This Solana validator used sandwich attacks to extract over $13 million from users in a month

Solana (Sol) has one of the most expensive networks to maintain by design. In many cases, verifiers require that you search for foundation grants or the maximum extractable value (MEV) technology. This is the case for Solana Validator and RPC cluster provider Deeznode, which benefited more than $13 million in a month from sandwich attacks on other SOL users.

According to a Vitorpy post, founder Dark LakeDeeznode’s sandwich bot ran 1.55 million transactions in December 2024. The exploitative explosion led to the SOL profits of more than $13 million in attackers by Vitorpy’s posting time of 65,800.

At an annual rate, this results in around 801,540 SOLs stolen from users, worth around $163.4 million.

In particular, this phenomenon closes Jito’s public memory, which was promoted as a solution to the MEV abuse problem. However, as reported, this issue increased as it pushed extraction into a private network from providers such as deeznode and amplified the speed.

“After analyzing the transaction flow across the validator, one thing is clear: JITO’s public Mempool Shutdown didn’t eliminate MEV, so it pushed the extract up into a private network.”

– Vitorpy

This is especially a recurring problem for Solana. Previously, Finbold reported a similar (even higher) exploit from ARSC, scooping over $60 million from the MEV sandwich attack.

What is a sandwich attack on Solana?

Essentially, sandwich attacks are a harmful exploitation in distributed exchanges (DEXES) when the attacker’s front performs a user’s transaction for profit.

The MEV sandwich attack in Solana involves malicious actors who misuse trade orders to make profits at the expense of regular users. This action will ensure that users always get the worst price and the attacker will benefit.

These actors, typically validators or actors with access to the private memo pool, place two transactions around the target user’s transaction. One is to “snap” the user’s transaction before purchasing an asset at a lower price, the other is to sell at a higher price.

This practice harms users by increasing transaction costs and reducing fairness in the trading environment. Only a few validators benefit from controlling the transaction order of Solana’s leader-based block production systems.

Interestingly, Solana’s architecture is particularly fostering such attacks due to its high-speed transaction processing and lack of in-protocol memory. Instead, some validators and RPC service providers use private members to allow transactions to be viewed and manipulated before finalizing. This scenario often resulted in significant MEV revenue for these validators at the direct cost of user experience and network integrity.

Furthermore, Solana’s architecture makes it difficult for external observers to present concerns about sandwich attacks, data obscurity, and how much Solana’s actual economic value (Rev) is in fact from extracting predatory value.

Sol supporters are particularly relevant as they often refer to Rev as a key indicator that will advance its competitors like Ethereum (ETH). However, CEO of Helius Labs, Solana’s biggest RPC provider, explained that the sandwich attack is just a small share of Rev in the chain.

“The last data on this (sandwich attack) is that it’s a single digit of the total Rev. This is what we’re referring to. The majority of revenue is through prioritization (transactions) to land faster,” Mert said in the thread.

As things develop, traders, investors, users and enthusiasts discuss MEV sandwich attacks and potential solutions. Blockchains such as Multiversx (EGLD), BNB Chain (BNB), Algorand (Argo), and Cardano (ADA) are known for actively considering ways to mitigate these exploits.

Featured Images from ShutterStock