Skip to main content

Fighting MEV in 2026: How MEV-Blocker, BuilderNet, and CoW Swap Race to Protect DeFi Before Ethereum's ePBS Resets the Game

· 12 min read
Dora Noda
Dora Noda
Software Engineer

Eighty percent of DeFi transactions on Ethereum no longer touch the public mempool. They flow through private RPCs, encrypted enclaves, and batch auctions designed to hide intent from a parasitic ecosystem of bots that extracted roughly $24 million from users in a single 30-day stretch between December 2025 and January 2026. The public mempool — once celebrated as Ethereum's transparent, permissionless front door — has become the place sophisticated traders avoid at all costs.

That migration tells the real story of MEV in 2026. Three architectures now compete to define the future of transaction privacy on Ethereum: user-facing private RPCs led by MEV-Blocker and Flashbots Protect, decentralized block builders running in trusted execution environments under the BuilderNet umbrella, and intent-based batch auctions pioneered by CoW Swap. Each attacks a different layer of the MEV supply chain. And each is about to confront a tectonic shift — Ethereum's Glamsterdam upgrade, scheduled for the back half of 2026, will move proposer-builder separation directly into the protocol via EIP-7732, potentially obsoleting the relay infrastructure these services depend on.

The $500M Problem That Won't Sit Still

MEV — maximal extractable value — is the profit a sophisticated actor can capture by reordering, inserting, or censoring transactions inside a block. Sandwich attacks, frontrunning, and just-in-time liquidity provision are the visible tip; the iceberg includes opaque order flow auctions, bilateral builder deals, and statistical arbitrage on every block.

The numbers are blunt. EigenPhi data shows monthly sandwich extraction peaked near $10 million in late 2024 before falling to roughly $2.5 million by October 2025 — a decline that mirrors the rise of private RPCs, not a slowdown in bot sophistication. Roughly 70% of all sandwich attacks remain associated with a single entity, jaredfromsubway.eth, whose v2 bot now targets up to four victims simultaneously. The total MEV capture across all strategies still runs around $24 million per month on Ethereum alone, which annualizes north of a quarter billion dollars siphoned from end users and into builder profits.

What changed is not the bot population. What changed is where the transactions live. With the introduction of Proof of Stake and proposer-builder separation, the transaction supply chain shifted from the public mempool to a constellation of private RPCs that submit transactions directly to builders, conducting order flow auctions to capture backrun rebates and gas refunds along the way. Roughly 80% of DeFi flow now bypasses the public mempool. The question isn't whether to use a private mempool — it's which one.

Architecture One: Private RPCs as the User's Shield

The simplest answer is the one most users actually adopt. MEV-Blocker, Flashbots Protect, Merkle, Blink, and a wave of imitators including Polygon's recently launched Private Mempool all sit in the same architectural slot: a user changes a single RPC endpoint in their wallet, and from that moment forward their transactions are routed through a private channel to a curated set of block builders rather than broadcast to the public mempool.

The economics are clean. Flashbots Protect alone processes roughly 3 million transactions per month, accounting for about 7% of total Ethereum transaction volume. MEV-Blocker positions itself as a B2C-friendly product that returns 90% of any backrun MEV captured to the user as a rebate, while Blink targets B2B integration into wallets and infrastructure providers. A 2025 benchmark study that submitted identical transactions to all four major order flow auctions found meaningful differences in inclusion latency and rebate capture, but converged on a clear conclusion: any of them dramatically reduces sandwich risk versus the public mempool.

The trade-off is trust. Users must believe the private mempool operator is not itself frontrunning their transactions, and that the builders downstream are not colluding. The architecture replaces public visibility with private accountability, and accountability requires either reputation or cryptographic enforcement — which is where the second architecture comes in.

Architecture Two: BuilderNet and the TEE Pivot

Flashbots' original ambition was bigger than a privacy RPC. The 2022-2024 vision was SUAVE — Single Unifying Auction for Value Expression — a dedicated chain that would host MEV applications in a decentralized and privacy-preserving way, eventually letting users express trading preferences with cryptographic guarantees that no Flashbots intermediary could front-run them.

That vision shipped a different product. The SUAVE chain was archived in May 2025. In its place, Flashbots launched BuilderNet in November 2024 — a decentralized block-building network running inside trusted execution environments, jointly operated by Flashbots, Beaverbuild, and Nethermind. By December 5, 2024, Flashbots had migrated all builder operations, order flow, and refunds to BuilderNet and ceased running any centralized block builders on Ethereum. The shift was strategic: instead of building a new chain, attack the centralization problem at the existing builder layer.

The architecture matters because of the numbers behind it. Pre-BuilderNet, roughly 90% of Ethereum blocks were built by just two parties, creating an oligopoly where a handful of operators saw every private transaction before settlement. BuilderNet's TEE design encrypts order flow at the hardware level — a builder operator can run the software but cannot inspect the transactions inside, eliminating the principal-agent risk that haunted earlier private mempool designs.

The model is closer to AWS Nitro Enclaves than to a public blockchain. It works because Intel SGX and similar TEE hardware provide remote attestation: any user can verify cryptographically that the BuilderNet operator is running unmodified code on certified hardware before submitting a transaction. The privacy guarantee is not "we promise" — it's "the chip enforces it." That distinction is what lets institutions running nine-figure positions actually use the rails.

Architecture Three: CoW Swap's Batch Auction End-Run

The third model rejects the whole framing. Instead of asking how to hide a transaction from MEV bots, CoW Swap asks why the transaction needs to be ordered at all.

The protocol collects orders for roughly 30 seconds, freezes the order book, and ships the entire batch to a network of competing solvers — independent parties including DEX aggregators, market-making firms, and former MEV searchers — who bid to settle the batch by proposing a complete solution: which orders clear, at what prices, and through which liquidity sources. The winning solver is the one whose solution delivers the most surplus above traders' limit prices.

Two design choices kill MEV at the source. First, all trades in a batch settle at a uniform clearing price for each token pair. If five traders are swapping ETH for USDC in the same batch, they all execute at the same price regardless of order arrival time, so there is no within-batch sandwich opportunity. Second, before touching any onchain liquidity, solvers search for coincidences of wants — two traders who want opposite sides of the same pair — and match them peer-to-peer at the clearing price, bypassing AMMs entirely. A trade matched against another trade has no AMM price impact for a sandwich bot to exploit.

The economic insight is sharp: most retail DeFi swaps are MEV-vulnerable not because they hit the public mempool, but because they hit AMMs in a sequence that bots can predict. Remove the sequence (batch them), and remove the AMM dependence (match peer-to-peer first), and you remove the surface area MEV needs. CoW Swap has settled tens of billions of dollars on this design and inspired a wave of intent-based protocols including UniswapX, 1inch Fusion, and Bebop, all of which use solver auctions of varying flavors.

The ePBS Reset Button

Hovering over all three architectures is Ethereum's Glamsterdam upgrade, which is targeting H1 2026 with EIP-7732 — enshrined proposer-builder separation — as its headline feature. ePBS moves the proposer-builder handoff into the consensus protocol itself, replacing the off-chain MEV-Boost relay infrastructure with an in-protocol commit-reveal flow. Today, 80-90% of Ethereum blocks reach validators through third-party relays. After ePBS, that intermediary disappears.

The implications fork sharply depending on which MEV protection model you are running.

For private RPCs like MEV-Blocker and Flashbots Protect, ePBS is largely orthogonal. The relay layer changes, but users still want to keep transactions out of the public mempool, and builders still want exclusive order flow. The product survives, though some economics around backrun rebates may shift as builder competition intensifies.

For BuilderNet, ePBS is a tailwind. With the relay oligopoly broken, builders compete more directly for proposer attention, and TEE-based decentralized building becomes a credible alternative to monolithic operators like Beaverbuild and rsync. BuilderNet's value proposition — credibly neutral block construction with cryptographic privacy guarantees — only gets sharper when the protocol itself is enforcing a more transparent handoff.

For CoW Swap, ePBS is essentially irrelevant. Application-layer batch auctions sit above the entire block-building stack; their MEV protection comes from how trades clear, not from how blocks are assembled. CoW Swap will benefit modestly from cheaper, more predictable inclusion, but its core thesis is unaffected.

The contrarian read is that ePBS could actually increase sophisticated MEV extraction even as it reduces centralization. Today's relay oligopoly enforces a kind of de facto cartel — a handful of builders share order flow, normalize behavior, and avoid the most aggressive predation strategies because reputation matters. Break the oligopoly, and the resulting builder free-for-all may produce more aggressive MEV strategies, not fewer. The lesson from previous rounds is that MEV is a cat-and-mouse game where every architectural change creates new arbitrage seams.

How Other Chains Are Solving the Same Problem

Ethereum's three-architecture menu is not the only path. Solana's Jito MEV market lets validators capture tips directly without any relay layer; the result is that MEV is mostly internalized to the validator set, with bundle auctions resembling Flashbots circa 2021 but with the protocol revenue flowing to stakers rather than off-chain intermediaries. Base, Coinbase's L2, runs a centralized sequencer that captures sequencer revenue at the operator level, leaving no MEV for third parties to extract — a design that trades decentralization for end-to-end MEV neutralization.

Hyperliquid takes another route entirely: a built-from-scratch L1 with a single sequencer optimized for perpetual futures, where the matching engine itself is the MEV protection layer. The chain's $9.57 billion in open interest sits inside a venue where order matching is opinionated and frontrunning is structurally impossible at the protocol level.

Each of these designs answers the same question — how do we keep value from leaking to bots — with a different trade-off curve. Ethereum's modular menu of MEV-Blocker, BuilderNet, and CoW Swap reflects its modular ethos: rather than one chain enforcing one answer, dozens of services compete to serve different user segments at different points in the supply chain.

What This Means for Builders

The practical takeaway for anyone shipping DeFi infrastructure in 2026 is that MEV protection is no longer a feature — it's table stakes. Wallets that route transactions through the public mempool by default are quietly transferring user funds to bots; the question is when, not whether, the user notices.

The right architecture depends on use case. Spot DEX aggregators and consumer wallets benefit most from intent-based batch auctions or default private RPCs. Institutional venues handling nine-figure positions need TEE-grade privacy guarantees that BuilderNet-style decentralized builders provide. High-frequency derivatives and leveraged positions where execution latency matters more than privacy are better served by sequencer-internalized models like Hyperliquid's.

The protocols that win the next cycle will be the ones that make the right choice invisible to the end user — exposing a single endpoint that handles routing, batching, and MEV protection in the background, while letting the underlying architecture evolve as ePBS lands and the post-relay landscape settles.

BlockEden.xyz provides MEV-aware RPC infrastructure across Ethereum, Solana, Sui, and 25+ other chains for builders who need reliable, low-latency transaction routing without exposing user flow to the public mempool. Explore our API marketplace to build on rails designed for the post-public-mempool era.

Sources

Share on Twitter