Original Author: Pine Analytics
Original Translation: GaryMa Wu Blockchain
Abstract
This report investigates a prevalent and highly coordinated meme token farming mode on Solana: token deployers transfer SOL to "sniper wallets", enabling these wallets to buy the token within the same block of token launch. By focusing on a clear, provable fund chain between deployers and snipers, we have identified a set of high-confidence extraction behaviors.
Our analysis shows that this strategy is neither a sporadic occurrence nor a marginal behavior - in just the past month, over 15,000 SOL of realized profits were extracted from more than 15,000 token launches, involving over 4,600 sniper wallets and 10,400 deployers. These wallets exhibit an abnormally high success rate (87% of snipers profitable), clean exit methods, and structured operational patterns.
Key Findings:
· Deployer-funded sniping is systematic, profitable, and often automated, with sniper activities most concentrated during US working hours.
· Multi-wallet farming structures are very common, frequently using temporary wallets and coordinated exits to simulate genuine demand.
· Obfuscation methods are continuously evolving, such as multi-hop fund chains and multi-signature sniper transactions, to evade detection.
· Despite limitations, our single-hop fund filter can still capture the clearest, most replicable large-scale "insider" behavior cases.
· The report proposes an actionable heuristic approach to help protocol teams and frontends identify, tag, and respond to such activities in real-time - including tracking early position concentration, tagging deployer-associated wallets, and issuing frontend warnings to users in high-risk launches.
Although our analysis only covers a subset of same-block sniping behaviors, its scale, structure, and profitability indicate that Solana token launches are actively manipulated by a coordinated network, with existing defenses far from sufficient.
Discovery
Focusing on the subset of "same-block sniping + direct funding chain", we reveal a widespread, structured, and highly profitable on-chain collaborative behavior. All data below covers from March 15th to date:
1. Same-block sniping funded by deployers is common and systematic
a. In the past month, 15,000+ tokens were directly sniped by funded wallets in the launch block;
b. Involving 4,600+ sniping wallets and 10,400+ deployers;
c. Accounting for approximately 1.75% of pump.fun's issuance.
2. This behavior is highly profitable
a. Directly funded sniping wallets have realized net profits > 15,000 SOL;
b. Sniping success rate of 87%, with very few failed transactions;
c. Typical wallet earnings of 1-100 SOL, with some exceeding 500 SOL.
3. Repeated deployments and sniping point to farming networks
a. Many deployers use new wallets to batch create dozens to hundreds of tokens;
b. Some sniping wallets execute hundreds of sniping in a single day;
c. Observed a "center-radiation" structure: one wallet funds multiple sniping wallets, all sniping the same token.
4. Sniping shows a human-centered time pattern
a. Active peak from UTC 14:00 - 23:00; almost stagnant from UTC 00:00 - 08:00;
b. Aligning with US working hours, indicating manual/cron-triggered timing, rather than fully automated 24/7.
5. One-time wallets and multi-sig transactions obscure ownership
a. Deployers simultaneously fund multiple wallets and sign sniping in the same transaction;
b. These burn wallets never sign any transactions afterward;
c. Deployers split initial purchases into 2-4 wallets to disguise real demand.
Exit Behavior
To deeply understand how these wallets exit, we break down the data along two behavioral dimensions:
1. Exit Timing - Time from first purchase to final sell;
2. Swap Count - Number of independent sell transactions used for exit.
Data Conclusions
1. Exit Speed
a. 55% of sniping fully sold within 1 minute;
b. 85% liquidated within 5 minutes;
c. 11% completed within 15 seconds.
2. Sell Count
a. Over 90% of sniping wallets exit using only 1-2 sell orders;
b. Rarely use progressive selling.
3. Profit Trend
a. Most profitable are
b. Longer holding or multiple sells, while slightly higher average profit per instance, are extremely few and contribute little to total profit.
Explanation
These patterns indicate: Deployer-funded sniping is not a trading behavior, but an automated, low-risk extraction strategy:
· Front-run purchase → Quick sell-off → Complete exit.
· Single sell order shows no concern for price fluctuation, only exploiting initial advantage to dump.
· Few more complex exit strategies are just exceptions, not mainstream.
Actionable Insights
The following suggestions aim to help protocol teams, frontend developers, and researchers identify and address extraction or collaborative token issuance patterns by converting observed behaviors into heuristics, filters, and warnings to increase user transparency and reduce risks.
Conclusion
This report reveals a continuous, structured, and highly profitable Solana token issuance extraction strategy: deployer-funded same-block sniping. By tracking direct SOL transfers from deployers to sniping wallets, we identified an insider-style behavior that leverages Solana's high-throughput architecture for collaborative extraction.
Although this method only captures part of same-block sniping, its scale and patterns indicate: this is not scattered speculation, but an operation with privileged positioning, a repeatable system, and clear intent. The strategy's significance lies in:
1. Distorting early market signals, making tokens appear more attractive or competitive;
2. Endangering retail investors - who unknowingly become exit liquidity;
3. Undermining trust in open token issuance, especially on platforms like pump.fun that pursue speed and ease of use.
Mitigating this issue requires more than passive defense, including better heuristics, frontend warnings, protocol-level guardrails, and continuous mapping and monitoring of collaborative behaviors. Detection tools exist - the question is whether the ecosystem is willing to truly apply them.
This report takes the first step: providing a reliable, reproducible filter to identify the most obvious collaborative behaviors. But this is just the beginning. The real challenge is detecting highly obfuscated, constantly evolving strategies and building an on-chain culture that rewards transparency rather than extraction.
