Suspicious Wallet Detection

One of Forge’s most important functions is identifying wallets that consistently behave in ways that suggest manipulation, sniping, or malicious intent. Whether it’s a deployer launching rugs, a sniper farming liquidity, or a wallet that front-runs every new coin, Forge is built to detect and surface these actors in real time.

This page explains how suspicious wallet detection works and how you can use it to stay ahead of risky behavior.


What Counts as Suspicious?

Forge doesn’t rely on gut feeling. It uses specific patterns and repeat behaviors to score wallets based on risk. Some examples include:

Sniper Wallets

  • Buys within 1–5 seconds of token creation

  • Always enters with large amounts (10+ SOL)

  • Sells within 3–5 minutes after launch

  • Often avoids LP-rugged tokens

Deployer Wallets

  • Launches 3+ tokens within 24 hours

  • No ownership renounce

  • LP unlocked in all launches

  • History of 0 volume or fast rugs

Exit Farmers

  • Buys a large share of supply

  • Sells to every wave of volume

  • Buys and exits repeatedly across many tokens

  • Connected to wallet clusters using same behavior

Telegram-Linked Front-Runners

  • Joins Telegram groups before a token launch

  • Buys immediately after a post

  • Often linked to dev or KOL circles


What Forge Tracks

Forge agents continuously track wallet-level activity, including:

  • Token buy and sell logs

  • Time between wallet funding and first buy

  • Tokens deployed or interacted with

  • Telegram group joins (if linked)

  • Past wallet flags and risk scores

  • Frequency of activity within short windows

These are not just event logs. They’re combined into behavior profiles with scoring logic.


Example Detection

You ask:

“What’s this wallet 7AuCty3w... been doing?”

Forge replies:

“Wallet 7AuCty3w... entered 11 tokens in the past 6 hours. All buys were within 10 seconds of LP creation. In 9 of those cases, it sold within 3 minutes. Has funded 3 new wallets using same pattern. Risk score: 9/10. Likely sniper farm operation.”

This shows:

  • Consistency of behavior

  • Speed of entry and exit

  • Wallet links and clustering

  • Scoring based on agent-defined thresholds


Wallet Scoring

Forge assigns internal scores to wallets between 1 and 10. You can see this in responses or full profiles:

  • 1–3: Normal behavior

  • 4–6: Possibly bot-controlled or opportunistic

  • 7–8: Repeated risky behavior or manipulation

  • 9–10: Confirmed sniper, rug deployer, or multi-wallet farm

You can also build custom agents to auto-flag any wallet over a certain threshold and take action (like sending a memo, alerting a team, or blacklisting it).


Wallet Clustering

Forge detects wallet clusters using:

  • Shared funding sources

  • Similar timing of trades

  • Deploying the same token sets

  • Repeated buys into the same tokens within seconds

This helps you spot sniper farms or coordinated buyer groups who rotate wallets to stay hidden.


Private Watchlists

You can manually tag wallets:

  • “Likely sniper”

  • “Known deployer”

  • “Blacklist”

  • “Verified community buyer”

These tags persist in your own Forge instance and influence how agents score them in future interactions. You can also share tags across your team or API clients.

Last updated