LogoLogo
  • 📘Introduction
    • What is Forge?
    • Why We Built Forge
  • 🧠How Forge Works
    • Core Architecture
    • Agent System Overview
  • Model Context Protocol (MCP)
  • On-Chain Data Indexing
  • AI Query Handling
  • ⚙️Using Forge
    • Setting Up Forge
    • How to Ask Questions
  • Supported Use Cases
  • Interacting with Agents
  • Limitations and Data Scope
  • 🛠️Advanced Features
    • Agent Personalities and Prompt Logic
  • Creating Custom Agents
  • Integrating External APIs
  • Running Multi-Agent Workflows
  • Token Behavior Tracking
  • Suspicious Wallet Detection
  • 📀Forge Modules
    • Liquidity Pool Scanner
  • LP Burner Tracker
  • Telegram Sniper Detector
  • Contract Creator Profiler
  • Whale Movement Watcher
  • ⚙️Developer Tools
    • Custom Prompt Engineering
  • 📃Appendix
    • Glossary
    • Security and Privacy
    • Roadmap and Vision
Powered by GitBook
On this page
  • What Counts as Suspicious?
  • What Forge Tracks
  • Example Detection
  • Wallet Scoring
  • Wallet Clustering
  • Private Watchlists
Export as PDF

Suspicious Wallet Detection

One of Forge’s most important functions is identifying wallets that consistently behave in ways that suggest manipulation, sniping, or malicious intent. Whether it’s a deployer launching rugs, a sniper farming liquidity, or a wallet that front-runs every new coin, Forge is built to detect and surface these actors in real time.

This page explains how suspicious wallet detection works and how you can use it to stay ahead of risky behavior.

What Counts as Suspicious?

Forge doesn’t rely on gut feeling. It uses specific patterns and repeat behaviors to score wallets based on risk. Some examples include:

Sniper Wallets

  • Buys within 1–5 seconds of token creation

  • Always enters with large amounts (10+ SOL)

  • Sells within 3–5 minutes after launch

  • Often avoids LP-rugged tokens

Deployer Wallets

  • Launches 3+ tokens within 24 hours

  • No ownership renounce

  • LP unlocked in all launches

  • History of 0 volume or fast rugs

Exit Farmers

  • Buys a large share of supply

  • Sells to every wave of volume

  • Buys and exits repeatedly across many tokens

  • Connected to wallet clusters using same behavior

Telegram-Linked Front-Runners

  • Joins Telegram groups before a token launch

  • Buys immediately after a post

  • Often linked to dev or KOL circles

What Forge Tracks

Forge agents continuously track wallet-level activity, including:

  • Token buy and sell logs

  • Time between wallet funding and first buy

  • Tokens deployed or interacted with

  • Telegram group joins (if linked)

  • Past wallet flags and risk scores

  • Frequency of activity within short windows

These are not just event logs. They’re combined into behavior profiles with scoring logic.

Example Detection

You ask:

“What’s this wallet 7AuCty3w... been doing?”

Forge replies:

“Wallet 7AuCty3w... entered 11 tokens in the past 6 hours. All buys were within 10 seconds of LP creation. In 9 of those cases, it sold within 3 minutes. Has funded 3 new wallets using same pattern. Risk score: 9/10. Likely sniper farm operation.”

This shows:

  • Consistency of behavior

  • Speed of entry and exit

  • Wallet links and clustering

  • Scoring based on agent-defined thresholds

Wallet Scoring

Forge assigns internal scores to wallets between 1 and 10. You can see this in responses or full profiles:

  • 1–3: Normal behavior

  • 4–6: Possibly bot-controlled or opportunistic

  • 7–8: Repeated risky behavior or manipulation

  • 9–10: Confirmed sniper, rug deployer, or multi-wallet farm

You can also build custom agents to auto-flag any wallet over a certain threshold and take action (like sending a memo, alerting a team, or blacklisting it).

Wallet Clustering

Forge detects wallet clusters using:

  • Shared funding sources

  • Similar timing of trades

  • Deploying the same token sets

  • Repeated buys into the same tokens within seconds

This helps you spot sniper farms or coordinated buyer groups who rotate wallets to stay hidden.

Private Watchlists

You can manually tag wallets:

  • “Likely sniper”

  • “Known deployer”

  • “Blacklist”

  • “Verified community buyer”

These tags persist in your own Forge instance and influence how agents score them in future interactions. You can also share tags across your team or API clients.

PreviousToken Behavior TrackingNextLiquidity Pool Scanner

Last updated 12 days ago