An increasing worry for the Solana decentralized finance (DeFi) ecosystem is that new data shows sandwich attacks—an exploitative form of front-running—are happening at an astounding rate. In just the past 30 days, over 260,000 sandwich attacks have been recorded across Solana-based trading applications, with more than 23,600 SOL taken in by these tactics. These numbers put at risk the ecosystem’s overall security and point to a vulnerability in high-throughput blockchains like Solana. At the heart of this developing situation is GMGN, a trading app driven by artificial intelligence and built on the Solana network. Even though it is responsible for a much smaller piece of the overall trading volume, GMGN has been targeted with an intensity that is out of proportion to its actual size. The app earned 30.8% of all sandwich profits relative to its own trading activity—making GMGN, by far, the most impacted application in percentage terms. What Are Sandwich Attacks and Why Is GMGN Vulnerable? A sandwich attack is a kind of MEV exploit where an observer sees a user’s pending transaction, quickly places a buy order before it, and then places a sell order just after the user’s transaction is processed. This manipulates the price of the asset and extracts profit from the unsuspecting trader’s slippage. While common across most smart contract platforms, sandwich attacks on Solana are receiving more attention lately due to their frequency and impact. The apparent overexposure of GMGN comes from not only the app’s current lack of protection mechanisms—but also, and perhaps more significantly, from its popularity among newer, less sophisticated crypto traders. GMGN is not just a trading platform, and it doesn’t just exist as a piece of fiat-cover-rased software; it’s an eponymous outreach engine for GM’s deceptively simple at-best (and at-worst, slippage-incentivized) crypto asset trading strategies. Most retail investors shouldn’t be using it. In sharp contrast, Jupiter Exchange captures over 30% of Solana’s total swap activity. From its transactions, only 7% of the value associated with sandwich attacks has been extracted. This disparity illustrates an important point: more sophisticated platforms—those with built-in slippage controls, route optimizations, and protections against MEV—can virtually eliminate the success of these kinds of swindle. GMGN is disproportionately sandwiched Over the past 30 days, trading apps on @solana recorded more than 260K sandwich attacks and over 23.6K $SOL extracted in value. @gmgnai was the most targeted app, responsible for 30.8% of all sandwich profits relative to its own trading… pic.twitter.com/x2yoj9uuRm — CryptoRank.io (@CryptoRank_io) May 5, 2025 The Growing MEV Problem on Solana Developers and users have been concerned that so many sandwich attacks have been happening across Solana in just one month. The reason Solana is getting hit so much is because the architecture—while it is fast and low-cost—is also fertile ground for such transaction-level arbitrage. The very ability to see pending transactions in the mempool creates a playground for sophisticated bots. These bots exploit all the Latency and Timing vulnerabilities they can find. What are those? Let’s break it down: Ecosystem data reveals that the 260,000 sandwich attacks executed in the last 30 days are far from unique to GMGN. But the outsized vulnerability of the platform focuses attention on an issue that affects many newer or rapidly growing apps. Most of these, unlike well-established trading venues, do not yet integrate sufficient MEV-aware design patterns or secure routing protocols. These latter measures, had they been implemented, would have made most of the apps inaccessible to MEV bots looking for exploitable trades. At GMGN, this trend could erode user trust unless timely action is taken to remedy the situation. At present, the Solana development community is discussing and debating possible steps to take, if any. At an intense level, to be sure. The community is bifurcated on the idea of addressing the situation at the protocol level versus having developers of Solana-based apps implement protections that would secure their users from bots. Those are some options. Among them, some developers describe encrypted transaction submissions as a possibility and point to the idea of private transaction relays as an emerging solution. What’s Next for GMGN and Solana Users? As GMGN’s weaknesses become more acknowledged, the project is likely to encounter additional probing from its user base and ecosystem allies. The app has undeniably brought something novel to Solana’s trading scene with its AI-infused interface. But the security architecture now looks in urgent need of an overhaul. As with so many recent incidents in the crypto space, this one underscores the necessity of educating users to understand the fundamental—and sometimes esoteric—principles that provide the bedrock of security for the systems they’re using. At the same time, the relative strength of Jupiter Exchange offers a potential model for not just GMGN but also other new entrants in the space. With user numbers rising in Solana thanks to the promise of speed and near-zero cost, it’s now incumbent on the developers and the project teams to make sure the place remains what it set out to be: a fast, cheap, and safe environment for trading. If no steps are taken, sandwich attacks may keep growing and growing, even threatening the very innovative platforms on Solana that are so trustworthy and usable, at least for now. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
