Solana Validator Accused of Exploiting Users for $13 Million via Sandwich Attacks

Summary

• Solana validator DeezNode reportedly profited over $13 million in a single month by exploiting users through sandwich attacks, executing over 1.5 million transactions and highlighting concerns about MEV on the network.

• Sandwich attacks on Solana exploit the network’s speed and private mempools, where malicious actors manipulate transaction order around user trades, ensuring users get worse prices and validators capture the profit.** This is amplified by the closure of Jito’s public mempool, pushing MEV extraction to private networks.**

• This incident raises questions about the source of Solana’s Real Economic Value (REV) and user fairness, as these attacks harm users, benefit select validators, and spark broader discussions about MEV mitigation strategies being explored by other blockchains like MultiversX, BNB Chain, Algorand, and Cardano.

The operational design of the Solana (SOL) network, known for its high maintenance demands, compels validators to often rely on subsidies from the Solana Foundation or to employ Maximum Extractable Value (MEV) strategies for profitability.

DeezNode, a Solana validator and provider of RPC clusters, exemplifies this, having reportedly amassed over $13 million in a single month by executing sandwich attacks against Solana users, according to a recent analysis.

Vitorpy, the founder of DarkLake, detailed in a post that DeezNode’s dedicated sandwich attack bot carried out an astonishing 1.55 million transactions in December 2024 alone.

This situation is a consequence of efforts intended to mitigate MEV-related abuse, specifically the closure of Jito’s public mempool, which was previously promoted as a solution.

As indicated by reports, this action paradoxically amplified the problem. Rather than eliminating MEV, the closure pushed extractive practices into private networks operated by providers such as DeezNode, ultimately increasing the speed and efficiency of these exploitations.

“Analysis of transaction pathways across different validators reveals a clear trend,” Vitorpy noted, “Jito‘s public mempool shutdown didn’t eradicate MEV, it merely displaced extraction to the realm of private networks.”

It’s crucial to note that this is not an isolated incident for Solana.

Past reports from Finbold highlighted a similar, even more substantial, instance of exploitation by an entity known as Arsc, which reportedly gained over $60 million through MEV sandwich attacks.

Sandwich Attacks on Solana

Sandwich attacks are fundamentally a detrimental exploit that takes place on decentralized exchanges (DEXs). Attackers employing this technique engage in front-running tactics to profit at the expense of typical users engaging in trades.

Within the Solana context, an MEV Sandwich Attack involves malicious actors manipulating the ordering of transactions to generate profit unfairly, disadvantaging ordinary users.

This manipulative practice is detrimental to users because it inflates their trading expenses and undermines the fairness and equitable nature of the trading ecosystem.

The benefits are largely concentrated among a select few validators who wield control over transaction sequencing in Solana’s leader-based system for block production.

Moreover, the architectural features of Solana complicate the detection of MEV tactics such as sandwich attacks from external observers.

This obscurity raises concerns regarding data transparency and questions about the true origins of Solana’s purported Real Economic Value (REV).

It casts doubt on how much of this REV might actually be attributable to predatory value extraction strategies.

This is particularly relevant considering that proponents of SOL often cite REV as a key metric that positions Solana advantageously relative to competitors like Ethereum (ETH).

Mert, CEO of Helius Labs, a major RPC provider on Solana, argues that sandwich attacks represent only a minor fraction of the chain’s total REV.

“The most recent data regarding sandwich attacks indicates that they constitute a single-digit percentage of the overall revenue,” Mert clarified in a social media discussion.

“This is the figure I am referencing—the vast majority of revenue is derived from prioritizing transactions for faster inclusion in blocks.”

Also Read: Solana Meme Coin’s Supposed Retail Trader Trap

*Disclaimer*: We at Bitcoinleef.com present you with the latest information in the crypto market. However, this information should not be regarded as financial advice and viewers should consult their financial advisors before investing.