1) Ghost explains: Wide Sandwich Attacks (with updated website at the end)
We looked at a full year of Solana trades and found that wide (multi-slot) sandwiches extracted 529,000 SOL.
Wide sandwiches now account for 93% of all sandwiches
2) A wide sandwich happens when the frontrun and backrun occur in different slots (N -> N+3). This type of sandwich attack evades standard single-slot detectors
3) We’ve seen three main flavors of wide sandwiches:
- Toxic: targets specific victim txs
- Momentum: rides expected flow (may or may not have seen victim txs)
- Launch bots: new token+pool, bundles buy, quick sells (not based on seeing victim txs)
4) Social repercussions and transparency crushed single-slot sandwiches.
As detection improved for single-slot sandwiches, wide sandwiches became more prominent on a relative basis.
- Single-slot fell from >90% to <10%
- Wide rose from 5% to 93%
5) For wide sandwiches, January 2025 marked the peak: bots extracted 87,000 SOL in one month. Even afterward, extraction held steady at 30-60k SOL per month. They are still highly extractive
6) Wide sandwiches can be tricky to detect. They span slots, cross leader windows, and leave no atomic fingerprint. A malicious leader can insert or reorder without a clear trace.
We built a new detector to find them.
7) The top wide sandwich bot, upon seeing a target, sends 2 bundles: 1 with the frontrun and 1 with victim tx + first backrun.
The 1st backrun sells enough tokens to break even.
Then the bot sends a 2nd backrun to take the rest of the profit, aiming for it land 1 block later
8) The top wide sandwich bots wait for high-value victim transactions instead of sandwiching everything they see. They average around 0.46◎/sandwich
Here’s real attack that extracted 1.64 SOL
9a) Important point: all panels other than the Validator Panel in the wide sandwich dashboard include aggregate volume from all wide sandwich types because users are affected regardless of category
9b) The Validator Panel specifically aims to identify validators that are statistically likely to have shared private order flow with sandwich bots
Especially those disguising their activity via multi-slot sandwiches
9c) In September 2025, 23 validators had >= 6% of leader slots containing wide sandwiches potentially linked to sharing private order flow.
Their main stake sources are Marinade and Jito, with 6 also receiving Solana Foundation stake. (Cluster avg: 1%, median: 0.4%.)
10) Turning to app-level impact:
Users of Axiom were the most affected, accounting for over 70% of extracted SOL, followed by Bloom (10–15%) and Photon (5–10%)
11) But we must also consider extracted volume relative to total swap volume
Meme coin and low-cap apps show the highest relative sandwiching, while aggregators and wallets (e.g., Jupiter, Phantom) see minimal impact due to differing order flow, routing, and user profiles
12) Transactions that buy new low-cap tokens are most likely to get wide-sandwiched
- Low liquidity -> high price impact
- High default slippage
- Traders prioritize speed over anything else
13) Protect yourself:
- Smarter slippage settings
- Consider implementing something like Anti-Sandwich: for JIT slippage protectiongithub.com/tryghostxyz/an…
14) Single-slot sandwiches are nearly gone (<1% of all sandwich volume)
Wide sandwiches now dominate the Solana Sandwich landscape
15) Again, we can’t solve what we can’t see. You can now view the data at
You can also search for any transaction or wallet to see whether it has been wide-sandwiched!sandwiched.me/wide_sandwiches
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.