The MEV Strategy Map: Eight Plays, and Why Most Don't Fit a Solo Builder
Why I Stopped to Draw the Map
I have been head-down on one thing for months: a cyclic arbitrage bot on Solana. Every commit, every log line, every Rust compile timer has pointed at the same narrow problem — find a price gap between AMMs, route the swap, atomically extract the spread. So when someone recently asked me, half in earnest, "Why aren't you also running sandwich attacks? Sniping launches? Copy trading the smart money wallets?", I realized I'd been answering that in my head without ever writing it down.
The honest answer is that MEV is not one strategy. It is a category — a whole shelf of strategies that share one trait (extracting value from the way blocks are ordered) and almost nothing else. The risk profiles, the capital requirements, the moral cost, and the technical surface area are all wildly different. Treating MEV as a monolith is like treating "the stock market" as a single trade. So this piece is the map I should have drawn earlier: every major MEV play I am aware of, what it actually does, who it hurts or helps, and where each one falls on a solo builder's risk-reward grid.
The Big Divide: Value-Creating vs Value-Diverting
The most useful split I've seen comes from a November 2024 academic survey (arXiv 2411.03327). It cuts MEV in two:
- Value-creating types — arbitrage and liquidations. These exist because markets need someone to close price gaps and clean up undercollateralized loans. The searcher profits, but the ecosystem also gets something it needed.
- Value-diverting types — frontrunning, sandwich attacks, time-bandit and uncle-bandit attacks. These extract from a specific victim rather than from market inefficiency. The searcher's gain is essentially the user's loss.
Europe's securities regulator pulled this same line in its July 2025 MEV report. The ESMA framing classified arbitrage and liquidations as "benign" and market-neutral, while flagging frontrunning and sandwich attacks as possible "market abuse under MiCA" — the first time a major regulator has put MEV strategies into legal buckets. That alone is a signal worth pricing in. A toxic strategy that's profitable today might be a sanctionable activity tomorrow.
The Ethereum Foundation's education hub on MEV and a leading oracle provider's education hub on MEV both anchor their explanations around the same divide, though they use friendlier language. The vocabulary is converging because the distinction is real.
With that frame in place, here is each strategy, from the most benign to the most predatory.
Arbitrage: The Plain Vanilla
The Ethereum Foundation calls DEX arbitrage "the simplest and most well-known MEV opportunity". The mechanic is exactly what it sounds like: a token trades at one price on DEX A and another price on DEX B, a searcher buys the cheap side, sells the expensive side, and pockets the spread — all inside a single atomic transaction so there's no half-executed mess if the math goes wrong.
Three concrete examples from the research show the range of scale. The Ethereum Foundation documents a searcher converting 1,000 ETH to 1,045 ETH by exploiting ETH/DAI pricing differences between Uniswap and Sushiswap. A blockchain analytics firm walks through a trade involving 2,857 ETH and 8.9M USDC across multiple platforms, ultimately netting 147 ETH in profit. A separate blockchain analytics firm documented a Symbolic Capital Partners arbitrage that netted only 0.015 ETH profit after fees on an MPL trade between Uniswap V2 and Balancer pools. That last one is the more typical shape — most arbitrages are pennies-on-the-dollar wins, not Hollywood paydays.
The aggregate matters more than any single trade. According to a blockchain analytics firm, arbitrage transactions make up the majority of MEV transactions, and they cite third-party data showing arbitrage generated $3.37 million in profit over a 30-day period in September 2025. The academic survey breaks arbitrage into seven structural subtypes — ordered cyclic, reverse-ordered cyclic, unordered cyclic, NFT cyclic, multi-address, burn-and-mint, and set-token — which is roughly the difference between "flipping items between two Walmarts" and "running a multi-leg supply-chain trade with token wrappers in the middle."
The reason arbitrage sits at the top of every solo-friendly MEV list is the risk shape. If your transaction reverts, you pay gas (on Ethereum) or compute units plus tip (on Solana) and walk away with nothing. You do not lose your principal. You don't take directional exposure if you size correctly. You don't harm anyone directly — arguably, the price discovery you contribute makes markets work better. This is the boring, math-heavy, math-honest end of MEV. It's also why I'm here.
Backrunning and JIT Liquidity: The Polite Side
If arbitrage is the plain vanilla, backrunning and JIT are its slightly fancier cousins. Both extract value, but both leave the original user largely unharmed.
Backrunning means placing your transaction immediately after a victim's trade, often by deliberately using a lower priority fee so the victim goes first. The classic case: a whale dumps a large swap on a DEX, the pool's price moves significantly, and a backrunner immediately arbitrages the resulting imbalance against another pool. A blockchain analytics firm's framing is the cleanest I've seen: "backrunning is considered the least harmful, as if performed by itself, this method simply captures the arbitrage opportunity left over by a large trade without affecting the initial trade itself." The whale gets their swap. The backrunner cleans up the imbalance. Everyone goes home.
Just-in-Time (JIT) Liquidity is more clever. Uniswap Labs' original 2022 explainer lays out the three-transaction structure: a searcher mints concentrated liquidity into the exact price range where an incoming swap will execute, the victim's swap executes against that fresh liquidity, then the searcher burns the position and collects the accrued fees — all within a single block. A DeFi research firm describes the impact bluntly: for passive LPs, "JIT activity can dilute fee earnings, as high-fee transactions are 'sniped' by ephemeral capital," but for traders, JIT "often results in reduced slippage and better execution prices." Translation: the swap user gets a tighter price; the passive LP gets fewer fees than they otherwise would; the JIT operator captures the difference.
JIT is real, but it's not really a solo-builder game. The same research firm notes that JIT is "accessible primarily to well-capitalized entities," because the whole point is to dominate the concentrated liquidity at exactly the right tick for exactly the right block. If you don't have the inventory to outweigh the existing LPs in that range, your fee share is too thin to matter. Think of it like running a pop-up shop at the same venue as the biggest established vendor — you need enough merchandise to actually be the one customers buy from when the rush hits.
Both strategies are clean in the moral-cost sense, and both share arbitrage's atomic-or-fail risk profile. The barriers are different: backrunning needs careful ordering and good infrastructure, while JIT needs capital and a tight LP simulation.
Liquidations: Repo Work in DeFi
Liquidations are MEV's repo man. DeFi lending protocols like Aave and Compound require borrowers to maintain a minimum collateral ratio. When the price of the collateral drops below the line — usually because ETH or a volatile token took a sudden hit — anyone in the world can call the liquidation function on that position, repay part of the loan, and collect the collateral plus a bonus.
The bonus structure is what makes the strategy attractive. A leading oracle provider's SVR analysis puts Aave's incentive at 5% for ETH and stablecoins and up to 15% for more volatile assets. That same analysis estimates Aave and Compound have each liquidated over $1 billion of positions, with the 5-to-10% bonus discounts equating to roughly $148 million in lost value over the protocols' history.
A blockchain analytics firm documented a concrete example where a liquidator repaid 218,000 USDC and received 88,000 cETH as collateral compensation — the kind of trade that, on paper, looks like a foreclosure auction win. The Ethereum Foundation's framing of the competitive dynamic is sober: "Searchers compete to parse blockchain data as fast as possible to determine which borrowers can be liquidated and submit liquidation transactions." Most of the modern liquidation game is a fixed-spread, first-come-first-served sprint, though the academic taxonomy notes that some protocols are experimenting with auction-based models.
One notable response to liquidation-driven MEV: Aave is integrating a leading oracle provider's Smart Value Recapture (SVR) oracles, which sell searchers the right to back-run price feed updates and return the proceeds to the protocol. The announcement claimed SVR can capture "at least 40% of all MEV leaks." That's a self-disclosure from the protocols involved, so read it with the usual marketing-claim discount, but it signals a clear direction: protocols are no longer letting liquidation bonuses leak out unrecaptured.
Liquidations are higher-risk than arbitrage. You need capital to repay the loan, you carry price risk between executing the liquidation and selling the collateral, and the gas competition during major liquidation cascades is brutal. But the work itself is structurally similar to arbitrage — you're paid to do something the protocol needs done.
Frontrunning and Sandwich Attacks: The Toxic Side
Here the map crosses a line. Frontrunning and sandwich attacks don't capture inefficiency; they create harm and pocket the result.
Frontrunning in its classic form is the searcher placing their transaction before a known target by paying a higher gas price, capturing the value the original trader expected. The academic survey breaks it into three flavors: displacement (replay the same transaction with higher gas so the victim's tx fails), replacement (substitute the recipient address so the action succeeds but payment goes to the attacker), and suppression (flood the network with gas-intensive transactions so the victim's tx doesn't make the block at all). A leading oracle provider's writeup of generalized frontrunners is particularly grim — these bots don't even need to understand the transaction they're copying. They just scan the mempool and "replace any occurrence of the user's address in the transaction payload with their own." The Ethereum Foundation documents a case where a white-hat rescue attempt was thwarted because a generalized frontrunner copied the rescue transaction before the rescuer could execute it. The bot didn't know it was hijacking a rescue. It just saw a profitable shape.
Sandwich attacks combine frontrunning and backrunning into a single move. A blockchain analytics firm's named example is clear: Eve spots Alex's pending 15 ETH buy, buys ETH first to push the price up to Alex's slippage tolerance, lets Alex's trade execute at the inflated price (pushing price higher still), then immediately sells into the elevated price. Alex pays more for less ETH. Eve walks with the difference. The academic taxonomy lists five subtypes: single-DEX, cross-DEX, multi-layered "burger" sandwiches, Dagwood attacks (multiple front-runs with a single back-run), and liquidation sandwiches.
The data on how common this has become is grim. A December 2024 study found 4,400+ sandwich attacks per day on average, with 124,946 attacks recorded in October 2024 alone. Even private-channel sandwich attacks — supposedly protected via Flashbots-style services — showed 2,932 attacks affecting 3,126 private victim transactions over November–December 2024, producing $409,236 in losses and $293,786 in attacker profits. And a November 2025 study on cross-chain sandwich attacks between August 10 and October 10, 2025 found $5.27 million in profit, equivalent to 1.28% of total bridged volume.
The math on a single attack is often awful. The December 2024 study highlights one successful sandwich that generated revenues of 0.054139 ETH ($128.34) against costs of $124.03 — net profit of $4.32 to the searcher, with most of the value going to the block builder. So you have an industry running tens of thousands of attacks per day, hurting real users, and the median operator is netting four dollars per hit. It's the digital equivalent of running a lemonade stand where each cup nets you four pennies, except your customers are upset, regulators are watching, and your supplier (the block builder) is taking most of the margin.
The Ethereum Foundation notes that sandwich attacks are "riskier" than arbitrage and explicitly "prone to a salmonella attack" — a defensive technique where users embed traps in their transactions to punish sandwich bots. That trap-laying culture is now mature enough that there are publicly known recipes for it. Even on the pure-pragmatism axis, this is not a great business to start in 2026.
Sniping and Copy Trading: The Wild West
The last cluster is the one most retail traders have heard of, and also the one with the worst risk profile.
Token launch sniping is buying a newly listed token within milliseconds of the pool being created, before regular users can react. A crypto infrastructure provider and a media outlet both describe the mechanic: bots scan for new pool deployments, submit buy transactions the moment liquidity is added, often via private RPC endpoints or direct validator connections. The media outlet's explainer on Solana sniping describes the environment well — Solana lacks a public mempool, yet transactions are observable through RPC queues and bundle relays, so sniper bots can pre-position before organic demand arrives. A blockchain analytics firm's industry report values the crypto trading bot market at $1.4 billion in 2024, projecting $4.8 billion by 2033 at a 15.5% CAGR from 2026 to 2033. There is real money in this space. There is also a massive failure rate; most sniped tokens are rugs, dumps, or short-lived hype cycles that punish whoever holds the bag.
NFT sniping is a thinner version of the same idea — exploiting underpriced listings or contract vulnerabilities. The Ethereum Foundation documents an NFT MEV event where a searcher spent $7 million to purchase all Cryptopunks at floor price by exploiting a contract bug. It's a single anecdote, not a strategy template, but it gives you a sense of the surface area.
Copy trading on-chain sounds clever — find consistently profitable wallets, mirror their trades the moment you see them — but it has an asymmetric failure mode the others don't. A January 2026 academic paper titled "Resisting Manipulative Bots in Meme Coin Copy Trading" documents how manipulators specifically construct honey-pot positions to lure copy bots: they buy a token with one wallet, let copy bots pile in, then dump from a different wallet, leaving the copy bots holding the bag. The paper's key line is the part that should make you uneasy: "Despite the prevalence of these attacks, neither industry nor academia has established a copy-trading framework robust to manipulative bots." There is no known recipe for separating real smart-money signals from deliberately constructed traps. The entire strategy is built on detecting a signal that hostile actors are actively manufacturing to hurt you.
These two clusters share a property: they push the searcher into directional exposure. You're holding the token, hoping it goes up. You're not closing a price gap. You're not maintaining protocol solvency. You're betting, and the counterparty is often a coordinated adversary, not market noise.
The Risk Spectrum (and Where a Solo Builder Fits)
If I lay out the strategies on a risk axis, the spread is large:
- Low risk — DEX arbitrage, backrunning. Atomic execution, no directional exposure, profits come from spread or residual imbalance. Bad day means a reverted transaction and lost gas.
- Low-to-medium risk — JIT liquidity. Same atomic structure but requires real capital and tight LP modeling.
- Medium-to-high risk — Liquidations. Capital-intensive, gas wars during cascades, price risk between liquidation and sale.
- High risk, ethically toxic — Frontrunning, sandwich attacks. Direct harm to users, regulatory exposure under MiCA and likely future frameworks, increasingly small per-attack margins after builders take their cut.
- Very high risk — Token launch sniping. Directional bag-holder risk, dominated by rug pull rate.
- Worst risk-reward — Copy trading. Asymmetric trap risk, no proven defensive framework, hostile counterparties actively constructing the signal you're chasing.
The Ethereum Foundation's cumulative numbers give some scale to the whole market. A leading oracle provider's education hub cites $78M extracted in early 2021 growing to $554M by year-end 2021, and over $686M extracted to date. The arXiv survey adds that pre-Merge MEV (2021 to September 2022) totaled roughly 440,000 ETH, with another 180,000 ETH extracted post-Merge through May 2023. A financial news outlet's framing — that MEV has rapidly escalated into a multi-billion dollar industry — is consistent with that trajectory.
For a solo builder with one set of hands, no Ferrari-tier infrastructure, and no desire to harm anyone, the playable region is narrow. Arbitrage. Maybe backrunning if the infrastructure pieces line up. Liquidations if you have capital to spare. Everything to the right of that line either requires resources I don't have (JIT, large-scale sniping operations), requires harm I'm not interested in causing (frontrunning, sandwich), or is built on a signal that hostile actors are actively poisoning (copy trading).
That's the answer to the question I never wrote down: I'm not running sandwich attacks because the per-attack net is four dollars on a $128 ticket, the legal classification is moving in the wrong direction, and the user pays the cost. I'm not sniping launches because the rug rate dominates the upside. I'm not copy trading because there is no known way to filter manipulators out of the smart-money signal. I'm doing arbitrage because the failure mode is "reverted tx, lost some compute units, learned something" — not "held a bag" and not "hurt a user."
What This Means Going Forward
A few things follow from the map.
First, the strategy mix matters more than the strategy. A bot designed for arbitrage can often layer in backrunning opportunistically — both rely on the same kinds of infrastructure (fast simulation, atomic routing, low-latency awareness of pool state) but trigger on different signals. That kind of layering is realistic for a solo builder. Adding sandwich attacks on top would require a completely different posture toward users and regulators, and would not share infrastructure cleanly anyway.
Second, the regulatory frame is shifting. The ESMA July 2025 taxonomy is the first regulator-level line between benign and toxic MEV, but it will not be the last. Anything classified as "toxic" in that report is sitting on a clock — at some point it transitions from "merely unpopular" to "materially illegal in major jurisdictions." Strategies on the benign side of the line are not just lower-risk technically; they're lower-risk legally.
Third, the protocol-level countermoves are accelerating. Aave's SVR integration, Flashbots-style private channels (which paradoxically the December 2024 paper shows are now also being exploited), salmonella attacks against sandwich bots, and the general drift toward proposer-builder separation are all reducing the rent extractable from the toxic strategies while keeping the value-creating strategies functional. The slope of those countermoves favors arbitrage and liquidations over sandwich and frontrunning.
For a solo developer, the map is reassuring even when it's narrow. The strategies I have access to are the ones that scale most reliably, attract the least regulatory attention, and require the smallest moral compromise. The strategies I don't have access to — the well-capitalized JIT, the industrial-scale sandwich operations, the institutional copy-trading detection — are largely strategies I wouldn't want even if I had the resources.
The bot keeps running. The map is now drawn. Some days I look at it and feel narrow; most days I look at it and feel honest.
Key Takeaways
- MEV is a category, not a strategy. The split between value-creating (arbitrage, liquidations) and value-diverting (frontrunning, sandwich, time-bandit) is the most useful first cut, and the ESMA July 2025 taxonomy now mirrors it at the regulatory level.
- Arbitrage is the entry point for a reason. It's atomic-or-fail, doesn't harm users, makes up the majority of MEV transactions per a blockchain analytics firm, and has no directional exposure when designed correctly.
- Sandwich economics are worse than they look. Tens of thousands of attacks per month, with builders taking the bulk of value and per-attack net profits sometimes measured in single dollars per the December 2024 study.
- Sniping and copy trading carry the worst risk-reward. Both pull the searcher into directional exposure against actively hostile counterparties; the January 2026 paper shows copy trading has no known defensive framework against manipulative bots.
- Solo builders fit on the left side of the spectrum. Arbitrage, opportunistic backrunning, and possibly liquidations — that's the realistic playing field. Everything to the right requires capital, infrastructure, ethical compromise, or all three.
Disclaimer
This article is for informational and educational purposes only and does not constitute financial, investment, legal, or professional advice. Content is produced independently and supported by advertising revenue. While we strive for accuracy, this article may contain unintentional errors or outdated information. Readers should independently verify all facts and data before making decisions. Company names and trademarks are referenced for analysis purposes under fair use principles. Always consult qualified professionals before making financial or legal decisions.