Detect Crypto Snipers and Bundlers: Identify Market Manipulation
Every day, thousands of new tokens launch across Solana, Base, Ethereum, and dozens of other chains. Within seconds of launch, sniper bots sweep the initial supply. Within minutes, bundlers offload their bags on retail traders. The result? Regular users get rug-pulled while insiders profit.
This guide shows you how to detect these manipulation patterns programmatically and protect your users.
The Sniper and Bundler Problem
What Are Sniper Bots?
Snipers are automated systems that buy tokens the moment liquidity is added. They exploit:
- Block positioning: Transactions in the same block as the liquidity add
- Private mempools: Bypassing public mempool visibility
- Bribe mechanisms: Paying validators for priority inclusion
On Solana, snipers use Jito bundles to land transactions atomically. On EVM chains, they use private transaction pools like Flashbots.
What Are Bundlers?
Bundlers are wallets that receive tokens from the same funding source, buy in coordinated patterns, and sell together. They create artificial volume and price action to lure retail into buying before they dump.
A typical bundler operation:
- Deployer funds 50+ wallets from a single source
- All wallets buy within seconds of launch
- Coordinated social media hype begins
- Retail FOMO drives price up
- Bundlers sell simultaneously, crashing the price
How Detection Works
Sniper Detection Signals
Mobula's detection algorithm analyzes multiple signals:
Block Position Analysis
- Transactions in block 0 or 1 after liquidity add
- Buy timestamps within milliseconds of pool creation
- Wallets that only interact with new launches
Funding Pattern Analysis
- Wallets funded from same source as deployer
- Funding transactions in same block as launch
- CEX withdrawals that match launch timing
Bundler Detection Signals
Address Clustering
- Multiple wallets funded from single source
- Same timestamp for funding transactions
- Similar buy amounts across wallets
Using the Mobula Detection API
Check Token Holders for Snipers
curl -X GET "https://api.mobula.io/api/1/market/holders" \\
-H "Authorization: YOUR_API_KEY" \\
-G \\
-d "blockchain=solana" \\
-d "asset=So11111111111111111111111111111111111111112"
Response includes holder labels:
{
"data": {
"holders": [
{
"address": "ABC123...",
"balance": 50000000,
"percentage": 5.2,
"labels": ["sniper", "high_frequency"],
"risk_score": 85
}
],
"sniper_count": 12,
"bundle_count": 8,
"risk_level": "high"
}
}
Holder Labels Explained
| Label | Meaning | Risk |
|---|---|---|
sniper |
Bought in first blocks after launch | High |
bundled |
Part of coordinated buying group | High |
dev |
Connected to token deployer | Medium |
insider |
Received tokens before public launch | High |
whale |
Large holder, not necessarily malicious | Low |
retail |
Normal user, no suspicious patterns | Low |
Building a Launch Scanner
Here's a complete example for detecting suspicious launches:
const MOBULA_API = 'https://api.mobula.io/api/1';
const API_KEY = 'YOUR_API_KEY';
async function analyzeTokenLaunch(mint) {
const holders = await fetch(
`${MOBULA_API}/market/holders?blockchain=solana&asset=${mint}`,
{ headers: { 'Authorization': API_KEY } }
).then(r => r.json());
const { sniper_count, bundle_count, risk_level, holders: holderList } = holders.data;
const sniperPercentage = holderList
.filter(h => h.labels.includes('sniper'))
.reduce((sum, h) => sum + h.percentage, 0);
return {
risk_level,
risk_score: calculateRisk(sniper_count, bundle_count, sniperPercentage),
snipers: { count: sniper_count, supply_percentage: sniperPercentage.toFixed(2) }
};
}
Best Practices
For DEX Operators
- Screen before listing: Don't list tokens with >30% sniper ownership
- Monitor continuously: Manipulation can evolve after launch
- Warn users: Display risk scores prominently
For Traders
- Check before buying: Use detection tools on every new token
- Avoid high-risk launches: Risk score >70 = likely dump
- Use stop-losses: Snipers dump fast
Getting Started
- Get your API key: Sign up at admin.mobula.io
- Read the docs: Detection endpoints at docs.mobula.io
- Test with real tokens: Try the holder analysis endpoint
The free tier includes 10,000 API calls per month and access to all detection features.
Conclusion
Sniper and bundler detection is no longer optional for serious crypto platforms. Users expect protection from manipulation, and platforms that provide it gain trust and retention.
Mobula's detection endpoints make this integration straightforward. The hard work of pattern recognition and address clustering is handled by the API—you just need to call it.
Ready to protect your users? Get your API key at admin.mobula.io and check out the detection documentation for more details.
Top comments (0)