GasTrace is a cascade classification framework designed to detect sandwich attack malicious accounts in Ethereum. Sandwich attacks exploit the Automated Market Maker (AMM) mechanism by manipulating market prices through front-running or after-running transactions. GasTrace analyzes transaction features, particularly Gas features, to identify malicious accounts. The framework consists of two stages: the first stage uses a Support Vector Machine (SVM) with a Radial Basis Function (RBF) kernel to generate predicted probabilities of account categories, which are then integrated into the original feature set. The second stage employs a Graph Attention Network (GAT) to examine the node network, capturing behavioral discrepancies between malicious and legitimate accounts. Experimental results show that GasTrace achieves an accuracy of 96.73% and an F1 score of 95.71% in identifying sandwich attack accounts. The framework's contributions include proposing the first GasTrace framework that leverages cascade classification focusing on Gas features, constructing node networks via predicted probabilities, and evaluating GasTrace on a dataset of 1,834 examples. GasTrace is open-sourced for further research and development. The study highlights the effectiveness of the cascade classification approach in detecting sandwich attack malicious accounts, demonstrating its high accuracy and generalization capability. The framework's performance is evaluated using precision, recall, F1 score, and overall accuracy, with GasTrace showing superior performance compared to the first stage alone. The results indicate that GasTrace is an effective solution for detecting sandwich attack malicious accounts in Ethereum.GasTrace is a cascade classification framework designed to detect sandwich attack malicious accounts in Ethereum. Sandwich attacks exploit the Automated Market Maker (AMM) mechanism by manipulating market prices through front-running or after-running transactions. GasTrace analyzes transaction features, particularly Gas features, to identify malicious accounts. The framework consists of two stages: the first stage uses a Support Vector Machine (SVM) with a Radial Basis Function (RBF) kernel to generate predicted probabilities of account categories, which are then integrated into the original feature set. The second stage employs a Graph Attention Network (GAT) to examine the node network, capturing behavioral discrepancies between malicious and legitimate accounts. Experimental results show that GasTrace achieves an accuracy of 96.73% and an F1 score of 95.71% in identifying sandwich attack accounts. The framework's contributions include proposing the first GasTrace framework that leverages cascade classification focusing on Gas features, constructing node networks via predicted probabilities, and evaluating GasTrace on a dataset of 1,834 examples. GasTrace is open-sourced for further research and development. The study highlights the effectiveness of the cascade classification approach in detecting sandwich attack malicious accounts, demonstrating its high accuracy and generalization capability. The framework's performance is evaluated using precision, recall, F1 score, and overall accuracy, with GasTrace showing superior performance compared to the first stage alone. The results indicate that GasTrace is an effective solution for detecting sandwich attack malicious accounts in Ethereum.