This paper identifies a novel cross-chain sandwich attack exploiting temporal asymmetry in liquidity-pool-based cross-chain bridges (e.g., Symbiosis), where source-chain events are emitted before corresponding target-chain transactions are submitted to the mempool—enabling attackers to infer target-chain transaction details in advance and execute precise frontrunning and backrunning, thereby evading conventional mempool-monitoring MEV bots. Method: We systematically model and empirically analyze this cross-chain sandwich pattern, introducing a custom heuristic detection framework validated on two months of on-chain data. Contribution/Results: Our framework detects 5.27M USD in cumulative attacker profits—accounting for 1.28% of total cross-chain transaction volume—demonstrating the complete ineffectiveness of traditional sandwich defenses in cross-chain environments. This work is the first to formalize and empirically validate information asymmetry threats arising from cross-chain message transparency, revealing a critical vulnerability in interoperability primitives.

Cross-chain interoperability is a core component of modern blockchain infrastructure, enabling seamless asset transfers and composable applications across multiple blockchain ecosystems. However, the transparency of cross-chain messages can inadvertently expose sensitive transaction information, creating opportunities for adversaries to exploit value through manipulation or front-running strategies. In this work, we investigate cross-chain sandwich attacks targeting liquidity pool-based cross-chain bridge protocols. We uncover a critical vulnerability where attackers can exploit events emitted on the source chain to learn transaction details on the destination chain before they appear in the destination chain mempool. This information advantage allows attackers to strategically place front-running and back-running transactions, ensuring that their front-running transactions always precede those of existing MEV bots monitoring the mempool of the destination chain. Moreover, current sandwich-attack defenses are ineffective against this new cross-chain variant. To quantify this threat, we conduct an empirical study using two months (August 10 to October 10, 2025) of cross-chain transaction data from the Symbiosis protocol and a tailored heuristic detection model. Our analysis identifies attacks that collectively garnered over (5.27) million USD in profit, equivalent to 1.28% of the total bridged volume.