Survey Report on Meme Token Farming Model on Solana

Summary

This report investigates a common and highly coordinated meme Token farming model on Solana: Token deployers transfer SOL to "sniper wallets," enabling these wallets to purchase the Token within the same block when the Token goes live. By focusing on the clear and provable flow of funds between deployers and snipers, we have identified a set of high-confidence extraction behaviors.

Analysis shows that this strategy is not an occasional phenomenon or marginal behavior. In just the past month, over 15,000 SOL in realized profits have been extracted through this method from more than 15,000 token issuances, involving over 4,600 sniper wallets and more than 10,400 deployers. These wallets exhibit an unusually high success rate of (87% for sniper profits ), a clean exit strategy, and a structured operational pattern.

Key Findings:

• Deployers funded sniping is systematic, profitable, and usually automated, with sniping activities being most concentrated during U.S. working hours.
• The multi-wallet farming structure is very common, often using temporary wallets and collaborative withdrawals to simulate real demand.
• The means of obfuscation are constantly evolving, such as multi-hop funding chains and multi-signature sniper transactions, to evade detection.
• Despite its limitations, our jump funding filter can still capture the clearest and most repeatable large-scale "insider" behavior cases.
• This report presents a set of actionable heuristic methods to help identify, label, and respond to such activities in real-time— including tracking early holding concentration, tagging associated wallets of deployers, and alerting users during high-risk issuances.

Although the analysis only covers a subset of block sniping behavior in the same area, its scale, structure, and profitability indicate that the issuance of Solana tokens is being actively manipulated by a collaborative network, while existing defenses are far from sufficient.

Methodology

This analysis aims to identify the behavior of collaborative meme Token farming on Solana, particularly the situation where deployers provide funds to sniper wallets at the same block when the Token goes live. We divide the problem into the following stages:

1. Filter same block sniping
2. Identify the wallet associated with the deployer
3. Link Sniping with Token Profits
4. Measure Scale and Wallet Behavior
5. Machine Activity Traces
6. Exit Behavior Analysis

Focus on the clearest threats

We first measured the scale of block sniping on token issuance platforms, and the results were shocking: over 50% of tokens are sniped at the moment of block creation—block sniping has shifted from a fringe case to a dominant issuance model.

To reduce false positives and highlight true collaborative behavior, we have implemented strict filtering in the final metrics: only counting direct SOL transfers between the deployer before going live and the sniper wallet. This allows us to confidently identify: wallets directly controlled by the deployer; wallets acting under the deployer's directive; wallets with internal channels.

Case Study 1: Direct Funding

The deployer wallet sends a total of 1.2 SOL to 3 different wallets, then deploys a token named SOL > BNB. The 3 funded wallets complete the rush to purchase within the same block as the token creation, ahead of broader market visibility. Subsequently, they quickly sell for profit, executing a coordinated flash exit. This is a textbook example of pre-funded sniper wallets farming tokens, directly captured by our capital chain approach. Despite the simplicity of the method, it has been played out on a large scale across thousands of issuances.

Case Study 2: Multi-Hop Funding

A certain wallet is related to multiple Token sniper activities. This entity did not directly fund the sniper wallet, but transferred SOL through 5-7 intermediary wallets to the final sniper wallet, thus completing the sniping in the same block.

Our existing method only detects some preliminary transfers from the deployer, failing to capture the entire chain leading to the final target wallet. These relay wallets are often "single-use", only used to transfer SOL, making it difficult to associate them through simple queries. This gap is not a design flaw, but a trade-off of computational resources—tracking multi-hop funding paths in large-scale data is feasible, but comes with significant overhead. Therefore, the current implementation prioritizes high-confidence, direct links to maintain clarity and reproducibility.

Discover

Focusing on the subset of "same block sniping + direct capital chain", we reveal a widespread, structured, and highly profitable on-chain collaborative behavior. The following data covers from March 15 to the present:

1. Sniping funded by deployers in the same block is very common and systematic.

• Over the past month, more than 15,000 tokens were directly targeted by funding wallets upon listing on the blockchain.
• Involving over 4,600 sniper wallets and over 10,400 deployers
• The issuance volume of a certain Token issuance platform is approximately 1.75%

2. This behavior is highly profitable

• Direct investment in sniper wallet has achieved a net profit of > 15,000 SOL
• Sniping success rate 87%, very few failed trades.
• Typical earnings for a single wallet are 1-100 SOL, with a few exceeding 500 SOL.

3. Repeated deployment and targeting the brush farming network

• Many deployers use new wallets to create dozens to hundreds of Tokens in bulk.
• Some sniping wallets execute hundreds of snipes in a single day.
• Observed a "center-radiation" structure: one wallet funds multiple sniper wallets, all targeting the same Token.

4. Sniping presents a human-centered time pattern

• The active peak is from UTC 14:00 to 23:00; almost at a standstill from UTC 00:00 to 08:00.
• Fits the working hours in the U.S., indicating that it is triggered manually/cron scheduled, rather than being fully automated 24 hours globally.

5. Confusing ownership between single-use wallets and multi-signature transactions

• The deployer injects funds from several wallets simultaneously and signs the ambush in the same transaction.
• These burned wallets will no longer sign any transactions.
• The deployer splits the initial purchase into 2-4 wallets to disguise real demand.

Exit Behavior

To gain a deeper understanding of how these wallets exit, we analyze the data along two major behavioral dimensions:

1. Exit Speed ( Exit Timing )——from the first purchase to the final sale time
2. 卖出笔数(Swap Count)——退出所用独立卖出交易数量

Data Conclusion

1. Exit speed

• 55% of the sniper was sold out within 1 minute.
• 85% liquidated within 5 minutes
• 11% completed within 15 seconds

2. Number of Trades

• Over 90% of sniper wallets only exit with 1-2 sell orders.
• Rarely adopt progressive selling

3. Profit Trend

• The most profitable is the wallet that exits in <1 minute, followed by <5 minutes.
• Holding for a longer period or selling multiple times may yield slightly higher average profit per transaction, but the quantity is very small, contributing limitedly to the total profit.

These patterns indicate that the sniper funded by the deployer is not a trading activity, but rather an automated, low-risk extraction strategy:

• Buy early → Sell quickly → Exit completely
• A single sell represents a complete disregard for price fluctuations, solely taking advantage of the opportunity to dump.
• A few more complex exit strategies are just exceptions, non-mainstream models.

Conclusion

This report reveals a continuous, structured, and high-profit Solana Token issuance extraction strategy: deployer-funded block sniper. By tracking the direct SOL transfers from the deployer to the sniper wallet, we have identified a batch of insider-style behaviors, utilizing Solana's high-throughput architecture for coordinated extraction.

Although this method only captures part of the block sniping, its scale and pattern indicate that this is not random speculation, but rather operators with privileged positions, repeatable systems, and clear intentions. The importance of this strategy is reflected in:

1. Distort early market signals to make the token seem more attractive or competitive.
2. Endangering retail investors - they become exit liquidity without knowing.
3. Weaken the trust in open token issuance, especially in token issuance platforms that pursue speed and ease of use.

To mitigate this issue, what is needed is not only passive defense, but also better heuristics, front-end early warning, protocol-level safeguards, and ongoing efforts to map and monitor collaborative behaviors. Detection tools already exist—the problem lies in whether the ecosystem is truly willing to apply them.

This report takes the first step: it provides a reliable, reproducible filter to lock in the most obvious collaborative behaviors. But this is just the beginning. The real challenge lies in detecting highly obfuscated, ever-evolving strategies and building an on-chain culture that rewards transparency rather than extraction.