- A Solana sandwich attack drained 13.27 SOL in seconds, showing how fast front-running can exploit blockchain trades.
- RPC endpoints can expose users to high-frequency attacks; traders must monitor transaction sequencing closely.
- Pump.Fun token moves to exchanges raise sell-off risks, highlighting how team activity influences market sentiment.
A high-speed sandwich attack on Solana drained 13.27 SOL (~$1,117) from a user in under a second early this morning. The incident occurred at 01:27:37 AM on March 7, 2026, when a victim attempted to purchase OILVAULT via Pump.Fun.
According to Dave, the attacker quickly identified the pending transaction and submitted their own buy order for 11.65 SOL. By slightly increasing the transaction fee, the attacker secured block inclusion ahead of the victim, causing the OILVAULT price to spike. Consequently, the attacker swapped the tokens back to SOL, netting a profit of 13.27 SOL while costing only 0.00004 SOL.
Dave emphasized the risk associated with RPC endpoints, explaining, “When you send a transaction through an RPC endpoint, the operator can inspect, delay, or prioritize it, even front-run transactions.” Hence, traders using RPCs must exercise caution, as endpoint operators can influence transaction sequencing, exposing users to high-frequency attacks like this one.
How Sandwich Attacks Work
Sandwich attacks exploit transaction timing on blockchains. Attackers monitor pending transactions and submit buy and sell orders to manipulate token prices temporarily. Besides Solana, this tactic can occur on other high-speed networks where transaction ordering is predictable.
In this case, the victim’s 13.04 SOL purchase triggered a brief price increase, which the attacker capitalized on immediately. Moreover, minimal transaction fees allowed the attacker to achieve rapid execution without significant cost, showcasing the efficiency of targeted front-running strategies.
Market Response and Team Activity
Pump.Fun has largely remained neutral regarding recent developments, leaving market sentiment driven by retail investors and on-chain users. Additionally, data from March 6 indicates the project’s team moved PUMP tokens to Bitget.
One of the transactions included 1.75 billion PUMP, which equates to $3.54 million. The other included 5,000 PUMP, which equates to 10 dollars. As a result, there have been worries over the potential for a sell-off from private wallets to centralized exchanges.
In addition, this particular event mirrors recent software supply chain attacks. Last September, a phishing email targeted the account of qix, a prominent Node.js contributor. This allowed attackers to distribute the popular software packages, which had crypto-focused payloads.
Nevertheless, unlike the recent attack, the Solana sandwich attack caused considerable financial loss. This shows the flaws in the blockchain-based transaction system.
