Maximal extractable value (MEV) is the profit block builders can make by manipulating the order of transactions. The most notorious form of MEV is the sandwich attack, where a malicious actor front-runs and back-runs a user’s trade on a decentralized exchange. This forces the victim into a worse execution price, while the attacker pockets the difference. While this activity is most common on Ethereum due to its bustling exchange activity, new data reveals a shifting landscape for these attacks.

Based on an analysis of over 95,000 sandwich attacks from November 2024 to October 2025, data provided exclusively by EigenPhi shows that while the threat to users persists, the profitability for attackers is shrinking. These attacks still cost traders around $60 million annually, yet attackers’ profit margins have dwindled to just 5%, with the majority of the value captured by block builders through gas fees.

Extraction Declines as DEX Volume Rises

Despite decentralized exchange (DEX) volumes growing from $65 billion in the first quarter to over $100 billion by the third quarter of 2025, the value extracted from sandwich attacks fell sharply. Monthly extraction plummeted from nearly $10 million in late 2024 to about $2.5 million by October 2025. After accounting for gas costs, net profits for attackers averaged only about $260,000 per month, a figure inflated by a single attack in January 2025 that generated over $800,000 in profit.

However, the number of attacks has not decreased. The volume has remained consistently high, with 60,000 to 90,000 attacks occurring each month. This activity is dominated by a single entity known as jaredfromsubway.eth, who is responsible for roughly 70% of all sandwich attacks. This prominent MEV searcher recently deployed a sophisticated v2 bot capable of targeting up to four victims in a single transaction and manipulating pool liquidity to maximize profits.

Low-Volatility Pools Are Prime Targets

The data reveals that even seemingly safe swaps are at risk. About 38% of all attacks targeted low-volatility pools containing stablecoins, wrapped assets, and liquid staking tokens (LSTs). A surprising 12% of all sandwich attacks hit stablecoin swaps, creating unexpected and damaging slippage where it’s least anticipated. Outside of these assets, the memecoin MANYU was a frequent target, with the “Jared” bot extracting nearly $19,000 from its WETH pair across 65 attacks.

The MEV bot ecosystem is a highly competitive field where profitability has become razor-thin. In October 2025, only 515 unique bots were active on Ethereum. The average profit per attack is just over $3, and only six attackers managed to generate more than $10,000 in total profit during the analysis period. Roughly a third of all active bots operated at break-even, while another 30% recorded net losses due to intense competition and miscalculated costs.

This environment explains why a high-quantity strategy like Jared’s has proven most effective. By capturing a vast number of opportunities, including those yielding just a few cents, the bot can remain profitable. This model was particularly viable in 2025 due to relatively low gas costs, though even this dominant bot isn’t immune to losses, having lost about $12,000 in April 2025. The persistence of these attacks, despite thinning margins, highlights the ongoing debate around integrating native MEV protection at the Ethereum protocol level.