How users adapt after being sandwiched remains unclear; this paper provides an empirical quantification. Using transaction level data from November 2024 to February 2025, enriched with mempool visibility and ZeroMEV labels, we track user outcomes after their n-th public sandwich: (i) reactivation, i.e., the resumption of on-chain activity within a 60-day window, and (ii) first-time adoption of private routing. We refer to users who do not reactivate within this window as churned, and to users experiencing multiple attacks (n>1) as undergoing repeated exposure. Our analysis reveals measurable behavioral adaptation: around 40% of victims migrate to private routing within 60 days, rising to 54% with repeated exposures. Churn peaks at 7.5% after the first sandwich but declines to 1-2%, consistent with survivor bias. In Nov-Dec 2024 we confirm 2,932 private sandwich attacks affecting 3,126 private victim transactions, producing \$409,236 in losses and \$293,786 in attacker profits. A single bot accounts for nearly two-thirds of private frontruns, and private sandwich activity is heavily concentrated on a small set of DEX pools. These results highlight that private routing does not guarantee protection from MEV extraction: while execution failures push users toward private channels, these remain exploitable and highly concentrated, demanding continuous monitoring and protocol-level defenses.

翻译：用户在遭受夹击攻击后的适应行为尚不明确；本文对此进行了实证量化。利用2024年11月至2025年2月的交易层级数据，结合内存池可见性与ZeroMEV标签，我们追踪了用户在第n次公开夹击攻击后的行为结果：(i) 再激活，即在60天窗口期内恢复链上活动；(ii) 首次采用私有路由。我们将在此窗口期内未再激活的用户定义为流失用户，将经历多次攻击（n>1）的用户归类为重复暴露群体。分析显示存在可量化的行为适应：约40%的受害者在60天内转向私有路由，重复暴露群体的比例上升至54%。首次夹击后流失率达到峰值7.5%，随后下降至1-2%，这与幸存者偏差现象一致。在2024年11-12月期间，我们确认了2,932起私有夹击攻击，影响了3,126笔私有受害者交易，造成409,236美元损失，攻击者获利293,786美元。单一机器人账户主导了近三分之二的私有前置交易，且私有夹击活动高度集中于少数DEX资金池。这些结果表明私有路由并不能保证免受MEV提取：虽然执行失败推动用户转向私有通道，但这些通道仍存在被利用的可能且高度集中，需要持续监控与协议层级的防御机制。