← All articles

Phantom Millions: Why Sandwich Attack Statistics Are Broken

@0x3hu79
@0x3hu79
April 8, 2026 · MEV Research
#MEV#sandwich-attacks#measurement#DeFi#data-quality

A user swaps $1.44 of WETH for a long-tail token. The fill is terrible. They check EigenPhi - the leading MEV explorer - and find their trade tagged as the second-largest sandwich exploit of the past 30 days: $1.79 million in user losses.

The actual loss was $1.44. The actual attacker profit was approximately zero.

DataAlways, a researcher at Flashbots, recently published a forensic analysis of three sandwich attacks that public dashboards reported as $4.70 million in combined profit. After tracing the transactions on-chain, the real economic profit across all three was close to nothing. Yet these three edge cases accounted for 99% of all reported sandwich bot profits and 78% of reported user losses in the 30-day window.

This matters more than it might seem. Sandwich statistics are cited in academic papers, regulatory assessments, and protocol design debates. If the numbers are fundamentally broken, the conclusions drawn from them may be too.

The Three Phantom Attacks

Attack 1: “$2.36 million profit” - actual profit: ~$0

Two victims. The first swapped 625 USDC and received slightly less ETH than fair value - a real loss of about $13 (2% slippage). The second sold ~$100 of ETH for SAIYAN, a long-tail token with no reliable price. Total real victim loss: roughly $113.

Where did the $2.36 million come from? The bot’s backrun routed through pools for a token called COW (cowfarm finance). A tiny swap implied a per-token price of $4.999 billion. The dashboard marked the bot’s remaining COW holdings at this implied price. Attempting to actually swap those tokens on Uniswap produces a honeypot warning and a value under one cent.

Attack 2: “$1.79 million profit” - actual profit: ~$0

One victim swapped $1.44 of WETH for NSWP (NeuralSwap Protocol). The bot frontran with 9.6 WETH, sandwiched, sold back. Net gain: 0.000585 WETH (~$1.22). Gas cost: also $1.22. Realized profit: approximately zero.

The distortion came from a honeypot contract. NSWP charges a 90% fee on all trades. The explorer misread swap amounts - logging 7,400 NSWP transferred when only 740 actually moved (the 90% fee consumed the rest). The remaining tokens were marked at an inflated exit price. Checking the bot’s actual post-attack balance: dust tokens only.

Attack 3: “$545,000 profit” - actual profit: $0.19

One victim swapped $4.03 of ETH for URSVC (URS Virtual Currency) - only the fifth trade this token had ever seen. The bot frontran with 270 WETH (~$544K), sandwiched, and the explorer displayed the frontrun amount as the profit.

In reality, the backrun sold the vast majority of the URSVC - the explorer missed the sell. The bot’s realized gain: $0.19 and some illiquid tokens.

How the Distortion Works

MEV dashboards calculate sandwich profits by:

  1. Observing the swap sequence (frontrun → victim trade → backrun)
  2. Pricing tokens using the implied exchange rate from those swaps
  3. Calculating profit as: tokens retained × implied price

For major tokens like WETH and USDC, this works fine - the implied price matches reality. But for tokens with near-zero liquidity, honeypot contracts (transfer fees, blacklists), or pools with fewer than ten trades ever, the implied price is economically meaningless.

The dashboard faithfully reports a number that is mathematically derived from the swap but completely disconnected from any realizable value. The bot can’t actually sell those tokens for anything close to the implied price - and in many cases, the tokens are literally worthless.

The Corrected Numbers

Removing just these three attacks from the 30-day aggregate:

MetricReportedCorrected
Average sandwich profit per attack~$76< $1
Average price impact per sandwiched trade~$98~$22
Price impact relative to L1 DEX volume~1.53 bps~0.37 bps

The corrected price impact - 0.37 basis points - paints a very different picture of sandwich attack harm on Ethereum L1 than the reported 1.53 bps.

Why This Matters Beyond Data Hygiene

The regulatory lens

As traditional financial institutions evaluate DeFi, sandwich attack statistics are a primary input for assessing trading safety. Headlines like “$4.75M/month extracted by sandwich bots” paint a picture of a hostile trading environment. If the real number is closer to $50K/month, that’s a 100x error that could shape policy in the wrong direction. Accurate measurement isn’t just academic - it has real consequences for how DeFi is perceived and regulated.

Protocol design priorities

Several of the mechanisms discussed in the Ethereum protocol design community - encrypted mempools, order flow auctions, FOCIL-enforced transaction ordering - are partly motivated by the harm sandwich attacks cause. The urgency and cost-benefit calculus for these mechanisms depends on how much harm actually exists. A 4x reduction in measured impact (1.53 bps → 0.37 bps) doesn’t eliminate the case for protection, but it changes the priority ranking.

The private mempool reality

A striking statistic from DataAlways’s post: 85% of DEX trades and 95% of DEX volume on Ethereum L1 already use private mempools to protect against sandwich attacks. The residual sandwich problem is concentrated on users who broadcast to the public mempool - disproportionately small, unsophisticated traders who may not know private submission exists.

This means the “dark forest” narrative - where sophisticated bots prey on every DeFi user - is increasingly outdated for L1 Ethereum. The majority of volume is already protected. The question is whether the remaining 5-15% deserves protocol-level intervention, or whether user education and wallet defaults (auto-private submission) are sufficient.

Research credibility

Academic papers that use dashboard data as inputs inherit these distortions. Any MEV study citing aggregate sandwich statistics without filtering for low-liquidity outliers is potentially drawing conclusions from data where three transactions distort the entire dataset. DataAlways explicitly frames this as a call for better measurement methodologies.

What Better Measurement Looks Like

The post identifies several improvements that MEV dashboards and researchers should adopt:

Use realizable value, not implied value. Check whether the tokens the bot retained can actually be sold. If a token has a honeypot contract, no liquidity, or has had fewer than ten trades ever, the implied price should be flagged or excluded from aggregates.

Cross-reference post-attack balances. Verify that the bot actually holds the tokens the dashboard claims. In the NSWP case, the bot only retained dust - the dashboard attributed millions in unrealized value.

Flag honeypot contracts. Tokens with 90% transfer fees, blacklist functions, or other adversarial mechanics shouldn’t be priced at face value. Uniswap itself flags these - MEV dashboards should too.

Separate “headline MEV” from “economic MEV.” The distinction matters. A sandwich that produces $2.36M in headline MEV but $0 in economic MEV tells us nothing useful about market harm - but it dominates the statistics.

The Bigger Picture

Sandwich attacks are real and harmful. This analysis doesn’t argue otherwise. Users who broadcast large swaps to the public mempool without slippage protection do get worse fills because of sandwich bots. The question is: how much worse?

When three edge-case trades involving worthless tokens can shift the aggregate statistics by 99%, the measurement system is broken. And when regulators, researchers, and protocol designers rely on those statistics to make decisions, broken measurement leads to misallocated priorities.

DataAlways concludes with a line that captures it well: “As DeFi trading comes under more scrutiny from regulators and financial institutions, we need better standards and more robust measurement techniques to illuminate the dark forest.”

The dark forest is real. But it may be smaller and less profitable than the dashboards suggest.

Sources

Original post:

Referenced tools and data:

Related context: