Jito cracks down on Solana validators after on-chain report exposes MEV abuse

Jito, one of the main providers of block building and liquid staking, has banned another 15 validators for evidence of sandwich attacks. A recent report showed transaction reordering was still happening, and up to 6% of proposed blocks by validators contained sandwiched attacks. Jito, one of the main block-building and liquid staking services, has banned another 15 validators from receiving ￰0￱ ban happened after a recent report that validators still performed sandwich attacks, front-running Solana ￰1￱ responded to a recent report on various types of sandwich attacks, which led to another wave of validator ￰2￱ response to the recent @0xGhostLogs sandwiching report, the JitoSOL Blacklist Committee has banned 15 additional validators from receiving JitoSOL ￰3￱ you stake matters. 🛡️ — Jito (@jito_sol) October 22, 2025 Previously, Jito has also fought against dishonest validators that relied on dishonest block building and front-running ￰4￱ latest problem with dishonest block proposals was uncovered by on-chain researchers from ￰5￱ discovered anomalous transactions in 23 validators, which relied on staking pools from Marinade and ￰6￱ of those validators also received subsidies from the Solana ￰7￱ proposing a new block as a leader, over 6% of leader slots contained sandwich attacks, targeting retail ￰8￱ validators had a larger share of wide sandwich attacks, with most of the traffic targeting specific apps and small-scale meme token trades. |) Ghost explains: Wide Sandwich Attacks (with updated website at the end) We looked at a full year of Solana trades and found that wide (multi-slot) sandwiches extracted 529,000 ￰9￱ sandwiches now account for 93% of all sandwiches ￰10￱ — Ghost (@0xGhostLogs) October 15, 2025 This type of attack extracted 30K to 60K SOL per month, with a record 87,000 SOL in January ￰11￱ this type of attack, a slot leader that proposes blocks can reorder transactions and avoid ￰12￱ increased DEX activity, sandwich attacks are undermining confidence in using Solana as a retail trade ￰13￱ also wait for high-value transactions, which can be visible in private mempools.

Then, they can inject trades of their own, which causes loss for the original trader. Axiom, Bloom, and Photon users were most affected The main source of attack was private mempools and lists of upcoming transactions, which were shared among ￰14￱ entity can apply to propose Solana blocks and become a validator, with limited governance tools to avoid dishonest ￰15￱ validators apparently colluded in some cases, targeting specific Solana ￰16￱ 70% of extracted SOL came from users on the Axiom trading platform, followed by Bloom and ￰17￱ bulk of sandwich attacks make less than $1, but some lead to as much as $10K in losses. Overall, some attackers pay up to 10 SOL in daily fees for priority transactions and ￰18￱ coin traders were the most affected, further adding to the volatility of newly launched assets and low-cap ￰19￱ of aggregators and wallets were relatively unaffected, due to a different order flow and ￰20￱ you're reading this, you’re already ￰21￱ there with our newsletter .