Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Sandwiched and Silent: Behavioral Adaptation and Private Channel Exploitation in Ethereum MEV

Davide Mancino, Davide Rezzoli

TL;DR

The paper provides a large-scale empirical analysis of MEV in Ethereum's post-PBS landscape, linking user behavior to private-path exposure. It develops a novel n-indexed survival approach to measure reactivation and private-routing adoption after sandwich attacks, and documents thousands of private-path sandwiches with significant concentration among attackers. Findings show substantial migration to private routing but also reveal that private channels are themselves vulnerable to targeted front-running, challenging the notion that privacy alone mitigates MEV. The work highlights the need for protocol-level defenses and continuous monitoring to curb adversarial exploitation in private order flows.

Abstract

How users adapt after being sandwiched remains unclear; this paper provides an empirical quantification. Using transaction level data from November 2024 to February 2025, enriched with mempool visibility and ZeroMEV labels, we track user outcomes after their n-th public sandwich: (i) reactivation, i.e., the resumption of on-chain activity within a 60-day window, and (ii) first-time adoption of private routing. We refer to users who do not reactivate within this window as churned, and to users experiencing multiple attacks (n>1) as undergoing repeated exposure. Our analysis reveals measurable behavioral adaptation: around 40% of victims migrate to private routing within 60 days, rising to 54% with repeated exposures. Churn peaks at 7.5% after the first sandwich but declines to 1-2%, consistent with survivor bias. In Nov-Dec 2024 we confirm 2,932 private sandwich attacks affecting 3,126 private victim transactions, producing \$409,236 in losses and \$293,786 in attacker profits. A single bot accounts for nearly two-thirds of private frontruns, and private sandwich activity is heavily concentrated on a small set of DEX pools. These results highlight that private routing does not guarantee protection from MEV extraction: while execution failures push users toward private channels, these remain exploitable and highly concentrated, demanding continuous monitoring and protocol-level defenses.

Sandwiched and Silent: Behavioral Adaptation and Private Channel Exploitation in Ethereum MEV

TL;DR

The paper provides a large-scale empirical analysis of MEV in Ethereum's post-PBS landscape, linking user behavior to private-path exposure. It develops a novel n-indexed survival approach to measure reactivation and private-routing adoption after sandwich attacks, and documents thousands of private-path sandwiches with significant concentration among attackers. Findings show substantial migration to private routing but also reveal that private channels are themselves vulnerable to targeted front-running, challenging the notion that privacy alone mitigates MEV. The work highlights the need for protocol-level defenses and continuous monitoring to curb adversarial exploitation in private order flows.

Abstract

How users adapt after being sandwiched remains unclear; this paper provides an empirical quantification. Using transaction level data from November 2024 to February 2025, enriched with mempool visibility and ZeroMEV labels, we track user outcomes after their n-th public sandwich: (i) reactivation, i.e., the resumption of on-chain activity within a 60-day window, and (ii) first-time adoption of private routing. We refer to users who do not reactivate within this window as churned, and to users experiencing multiple attacks (n>1) as undergoing repeated exposure. Our analysis reveals measurable behavioral adaptation: around 40% of victims migrate to private routing within 60 days, rising to 54% with repeated exposures. Churn peaks at 7.5% after the first sandwich but declines to 1-2%, consistent with survivor bias. In Nov-Dec 2024 we confirm 2,932 private sandwich attacks affecting 3,126 private victim transactions, producing \293,786 in attacker profits. A single bot accounts for nearly two-thirds of private frontruns, and private sandwich activity is heavily concentrated on a small set of DEX pools. These results highlight that private routing does not guarantee protection from MEV extraction: while execution failures push users toward private channels, these remain exploitable and highly concentrated, demanding continuous monitoring and protocol-level defenses.

Paper Structure

This paper contains 12 sections, 8 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Data Collection
  4. Visibility and MEV labels.
  5. Monthly overview, visibility split, and MEV breakdown.
  6. Methodology: Sandwich Attack Detection
  7. Empirical Findings
  8. Distribution of Sandwich Events
  9. User Reactivation Analysis and Survival Patterns
  10. Private Routing Adoption Patterns
  11. Private-Path Sandwiching
  12. Conclusion

Figures (8)

  • Figure 1: Monthly distribution of public vs. private transactions (Nov 2024 -- Feb 2025).
  • Figure 2:
  • Figure 3: Total transactions (including sandwiches) by number of sandwiches suffered.
  • Figure 4: Cumulative incidence of reactivation and private adoption. Top: addresses subjected to up to 3 sandwich attacks; bottom: addresses subjected to up to 10.
  • Figure 5: Share of users not reactivated within 60 days by sandwich index $n$. Churn risk is highest at $n=1$ and decreases with repeated exposure.
  • ...and 3 more figures