MEV Bots: What Do We Know About Them and How Can We Defend Ourselves?

It’s strange to think that while a significant portion of Earth's population still lacks access to the internet, clean water, medicine, and other basic necessities, another part is engaged in a hunt for MEV—essentially a form of temporal warfare. In this scenario, for some, it’s about a present that has yet to unfold, while for others, it’s already an established future.

Let's break it all down step by step and outline some practical strategies to counter these MEV bots. But the question remains—should we even resist them at all?

MEV Bots – What Are They?

In essence, MEV bots are something even more advanced than AI agents. While they may seem like simple programs, they are actually a complex set of smart contracts and additional scripts (such as mini-oracles and "daemons" monitoring the blockchain) designed to generate profit from on-chain activities.

Remember the a16z thesis that the first fully autonomous AI bot would be one that runs a full node and uses its rewards to "extend its own life"? I genuinely believe that most modern MEV bots operate on a similar principle.

MEV bots (Maximal Extractable Value) are automated programs that analyze blockchains and execute transactions to extract the highest possible profit by exploiting the structure of blocks and the transaction validation process.

They employ various strategies, such as:

• Front-running – placing transactions ahead of profitable trades by other users.
• Sandwich attacks – inserting trades before and after a large transaction to manipulate prices.
• Arbitrage – profiting from price discrepancies between decentralized exchanges.
• Liquidations – capitalizing on liquidations within DeFi platforms.

What does the bot look like?

Something like this:

More precisely, this is what a part of its backend looks like, placed in a smart contract: https://etherscan.io/address/0x00000000003b3cc22af3ae1eac0440bcee416b40#code – note that this contract includes the ReInit function.

Types of MEV Bots

MEV bots can be categorized into several types:

1. Arbitrage bots – these search for price differences between DEX platforms.
2. Front-running bots – they insert their transactions before user transactions to gain a profit.
3. Sandwich bots – they manipulate prices on DEX by placing trades on both sides of a user's transaction.
4. Liquidation bots – they automatically liquidate undercollateralized borrower positions.
5. Time-Bandit bots – these can rewrite block history on blockchains with adjustable rewards.

More often than not, we encounter hybrid bots that exploit multiple mechanics to achieve their ultimate goal.

But that’s just the theory. Let’s take a look at the statistics—practical cases from the past and real-world examples from today.

MEV Statistics

You can explore quite a few key insights at this link: collective.flashbots.net/t/publishing-flashbots-protect-and-mev-share-data/3087. However, I’ll highlight some of the most important points.  Take a closer look, for instance, at this MEV bot revenue:

You can also analyze the details in real-time using this link: https://dune.com/defi_wonderland/mev-bots.

Next, I’d like to include a screenshot—though outdated in terms of time, it remains highly significant in essence:

And perhaps the most telling highlight:

Attack Examples

Not long ago, a cryptocurrency trader swapped ~$732,583 in USDC for ~$18,636 in USDT across six separate transactions, falling victim to a major sandwich attack.

The trader used the USDC-USDT liquidity pool on Uniswap V3. According to Michael Nadeau, founder of The DeFi Report, an MEV bot front-ran the trader’s transaction, creating a price disparity between the two assets. The bot also instructed the block builder bobTheBuilder to process its transaction first.

To extract profit, the attacker used specialized bot software to scan the mempool for large, pending swap transactions on decentralized platforms. The attacker then initiated two transactions—one before and one after the victim's swap—forming a "sandwich". The first transaction artificially inflated the price of the tokens the victim intended to buy. The attacker then profited by selling the assets at a higher price.

Let’s look at another similar case: Transaction link and screenshot for quick reference: (attached below):

We can see that $220,762.89 USDC was swapped in the Uniswap V3 pool for only $5,271.11 USDT, which is, of course, far from ideal—resulting in a total loss of $214K.  But how did this happen? Let's take a closer look:

Here, it’s important to note that this is the second transaction in the block and the first transaction for the sender's address.

In the first transaction of the block, the MEV bot manipulated the Uniswap pool, creating an imbalance (as cited): link. And here’s how it looks: (screenshot attached below).

And in this very transaction, a clever cross-loan (AAVE) was executed, followed by a swap (Curve + Uniswap).  As a result, a massive $18 million was suddenly injected into the Uniswap pool, causing a severe imbalance:

And now— this is crucial!  The very next transaction in the block was also executed by the MEV bot, where the loan was repaid. Transaction link.  And here’s how it looks: (screenshot attached below):

So, what are we looking at here? Exactly—a classic sandwich attack!  (There’s a strong suspicion that such an attack wouldn't be possible without collusion with the block producer. Why? Because the block contains only eight transactions, which is quite unusual given the current network activity.)

What else should you know?

Let’s check the event logs for the initial transaction:

What do we see here?

In short:

• Input/output amount
• Liquidity
• Tick

What is a tick?

Let’s refer to the original source: In the context of providing liquidity on Uniswap, a tick is the smallest unit of measurement used to determine specific price ranges where liquidity can be placed:

• Each tick represents the smallest segment of price space where liquidity can exist.
• Each fee tier has its own tick spacing, which helps pools track liquidity efficiently.
• The tick spacing defines how close price levels can be for liquidity placement.

For example: lower fee tiers allow for tighter spacing of active ticks, enabling liquidity providers to fine-tune price ranges more precisely.

Note:

• Basis points (bps), also called "bips," are another way to express percentage price changes in a pool.
• 1 tick = 1 bip = 0.01% (or 0.0001 in decimal form).
• Tick values range from -887,272 to 887,272 in Uniswap v3.

Tick spacing determines valid tick positions for upper and lower liquidity ranges. Ticks can also be converted into prices—each Uniswap v3 pool has two price values, expressed as token0 and token1.

Now, let’s apply this in practice:  Uniswap uses the price formula:  Price = 1.0001^{tick}, If we plug in tick = -38716, we get: Price = 1.0001^{-38716} ≈ 0.02083.

This means the pool price was set to 1 USDC = 0.02083 USDT, which completely deviates from the real exchange rate (~1:1).  This price imbalance directly enabled the MEV attack, allowing the bot to exploit the mispriced liquidity pool.

Important Note

Stories about sandwich attacks and major swap losses may sometimes be disguised hacker transactions. These transactions are vulnerable to arbitrage bot attacks, which the hackers themselves control.

At first glance, it appears that an inexperienced trader is losing money. In reality, attackers compensate for the losses through arbitrage profits earned by their controlled software. The most critical part? Blacklisted assets get laundered as bot trading profits, bypassing many monitoring systems.

Experts claim that such techniques are already being used by the Lazarus Group. Source: Lazarus is sandwich-attacking its own trades to launder crypto.

Techniques, Methods, and Protection Strategies

Method #00: Research

Spending just 1-3 minutes to check the contract you’re interacting with, verify transaction history, and review input/output parameters can often save you more than anything else.

For deeper insights:

• Keep an eye on Rekt and similar sources.
• Stay updated on new attack vectors and emerging MEV exploitation techniques.

Method #01: Manual Approach – Don't Overpay

Even though Curve strategies are reported to handle large swaps efficiently , I always break my transactions into smaller chunks —even if the pool looks perfect. (About swaps: article 01 and article 02).

Yes, this might seem like a primitive approach, and it may increase transaction fees, but isn't it better to pay a bit more in fees than lose a significant portion of your funds due to a simple swap?

Let's take the examples above: even if a bot targeted a trader swapping $220K for $5K, but the trader only swapped $10K at first, receiving around $1K, they would immediately stop further transactions, preventing massive losses.

Method #02: Semi-Automatic Approach – Slippage Control

You probably already know what slippage is (if not, look up the definition).

But here’s the key point: manually setting, testing, and understanding slippage is one of the most critical self-protection tools in DeFi.

For example, if you're making a 1:1 swap and after exchanging 100 tokens, you receive only 98, then your slippage was set around 2%.

Additionally, some aggregators optimize swaps in real-time. These platforms display the minimum amount you’ll receive because super-nodes (which may have different names) optimize:

• Fee costs;
• Routing efficiency;
• MEV protection strategies.

This is why understanding slippage is a necessary (though not sufficient) skill in DeFi.

Method #03: Automated Approach – RPC

Here are two examples.

First example: gashawk.io. You can check your wallet immediately—just enter your address in the corresponding field:

And then it's simple:

• Go to the dAPP.
• Connect your wallet.
• Set up the RPC.

Second example:protect.flashbots.net/summary.  The process is the same—authorize and configure the settings.

Method #04: Automated Approach – Aggregators

However, it's not just aggregators—many AMMs (DEXs) also implement protective measures for their users:

In the screenshot above, I enable MEV protection on PancakeSwap and successfully activate it:

After that, I can proceed with swaps. In this specific example, it's redundant, but that's the point of a demonstration. Among aggregators, I’d highlight 1inch and Odos. However, you can also try DeFiLlama (a meta-aggregator) and Paraswap.

In Conclusion

Don't assume that MEV is only used in negative scenarios—of course not! Here’s a recent example:

Flashblocks is a technology developed in collaboration with Flashbots, a company known for its Ethereum tools and MEV-related solutions.

Flashblocks enhances transaction processing speed by streaming pre-confirmed blocks every 200 milliseconds, significantly reducing the risk of transaction reversion.

A well-known DAO, Uniswap, has implemented a similar solution, reducing block time on Unichain to just 0.25 seconds.

The Flashblocks architecture is inspired by advanced techniques in block propagation and execution, such as "shreds" in Solana and "data squares" in Celestia. Now, Base is also adopting this innovation.

Of course, the dark forest will always be a dangerous place for an unprepared traveler, but explorers, adventurers, and risk-takers will always find something fascinating within it!

Links

• mev.wiki
• flashbots.net
• explore.flashbots.net
• protect.flashbots.net/explorer
• dune.com/hildobby/sandwiches
• github.com/flashbots/mev-explore-public
• https://bankless.ghost.io/rise-of-the-liquidity-robots-