Jito, one of the main providers of block building and liquid staking, has banned another 15 validators for evidence of sandwich attacks. A recent report showed transaction reordering was still happening, and up to 6% of proposed blocks by validators contained sandwiched attacks.
Jito, one of the main block-building and liquid staking services, has banned another 15 validators from receiving JitoSOL. The ban happened after a recent report that validators still performed sandwich attacks, front-running Solana traders.
Jito responded to a recent report on various types of sandwich attacks, which led to another wave of validator bans.
In response to the recent @0xGhostLogs sandwiching report, the JitoSOL Blacklist Committee has banned 15 additional validators from receiving JitoSOL stake.
Where you stake matters.
🛡️
— Jito (@jito_sol) October 22, 2025
Previously, Jito has also fought against dishonest validators that relied on dishonest block building and front-running trades.
The latest problem with dishonest block proposals was uncovered by on-chain researchers from 0xGhostLogs. They discovered anomalous transactions in 23 validators, which relied on staking pools from Marinade and Jito. Six of those validators also received subsidies from the Solana Foundation.
When proposing a new block as a leader, over 6% of leader slots contained sandwich attacks, targeting retail trades.
Some validators had up to 12.3% of proposed blocks containing wide sandwich attacks. Wide sandwich attacks continue on Solana, with an estimated 222,272 victims.
Block builders use more sophisticated MEV attacks
Validators have switched to more sophisticated front-running attacks. Previously, attacks happened in single leader slots and were readily detected.
Validators then switched to multi-slot attacks, also known as wide sandwich attacks. Researchers noted 93% of attacks were coming from a so-called ‘wide sandwich’, where the front-running and back-running transactions were not in the same proposed block.
1) Ghost explains: Wide Sandwich Attacks (with updated website at the end)
We looked at a full year of Solana trades and found that wide (multi-slot) sandwiches extracted 529,000 SOL.
Wide sandwiches now account for 93% of all sandwiches pic.twitter.com/XWbVWYyAqE
— Ghost (@0xGhostLogs) October 15, 2025
This type of attack extracted 30K to 60K SOL per month, with a record 87,000 SOL in January 2025.
In this type of attack, a slot leader that proposes blocks can reorder transactions and avoid detection. With increased DEX activity, sandwich attacks are undermining confidence in using Solana as a retail trade platform.
Attackers also wait for high-value transactions, which can be visible in private mempools. Then, they can inject trades of their own, which causes loss for the original trader.
Axiom, Bloom, and Photon users were most affected
The main source of attack was private mempools and lists of upcoming transactions, which were shared among validators.
Any entity can apply to propose Solana blocks and become a validator, with limited governance tools to avoid dishonest behavior. The validators apparently colluded in some cases, targeting specific Solana apps.
Around 70% of extracted SOL came from users on the Axiom trading platform, followed by Bloom and Photon. The bulk of sandwich attacks make less than $1, but some lead to as much as $10K in losses. Overall, some attackers pay up to 10 SOL in daily fees for priority transactions and bribes.
Meme coin traders were the most affected, further adding to the volatility of newly launched assets and low-cap memes. Users of aggregators and wallets were relatively unaffected, due to a different order flow and routing.
The smartest crypto minds already read our newsletter. Want in? Join them.
