two independent transactions before and after the target transaction. As a result, the amount of the priority fee has become a critical factor.

In summary, the evolution of sandwich attacks on Solana has shifted from avoiding bundled attacks by paying priority fees to being sandwiched if the priority fee is insufficient.

For users, the choice is no longer whether to pay a priority fee, but whether to pay enough. This creates a vicious cycle: users must continuously increase priority fees to protect themselves, while nodes rely on these fees to maintain their income levels.

Node Data Leakage Exacerbates Ecosystem Challenges

However, this process relies on a critical premise: the block-leading node must cooperate with sandwich attackers by leaking data, allowing attackers to identify transactions with priority fees in advance. Since February 27, the founder of Pepe boost has called on Solana officials to address this issue on platform X. Additionally, GMGN co-founder and PinkPunkBot have raised similar concerns on social media. As of March 13, Solana officials have not responded.

By March 10, the daily priority fee on Solana had dropped to about 14,000 SOL, a 92% decline from the January high of 183,000 SOL.

The number of active addresses on Solana also dropped to 2.14 million, down 75% from the peak of 8.78 million. In an already shrinking market, allowing sandwich attacks to continue is akin to killing the goose that lays the golden eggs, further driving users away from the Solana ecosystem.

The competition among public chains is not just about TPS numbers; it also hinges on whether ecosystem participants can establish sustainable value consensus. With transaction volumes plummeting and priority fee income shrinking, Solana faces a difficult dilemma: if MEV interest groups continue to devour user assets, the network activity built by MEME over the past year may never return. Overfishing will leave the pond empty.

Disclaimer:

1. This article is reprinted from [PANews]. The copyright belongs to the original author [Frank]. If you have any objection to the reprint, please contact Gate Learn team, the team will handle it as soon as possible according to relevant procedures.
2. Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.
3. Other language versions of the article are translated by the Gate Learn team and are not mentioned in Gate.io, the translated article may not be reproduced, distributed or plagiarized.