What Is MEV on Solana? How Sandwich Attacks Stole $500M from Traders
MEV sandwich attacks drained $370–500M on Solana. How they work, how to avoid them, and why Stratium's non-custodial copy trading protects you.
TL;DR
MEV (Maximal Extractable Value) on Solana refers to profit extracted by bots that reorder or front-run your transactions. Sandwich attacks — the most harmful form — drained an estimated $370–500M from traders in 16 months. Protection exists via Jito defensive bundles, but copy traders face compounded exposure that most platforms don't address.
Florian
Founder & Head of Quant — Stratium
What Is MEV on Solana?
Risk disclaimer: This article is educational and does not constitute financial advice. Trading on Solana involves significant risk of loss. Only trade with funds you can afford to lose entirely.
MEV (Maximal Extractable Value) on Solana is the profit that bots, validators, and block producers extract by reordering, front-running, or inserting transactions around yours before a block is finalised — without your knowledge or consent.
On Solana, the most common and damaging form of MEV is the sandwich attack: a bot detects your pending swap, buys the same token just before your transaction executes (pushing the price up), lets your trade go through at the worse price, then immediately sells for a profit. You pay more than the market price. The bot keeps the difference.
In the 16 months ending May 2025, sandwich bots extracted an estimated $370–500 million from Solana traders, according to on-chain research presented by Chris Chang and George Datskos at Solana Accelerate 2025 — covering 8.5 billion trades across more than $1 trillion in DEX volume. That is not a systemic protocol number. That is money taken directly from ordinary traders who did not know it was happening.
The average extraction per attacked trade is $8.67 — small enough that most traders never notice a single incident. Multiplied across 1.55 million sandwich transactions in a single 30-day window (December 2024–January 2025), it becomes a reliable, invisible extraction machine.
How Do Sandwich Attacks Actually Work on Solana?
The mechanics: a step-by-step Raydium example
sequenceDiagram
participant You as You
participant Mempool as Mempool
participant Bot as Sandwich Bot
participant DEX as Raydium Pool
You->>Mempool: Submit swap with slippage tolerance
Bot->>Mempool: Detect your pending tx
Bot->>DEX: Front-run: BUY same token
Note over DEX: Price moves up
You->>DEX: Your swap executes at worse price
Note over You: You overpay
Bot->>DEX: Back-run: SELL for profit
Note over Bot: Pockets the difference
Most Solana trades route through Jupiter, the leading DEX aggregator, which settles the majority of its volume on Raydium — Solana's most targeted DEX for MEV. Here is exactly what happens when a sandwich bot attacks your trade.
Step 1 — You submit a swap. You try to buy a new memecoin on Raydium. You set 10% slippage because the token is volatile and you want execution certainty.
Step 2 — The bot spots your transaction. Before Jito shut down its mempool in March 2024, bots watched a public queue. Today, private mempool operators (primarily the DeezNode network) maintain off-protocol infrastructure that previews incoming transactions before they land on-chain. Jito's internal analysis found that nearly half of all Solana sandwich attacks are attributable to a single DeezNode-linked program.
Step 3 — The bot front-runs you. The bot submits a buy order for the same token with a higher priority fee, ensuring it executes just before yours. This purchase moves the price up. The token is less liquid than major coins, so even a small buy has price impact.
Step 4 — Your trade executes at the worse price. Your transaction fills — but at the higher price the bot created. Your 10% slippage tolerance gave the bot a clean runway to move the price inside your acceptable range without triggering a failed transaction.
Step 5 — The bot sells immediately. The bot dumps its position into the liquidity you just provided, locking in profit. The round-trip often takes a single Solana slot — roughly 400 milliseconds.
The on-chain fingerprint of a sandwich attack is visible on Solscan. Look for three transactions in the same slot: a buy from an unfamiliar wallet just before yours, your swap, and a sell from the same unfamiliar wallet immediately after. The buy and sell amounts will closely match. The wallet running the attack often processes hundreds of these sequences per hour.
A documented case: a single bot identified as Ai4zqY7gjyAPhtUsGnCfabM5oHcZLt3htjpSoUKvxkkt was active from May to November 2024, generating approximately $30 million in two months at roughly $570,000 per day. Researchers at MRGN Research first identified it in June 2024. By November 2024, the wallet had accumulated an estimated $287 million across its full operating period.
Why Raydium is the primary target
Raydium hosts Solana's deepest memecoin liquidity pools. Over 55% of trades routed through Jupiter settle on Raydium. The Helius MEV Report (January 2025) confirmed that 16 of the top 20 most sandwiched tokens were Pump.fun creations trading on Raydium pools. The pattern is consistent: thin liquidity + volatile token + high slippage tolerance = maximum sandwich profitability.
Stablecoins and high-liquidity tokens like SOL/USDC are rarely sandwiched — the price impact of a front-run is too small to profit from. Memecoins are the primary target because their shallow order books allow even modest front-runs to move price materially inside a trader's slippage window.
What Are the Three Types of MEV on Solana?
Not all MEV extraction is predatory. Understanding the landscape helps traders identify what poses the real risk.
| MEV Type | Who it affects | Harmful to traders? | Scale | Example |
|---|---|---|---|---|
| Sandwich attacks | DEX traders, copy traders | Yes — directly extracts value from your trade | $370–500M extracted (Jan 2024–May 2025) | Bot front-runs your Raydium memecoin buy |
| Arbitrage | Liquidity providers (indirectly) | Mostly neutral — corrects price inefficiencies | Largest MEV category by volume | Bot buys SOL on Raydium, sells on Orca after price diverges |
| Liquidations | Borrowers on lending protocols | Depends — liquidations are necessary but bots race to capture the fee | Moderate | Bot liquidates an undercollateralised position on Marginfi |
| Sniping | New token launchers and early buyers | Yes — bots buy at launch before humans can react | Growing with Pump.fun volume | Bot detects new Pump.fun graduation and buys in the same block |
Sandwich attacks are the only MEV type that directly and consistently extracts value from ordinary retail trades. The others — arbitrage, liquidations, sniping — are either neutral or affect a narrower set of users. This article focuses on sandwich attacks because they are the MEV problem that affects every Solana DEX trader.
How Does Solana MEV Differ from Ethereum MEV?
Solana's MEV landscape operates on fundamentally different mechanics from Ethereum, with important implications for how traders can protect themselves.
Ethereum has a public mempool — a visible queue where pending transactions wait before block inclusion. Anyone can monitor this queue and front-run trades. Solana has no native public mempool. Transactions stream directly to validators every ~400 milliseconds. This absence of a public mempool raises the cost of executing sandwich attacks — bots must build or access private infrastructure — but it also creates opacity. When an attack happens, it is harder to detect in real time.
The second difference is how priority is determined. On Ethereum, MEV is won by paying the highest gas fee. On Solana, it is won by being fastest and by accessing validators through Jito's block engine or private mempool operators. This makes Solana MEV more infrastructure-intensive — professional operations, not casual scripts.
The third difference is the response mechanism. Ethereum is building MEV infrastructure directly into the protocol through Proposer-Builder Separation (PBS). Solana has relied on governance actions: the Solana Foundation removed 30+ validators from its delegation program in June 2024 for enabling sandwich attacks. Marinade Finance blacklisted 50+ validators in December 2025 through its stake delegation algorithm. These actions reduced sandwich profitability by an estimated 60–70% by late 2025 — but did not eliminate the problem.
How Do Jito Bundles Protect Traders From MEV?
What is a Jito bundle?
A Jito bundle is a group of up to five Solana transactions submitted together to Jito's block engine — the infrastructure running on approximately 92–95% of Solana's validator stake as of early 2025. Bundles provide three guarantees that regular Solana transactions do not:
- Atomic execution — all transactions in the bundle succeed, or all fail. No partial execution.
- Guaranteed ordering — transactions execute in the exact sequence you specify.
- No failed-transaction fees — if the bundle does not win the auction, it is dropped silently with no on-chain record and no fees consumed.
These guarantees are what make defensive bundling effective against sandwich attacks. When you wrap your swap in a Jito bundle with a tip, the transaction routes through Jito's block engine rather than the standard transaction pipeline — meaning private mempool operators monitoring public-facing RPCs cannot see it before it executes.
Jito tips vs. Solana priority fees: the critical distinction
These two mechanisms are widely confused, and the confusion costs traders money.
| Feature | Solana Priority Fees | Jito Tips |
|---|---|---|
| Payment method | Paid inside the transaction itself | Separate SOL transfer to Jito tip wallets |
| Purpose | Increase inclusion probability | Bid for guaranteed bundle execution and ordering |
| MEV protection | None — transaction still visible to mempool operators | Routes through Jito block engine, invisible to public mempools |
| Ordering guarantee | No — validators can reorder transactions | Yes — atomic execution in specified order |
| Revenue distribution | 100% to block-producing validator (post-SIMD-96) | ~94% to validators and stakers, ~6% to Jito |
| Failed transaction cost | Fee consumed even if transaction fails | No fee if bundle loses auction |
| Typical cost | 0.000005–0.0001 SOL per transaction | 0.01–0.1 SOL per bundle |
Solana priority fees are paid inside the transaction itself. They increase the probability that a validator includes your transaction in the next block. They do not guarantee ordering relative to other transactions, and they do not provide MEV protection. Since the SIMD-96 upgrade, 100% of priority fees go to the block-producing validator.
Jito tips are a separate SOL transfer to one of Jito's eight static tip wallet addresses, attached to a bundle. They are an off-chain payment — not part of the transaction's fee structure — that bids for guaranteed bundle execution and atomic ordering within Jito's 200-millisecond auction. Approximately 94% of Jito tips flow to validators and stakers. Jito tips account for over 60% of all non-base-fee revenue on Solana as of early 2025, with total tips exceeding 3.75 million SOL in 2024 alone.
The practical implication: a transaction with a high priority fee but no Jito bundle is still visible to private mempool operators and still sandwichable. Protection requires routing through the block engine.
Does Jito protection always work?
Jito's protection is real but not absolute. The dontfront feature, which forces a protected transaction to appear at position zero in any bundle (preventing front-running), is documented by Jito as something that "may help reduce sandwich attacks but is not guaranteed." The Helius MEV Report notes "a growing number of sandwich attacks occurring outside of Jito's auction mechanism" — meaning attackers have adapted by working through validators not running Jito, or through techniques that operate between bundle slots.
Protection layers beyond Jito include MEV-protected RPC endpoints (available from Helius, QuickNode, GetBlock), sandwich-resistant AMMs like Plasma by Ellipsis Labs, and Jupiter's dynamic slippage, which algorithmically narrows the gap bots exploit.
What Is the Copy Trading MEV Problem Nobody Talks About?
Standard MEV discussion treats traders as individuals making independent decisions. Copy trading introduces a compounding vulnerability that most platforms neither acknowledge nor address.
When you copy trade a public wallet — the model used by most copy trading platforms and Telegram bots — you are watching a publicly visible on-chain address. MEV bots can watch the same address. The moment the target wallet trades, every copy trading bot tracking it submits transactions simultaneously. The resulting order flow is predictable, tightly clustered, and delayed from the original trade.
This creates three compounding MEV risks that solo trading does not:
First, copy trades require higher slippage. The original trader gets the entry price. Your copy trade executes after the price has already moved from their transaction. To ensure execution, copy trading bots must set wider slippage tolerances — which is exactly the gap sandwich bots exploit. A solo trader might set 3% slippage on an established token; a copy bot following a wallet that already moved the price may need 5–8%.
Second, the order flow is identifiable. When dozens of wallets submit identical swaps for the same token within the same 400ms window, the pattern is trivially detectable on-chain. MEV bots that monitor popular copy trading wallets can pre-position before the copy flood arrives.
Third, platform routing determines your actual exposure. Whether a copy trade is sandwiched depends not on the copy trading model itself, but on how the platform submits transactions. Copy trades routed through standard public RPC endpoints with static priority fees have no MEV protection. Copy trades routed through private RPC endpoints with Jito bundle integration and appropriate tips have meaningful, though not absolute, protection.
Why curation changes the equation
Stratium's model differs from wallet-tracking copy trading in a way that directly reduces MEV surface area. Rather than monitoring publicly known "smart money" addresses that MEV bots also watch, Stratium runs curated, managed strategy wallets — meaning the execution layer is controlled, the entry sizing is managed, and the order flow is less predictable than a public wallet being copied by hundreds of bots simultaneously.
Every Stratium trade is executed on-chain and verifiable on Solscan. The non-custodial architecture means your funds never leave your wallet — but the execution infrastructure determines how those trades are submitted to the network, and that infrastructure is what determines MEV exposure.
Stratium's 0.1% fee also has a direct relationship to MEV costs that is rarely made explicit. Platforms charging 1% per trade are charging 10x Stratium's fee — and that 1% does not include Jito tips, which add 0.01–0.1 SOL per trade at typical settings. The true cost of trading on major platforms with full MEV protection enabled can reach 1.5–2% effective per trade. Stratium's 0.1% base fee leaves substantially more room within the MEV cost structure for the platform to route trades protectively without passing the tip cost entirely to users.
How to Check if Your Past Trades Were Sandwiched
You can verify on-chain whether a specific trade was sandwiched using Solscan. Look up your transaction hash and examine the transactions in the same slot. Signs of a sandwich:
- A buy transaction from an unknown wallet executing in the same slot, just before yours
- Your swap executing at the outer edge of your slippage tolerance (rather than near the mid-price)
- A sell transaction from the same unknown wallet executing in the slot immediately after yours
- The buy and sell amounts from the bot wallet closely matching each other
The Sandwiched.me tracker at sandwiched.me allows you to paste a Solana wallet address and see a full history of sandwich events — including profit extracted per attack and the bot wallet responsible.
The State of Solana MEV in 2026
The coordinated crackdowns of 2024–2025 reduced sandwich profitability by 60–70% according to Helius research, but did not eliminate it. The landscape has adapted in two ways that matter for traders.
First, wide sandwiching has grown from ~1% to ~30% of all sandwich attacks. Wide sandwiches introduce a 50–300ms delay between the front-run and back-run, making them harder for automated detection systems to flag. They generate less profit per attack but are substantially harder to counter.
Second, private mempool infrastructure has consolidated. After Jito shut down its mempool in March 2024 — a deliberate move to reduce sandwiching — private operators like DeezNode filled the vacuum. The Helius report found that Jito's own analysis attributes nearly half of all current sandwich attacks to a single DeezNode-linked program.
Firedancer, the new C/C++ validator client that launched on Solana mainnet in December 2025 and currently runs on ~20% of validators, introduces genuine client diversity but does not natively include Jito's block engine integration. Its long-term impact on MEV is still emerging.
The practical conclusion for 2026: MEV protection is meaningfully better than it was in 2024, but the threat is not solved. Traders who understand the mechanics and use protected execution routes keep substantially more of their profits than those who do not.
Frequently Asked Questions
What is MEV on Solana?
MEV (Maximal Extractable Value) on Solana is profit extracted by bots and validators who reorder or front-run your transactions — without your knowledge. The most common form is sandwich attacks, where a bot buys a token before your trade executes (raising the price you pay) and sells immediately after. In the 16 months ending May 2025, sandwich attacks extracted $370–500 million from Solana traders.
How do sandwich attacks work on Solana?
A sandwich attack on Solana works in three steps: a bot detects your pending swap through private mempool infrastructure, submits a buy order with higher priority to execute before yours (moving the price against you), and sells its position immediately after your trade fills. The average extraction is $8.67 per attacked trade. Raydium memecoin swaps with high slippage tolerances are the most targeted transaction type.
Does Jito protect you from sandwich attacks on Solana?
Jito defensive bundles reduce sandwich attack exposure by routing your transaction through Jito's block engine rather than public RPC endpoints, making it invisible to private mempool operators. The dontfront feature forces a protected transaction to execute at position zero in any bundle. Jito itself states this "may help reduce sandwich attacks but is not guaranteed." Transactions that bypass Jito entirely remain fully exposed.
What is the difference between Jito tips and Solana priority fees?
Solana priority fees are paid inside the transaction itself and increase inclusion probability but provide no MEV protection or ordering guarantees. Jito tips are separate SOL transfers to Jito's tip wallets, attached to a bundle, that bid for guaranteed atomic execution and ordering through Jito's block engine. Priority fees go to validators; Jito tips distribute 94% to validators and stakers. MEV protection requires Jito tips — priority fees alone are insufficient.
Are copy traders more vulnerable to MEV on Solana?
Yes. Copy trading amplifies MEV exposure in three ways: copy trades execute after the original trade has already moved the price (requiring higher slippage tolerances that sandwich bots exploit), identical swaps from multiple copy bots create identifiable order flow patterns, and most copy trading platforms route through standard public RPCs without bundle-level protection. The degree of exposure depends heavily on the platform's execution infrastructure.
How can I check if my Solana trades were sandwich attacked?
Look up your transaction hash on Solscan and examine transactions in the same slot. Signs of a sandwich attack include an unknown wallet buying the same token just before your swap, your trade filling near the outer edge of your slippage tolerance, and the same unknown wallet selling immediately after. The Sandwiched.me tool allows full wallet-level sandwich history analysis.
Last updated: March 2026. All on-chain data referenced in this article is publicly verifiable. Primary sources: Helius MEV Report, Sandwiched.me State of Solana MEV May 2025, Solana Accelerate 2025 MEV presentation, ACM IMC '25 — Quantifying MEV on Jito.
Related Reading
- Drift Protocol Hack: $285M Solana Exploit Explained (2026) — How the largest DeFi hack of 2026 exposed the vault architecture risk that non-custodial copy trading eliminates
- Why Solana Memecoin Traders Lose Money — MEV is one of four structural causes documented with on-chain data
- What Is Non-Custodial Trading? — how non-custodial architecture protects against platform-level MEV
- How to Copy Trade on Solana — Stratium routes all trades through Jito bundles for MEV protection
- On-Chain Performance Report: 26,704 Verified Trades — verified returns from a platform with built-in MEV protection
Related Articles
Written by
Florian
Founder & Head of Quant — Stratium
Florian is the founder and Head of Quant at Stratium. With 5+ years of experience in quantitative finance and algorithmic trading, he built the copy trading engine from the ground up on Solana — designing the strategy curation framework, FIFO PnL engine, position sizing models, and on-chain execution infrastructure. He writes about quantitative trading, Solana DeFi, and the data behind copy trading performance.