SPECIAL OFFER: Get up to $70 of Bitcoin with your purchase of select Ledger wallets.

Shop now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Sandwich Trading

Feb 18, 2025 | Updated Feb 18, 2025
Sandwich trading, also known as a sandwich attack, is the strategic manipulation of a pending transaction order on a decentralized exchange.

Sandwich trading, also known as a sandwich attack, is the strategic manipulation of a pending transaction order on a decentralized exchange.

What Is Sandwich Trading in Crypto?

Sandwich trading, also known as sandwiching or sandwich attack, is an MEV capture technique that exploits the price movement of cryptocurrencies on decentralized exchanges (DEXs). This is especially common when traders can monitor the network’s mempool and spot pending transactions.

To put it differently, sandwiching involves the attacker placing two orders around a target/pending transaction. For instance, the attacker places one order before and another after the pending order. The unsuspecting trader’s transaction ends up being effectively “sandwiched” between the attacker’s buy and sell orders.

How Does Sandwiching Work?

Imagine that you place a USDT/BTC swap order on a DEX exchange. At the same time, a malicious trader spots your pending transaction and quickly places a buy order for BTC in an attempt to get their order fulfilled first. If their order is executed first, the culprit gains BTC at a lower price while simultaneously increasing the BTC price in the pool.

In this situation, the victim gets BTC at a higher price when their swapping order is executed. The attacker also places a sell order immediately after the victim’s order is executed, selling their BTC at the new inflated price and pocketing the difference. 

To explain, sandwiching involves three main steps. This includes:

  1. Identify a pending transaction – The attacker monitors large pending transactions that could potentially affect the asset’s price.
  2. Front-runningThis is the practice of using advanced mempool knowledge to place one’s transaction based on the pending orders. To ensure their transactions are prioritized over the original trade, the nefarious trader can pay higher transaction fees to incentivize miners or validators. If the attacker’s buy order is filled, the price of the asset inflates, causing the unsuspecting trader to pay more.
  3. Back-running – Involves using the mempool information to place transactions immediately after a high-value transaction is executed. Once the original trade is executed and the asset’s price inflates, the attacker sells their crypto at the new higher price. This potentially causes the asset’s price to drop, leaving the victim with coins worth less than they paid for.

In short, sandwich traders place buy and sell orders around the victim’s transaction to profit from the slippage and price movement the victim’s transaction causes.

All-Time Low (ATL)

All-time low (ATL) refers to the lowest price a digital asset has ever reached in its entire trading history.

Full definition

Risk Premium

A risk premium is the additional return that investors anticipate for taking on a riskier investment over a less risky alternative. 

Full definition

Web Assembly (WASM)

Web Assembly is a binary code format that allows complex applications to be run in web browsers and virtual machines at near-native speeds.

Full definition