Maximum Extractable Value (MEV) has evolved from a theoretical concept in early cryptocurrency research forums into an economic entity that has completely reshaped the fundamental structure of modern blockchains. Originally called Miner Extractable Value, MEV represents the total profit that an entity controlling block production can gain by arbitrarily including, excluding, or reordering transactions in a block they create. The transition from Proof-of-Work to Proof-of-Stake consensus mechanism on the Ethereum network not only failed to eliminate MEV but also complicated its supply chain, leading to the birth of specialized entities such as Searchers, Builders, Relayers and Validators.
In an effort to bring transparency and insight. market, Tan Phat Digital found that while popular forms such as front-running are often referred to as simple profiteering, MEV actually encompasses a much more complex ecosystem of manipulation strategies. Obscure variants such as multi-victim sandwich attacks, back-running for arbitrage, forced liquidations, Just-in-Time liquidity mining and even attacks targeting the consensus layer such as Time-bandit or Uncle-bandit are posing existential risks to the integrity and stability of the decentralized finance (DeFi) ecosystem.
See more: What is MEV?
The evolution of the block production supply chain and the PBS mechanism
The development of MEV is tied to decentralized structure of blockchain, where transactions are not processed in a unified queue immediately but undergo a waiting period in a temporary buffer called a "mempool". In this space, unverified transactions are completely public, allowing actors to monitor and analyze user intent and calculate profit opportunities before the transaction is officially included in the block.
To minimize the concentration of power and prevent miners or validators from implementing complex MEV strategies that harm the network, the Proposer-Builder Separation (PBS) architecture has been implemented, typically through Flashbots MEV-Boost software. This model decomposes block production into specialized roles, creating an auction market for blockspace.
Entities in the modern MEV value chain
Understanding the MEV architecture requires a detailed look at each participant in this supply chain. Tan Phat Digital has compiled the main roles as follows:
Searchers: Specializes in monitoring public mempool and private transaction flows to look for MEV opportunities such as arbitrage, sandwiches or liquidations. They build "bundles" (bundles of transactions) in a specific order to maximize net profit after deducting gas fees and bribes to the Builder/Validator.
Builders: Receive bundles from many different Searchers, combining them with transactions from the mempool to create a complete block with the highest value. Their motivation is to collect fees from Searchers and compete to have their block selected by Validator.
Relayers: Act as trusted intermediate nodes, receiving blocks from Builder and forwarding them to Validator. They ensure the block content is kept secret until the Validator commits to sign the block to maintain the neutrality of the PBS ecosystem.
Validators: Entities tasked with proposing blocks within a certain time slot (slot). They choose the block with the highest bid offered by the Builder market to maximize the block reward and share from MEV revenue.
This mechanism has transformed MEV from a "guerrilla" activity of individual miners into a highly organized industry. However, actual data shows alarming centralization. As of early 2025, leading Builders such as beaverbuild, Titan Builder, and rsync-builder controlled the majority of block auctions on the Ethereum network. The Herfindahl-Hirschman Index (HHI) shows that the concentration of Builders in 2025 is 2.5 times higher than the concentration of miners before The Merge.
Back-running and Arbitrage
Back-running is an MEV technique in which a bot places its transaction immediately after a specific user transaction to profit from the change change the state that the transaction creates. Unlike front-running, which is directly harmful by driving up prices for buyers, back-running is often considered a "healthier" form of MEV because it helps rebalance the market and ensure price efficiency.
Mechanism of Arbitrage bots
The most common form of back-running is arbitrage. When a user executes a large swap order on a decentralized exchange (DEX) like Uniswap, the price of that pair in the liquidity pool is skewed relative to other exchanges.
Arbitrage bots work by monitoring large pending swap orders, then immediately sending a transaction package that buys the asset on the lower-priced exchange and sells it on the higher-priced exchange within the same block. They ensure their trades are right behind the user's swap order to take advantage of maximum price impact. Data from EigenPhi shows that arbitrage transactions make up the majority of the total number of MEV transactions on-chain. During a 30-day period in September 2025, arbitrage bots generated more than $3.37 million in profits on Ethereum.
See also: What is front-running?
Sandwich Attack: Multi-victim strategy and the dominance of Jaredfromsubway
Sandwich attack is a sophisticated variation that combines front-running and back-running, targeting directly exploiting price deviations that users suffer due to slippage settings. This is considered the most harmful form of MEV for retail users, acting as a "hidden tax" on each trading order.
Structure of a Sandwich attack
A sandwich bot executes three attack steps simultaneously in a block:
Front-run: The bot buys the asset the user intends to buy immediately before the user's order is executed, driving up the asset price high.
Victim Trade: The user's order is executed at a price much higher than initially expected, usually close to the maximum slippage limit.
Back-run: Immediately after the user's order is completed, the bot sells the asset purchased in step 1 to profit from the high price that the user just created.
The evolution of Jaredfromsubway.eth entity
In 2024 and 2025, the sandwich attack landscape on Ethereum was dominated by the jaredfromsubway.eth entity, responsible for approximately 70% of all attacks. Jared's v2 bot introduced techniques that go beyond simple models:
Multi-victim strategy: Capable of targeting up to four victims simultaneously in a continuous chain of transactions.
Center Transactions: Place a transaction in between the victim's orders to push the swap rate further, widening the profit margin for the back-run order Finally.
Liquidity Manipulation:Strategically add or withdraw liquidity from pools right before an attack to alter the depth of the market.
Tan Phat Digital has compiled the statistics about Sandwich on Ethereum (period November 2024 - October 2025) as follows:
Number of attacks per month month: From 60,000 to 90,000 attacks.
Total monthly net profit (average): About 260,000 USD.
Average profit per attack: Approximately 3 USD.
Number of regularly active sandwich bots: About 100 bot.
Attack rate on stable pools (Stablecoin/LST): Accounts for about 38%.
Forced Liquidations (Liquidations) and Speed Race
In lending protocols like Aave or Compound, users must maintain a safe collateral ratio. When the asset value falls below the threshold, the position will be liquidated. MEV bots closely monitor price oracles and loan statuses in a race to be the first to make repayments on behalf of borrowers to receive liquidation rewards.
While important for system stability, this race often leads to "gas wars". A typical example recorded by Tan Phat Digital is the "Black Monday" event on August 5, 2024, when a highly volatile market brought profits of up to 3.5 million USD to a single Builder in one day from huge liquidations.
Just-in-Time Liquidity Mining on Uniswap V3
The birth of a centralized liquidity model in Uniswap V3 created JIT Liquidity, aimed at capturing trading fees from long-term liquidity providers (LPs). Capital efficiency is increased through "ticks" - price points separated by the formula:
P(i) = 1.0001^i
The mechanism of a JIT bot includes:
Detecting a large pending swap order.
Minting: Adding a huge amount of liquidity (possibly up to tens of millions of USD) to a range super narrow price (1 tick) right at the current price.
Execution: The user's swap order is executed mainly based on the bot's liquidity, helping the bot collect the majority of transaction fees.
Burning: Immediately after, the bot withdraws all liquidity for profit.
Data shows that JIT liquidity can cause existing LPs to dilute profits up to 85%, causing serious harm to the long-term LP ecosystem.
Consensus layer attack types: Time-bandit and Uncle-bandit
When the MEV reward is too large, it directly threatens the stability of the blockchain consensus mechanism.
Time-bandit attack: Occurs when validators try to re-organize (re-org) history blockchain to usurp past MEV opportunities. If the MEV profit is higher than the block reward, the validator has an incentive to "go back in time" to rewrite the ledger, breaking the finality of the network.
Uncle-bandit attack: Popular in the PoW era, attackers track transactions in uncle blocks (blocks that do not become the main chain). They copy successful MEV transaction packets from the uncle block and re-execute them in the next block of the main chain to appropriate profits.
Gas Golfing Strategy and High Technical Optimization
At Tan Phat Digital, we understand that gas efficiency is the core competitive advantage of MEV bots. The "Gas Golfing" technique allows bots to pay higher gas fees and still be profitable thanks to optimizations at the bytecode level:
Using Vanity addresses: Addresses with many leading zeros save gas in calldata (each zero byte only costs 4 gas compared to 16 gas for a non-zero byte).
Function selector sorting: Rename the function so that the set Selecting the (selector) with the smallest hex value helps EVM find the function on the first test, saving about 22 gas.
Replace math with bitshifting: Use bit shift instructions (shl, shr) instead of multiplication/division to save gas and eliminate overflow checks.
Use machine code (Inline Assembly): Write code directly with Yul or Assembly to control memory manually instead of using expensive Solidity standard functions.
Below are details of gas optimization techniques that bots often use:
New write to Storage (SSTORE): Costs 20,000 gas. Strategy: Limit creating new slots, use overwrite (5,000 gas) or compress data.
Read from Storage (SLOAD): Costs 200 - 2,100 gas. Strategy: Cache storage variables into Memory (3 gas).
Calldata (Non-zero byte): Costs 16 gas. Strategy: Use Vanity Addresses to reduce the cost to 4 gas.
Exponentiation operator (EXP): Costs 10 gas plus fees based on byte size. Strategy: Use direct multiplication ($n n n$).
Comparative analysis: MEV on Ethereum and Solana
The year 2025 marks a clear difference in MEV architecture between the two leading blockchain platforms:
Ethereum (2025): Uses PBS (Proposer-Builder Separation) architecture. The market focuses on Arbitrage and Complex Sandwiches. Extremely high centralization when the top 2 Builders control more than 90% of the blocks. Priority mechanism based on Gas auction (PGA) and private transaction packages.
Solana (2025): Uses Jito-Solana architecture (auction based). The market is vibrant with HFT Arbitrage and Liquidity Sniping. Highly centralized and dependent on Client Jito. The priority mechanism is based on Jito Tips and priority fees, in which tips account for more than 60% of the validator's MEV revenue.
A special case is Bot E6Y on Solana, this entity has accounted for 42% of the entire sandwich attack volume on the network, performing transactions worth more than 1.6 billion USD in just 30 days.
Implications and mitigation solutions for users Using
MEV causes direct losses such as hidden price slippage, increased overall transaction costs and high order failure rates. To cope, Tan Phat Digital recommends users learn the following technological solutions:
Flashbots Protect: Private RPC Endpoint helps send transactions directly to Builder, avoiding public mempool.
MEV-Share and MEV Blocker: Protocols that seek to return (refund) a portion of MEV value to users used.
Batch Auctions: Mechanism to collect orders and settle them at a uniform price like CoW Protocol, eliminating profiteering from transaction order.
Threshold Encryption: Technology that encrypts transaction content until authenticated, making it impossible for bots to "peep" at human intentions use.
10 Typical Case Studies on MEV and market manipulation
Tan Phat Digital has compiled 10 typical cases illustrating the power and sophistication of MEV actors:
Jaredfromsubway.eth's v2 strategy:This entity dominated 70% of the sandwich market on Ethereum in 2025 by using "central transaction" to optimize slippage for up to 4 victims in a block.
"Black Monday" event (August 5, 2024): When the market dropped sharply, MEV Builder 0x3b collected 1,448 ETH (about 3.5 million USD) in just one day thanks to the construction of blocks containing a series of liquidation and price arbitrage transactions.
Salmonella Counterattack: A developer created a "poisonous" token with a fake money transfer backdoor to trap sandwich bots. As a result, Searchers' bot was drained of more than 100 ETH before realizing the error in the simulation.
Bot E6Y on Solana: This bot was recorded to have conducted transactions worth more than 1.6 billion USD within 30 days, accounting for 42% of the total sandwich attack volume on Solana and raking in 57,400 SOL in revenue.
The Peraire-Bueno Brothers Case: The brothers were indicted for allegedly using a complex sandwich technique to exfiltrate $25 million from Ethereum's MEV system, leading to a high-profile federal criminal case in late 2025.
Flashbots Relay Vulnerability Exploitation: An attacker used the transaction "honeypot" to trick the sandwich bot into sending an extremely large bundle (2,454 WETH) into an extremely low liquidity pool, then taking advantage of the relay's leak vulnerability to drain the bot's assets.
JIT Liquidity Peak (November 2021): A historic period when instant liquidity attacks on Uniswap V3 reached a huge scale with an average attacked transaction value of up to 1.5 million USD per order.
Sniping on Friend.tech: MEV bots on the Base network used mempool leaks to monitor ETH transfers and automatically purchased "Keys" of famous accounts as soon as they joined the platform, profiting from the immediate price increase.
Mimecoin mining MANYU/WETH: Jared's bot has continuously targeted this trading pair since July 2025, carrying out 65 sandwich attacks and extracting nearly $19,000 in profits from retail users.
Ethereum Foundation's ETH transfer (August 26, 2024): A transaction transferring a large amount of ETH to the Kraken exchange caused a huge MEV wave, causing gas fees to skyrocket and arbitrage bots to operate with record frequency to balance the price.
Frequently Asked Questions (FAQ) about MEV
Below is a compilation of the 15 most common questions about MEV compiled by Tan Phat Digital:
What is MEV in the simplest terms? MEV is the "hidden tax" or extra extracted value that miners or validators get by manipulating the order of transactions in a transaction. block.
Is MEV harmful to the average user?Yes. Forms such as sandwich attacks directly cause users to buy more expensive or sell cheaper due to being forced to slide the maximum price.
Are all types of MEVs bad "attacks"? No. "Sane" forms of MEV like arbitrage help balance prices across exchanges, and liquidation helps keep lending protocols clear of bad debt.
How do I avoid a sandwich attack? Users should set slippage as low as possible and use private RPCs like Flashbots Protect to keep transactions from being exposed in the public mempool mining.
Why is MEV on Solana different from Ethereum? Ethereum operates as a slow block auction house via PBS, while Solana is more like a high-frequency exchange (HFT) based on speed and Jito's tipping mechanism.
What is OEV (Oracle Extractable Value)? OEV is the profit gained from mining latency or inaccuracy of price oracles, often occurring during loan position liquidation events.
What role do Flashbots play in the MEV ecosystem? Flashbots is a research organization that aims to mitigate the negative impacts of MEV by creating a private bundles auction market, helping to protect users and maintain decentralization.
What is a Time-bandit attack? This is the act of a validator intentionally "rewriting" the history of the blockchain (re-org) to usurp the huge MEV opportunities that have passed in old blocks.
How is Uncle-bandit attack different from Time-bandit? Uncle-bandit aims to copy profitable transactions from "uncle" blocks (not in the main chain) to re-execute in the main chain, instead of reversing history chain.
Does MEV exist on the Bitcoin network? Yes, but extremely limited because Bitcoin does not have complex smart contracts and large DEXs like Ethereum.
What is "Gas Golfing" technique? This is optimizing code at the bytecode level (like bitshifting or using vanity addresses) to make transactions consume the least amount of gas, helping MEV bots pay optimal fees. Higher priority than competitors.
How does JIT Liquidity affect liquidity providers (LPs)? JIT liquidity hijacks transaction fees by adding massive liquidity right before a large swap, diluting long-term LPs' profits by up to 85%.
Is MEV legal? Currently MEV is still in a legal gray area. However, some cases such as the Peraire-Bueno brothers being prosecuted for appropriating 25 million USD via MEV show that authorities are starting to intervene.
What is LVR (Loss-Versus-Rebalancing)? LVR is an index that measures LP losses compared to self-rebalancing of assets on a centralized exchange, often caused by arbitrage bots exploiting outdated prices on the exchange. DEX.
- The future of MEV warfare will shift from single attacks to restructuring the consensus layer and applying strong privacy-preserving technologies.
Tan Phat Digital believes that for professional users and institutions, adopting protection tools like Private RPC and participating in transaction flows with returns is no longer an option but an essential requirement to preserve capital in the volatile DeFi environment. We are committed to continuing to accompany you in updating the most advanced blockchain security knowledge and solutions.
Share
