The activity of decentralized exchanges (DEX) on the blockchain $ETH Ethereum is rapidly growing: according to estimates, the monthly trading volume from mid-2024 to the end of 2025 increased from approximately $65 billion to more than $100 billion. Despite record liquidity and activity, the income of malicious actors employing so-called 'sandwich attacks' has significantly decreased — indicating serious changes in the strategy, security, and resilience of the market.
Reduction in profitability of sandwich attacks on $ETH Ethereum
According to analysts from the EigenPhi platform, earnings from sandwich attacks, which at the end of 2024 brought attackers almost $10 million per month, fell to approximately $2.5 million by October 2025. At the same time, the number of attacks remains quite high — from 60,000 to 90,000 attempts per month.
Attack statistics and average income
Number of attacks per month: 60,000–90,000
Average income from one attempt: approximately $3
In a year, only 6 attackers earned more than $10,000 in profit
These figures demonstrate that although attacks remain active, their profitability is rapidly falling — indicating a decrease in the attractiveness of such strategies for bots and attackers.
Why stablecoin pools have become a target again
Experts note a change in the attack model. In 2025, about 38% of all sandwich attacks are directed at pools with stablecoins and wrapped tokens. Pools with low slippage are particularly vulnerable — their share accounts for about 12% of attacks.
What makes stablecoin pools an attractive target
Stable pricing — lower volatility gives bots more chances to predict the outcome of attacks.
High liquidity — large volumes make such pools a profitable target.
Expectations of security from users — many consider stablecoin pools to be 'reliable', which may lead to less active protection.
In the past, such pools were perceived as safer, but the increase in liquidity and stability has attracted the attention of MEV bots, changing the risk landscape for DEX users.
MEV protection: how tools reduce the effectiveness of attacks
Simultaneously with the increase in attacks on stablecoin pools, the use of MEV protection methods has noticeably increased — private relayers, private transactions, solutions like Flashbots, and similar tools.
Main approaches to protection
Private transaction transmission, which complicates bot monitoring and interception.
Masking — hiding transaction details and the order of their processing.
Implementation of privacy mechanisms on DEX platforms, which reduces the chances of a successful sandwich attack.
These measures result in such a way that even with a large number of attempts, bots receive minimal income — due to uncertainty, instability in order behavior, increased competition, and reduced margins.
What this means for users, traders, and the entire ecosystem
Enhanced security for ordinary users and traders: reduced bot efficiency decreases the risk of being 'sandwiched' between orders.
Changing behavior of attackers: bots are increasingly switching to stablecoin pools, which may increase the risk precisely there — users should be vigilant.
Growing interest in privacy tools and MEV protection: demand for such solutions (relayers, private orders) is likely to increase.
Adequacy of regulation and transparency: the market shows maturity — attacks remain, but their profitability is falling; this may improve trust in DEX and the cryptocurrency market.
Conclusions
In 2025, the Ethereum ecosystem $ETH experiences an important shift: despite a sharp increase in activity on DEX and huge trading volumes, the profitability of sandwich attacks falls to symbolic sums. Stablecoin pools are again in the focus of attackers, but enhanced MEV protection and privacy make traditional DEX transactions noticeably safer. For users, traders, and the entire crypto industry, this may signal an increase in trust and a transition to more mature security standards.
