Blog

On-chain research & trader education
On-chain analysis · 8 min read

How to spot multi-wallet schemes — the bundling pattern scanners miss

A token's top holder is 0.4%. The next is 0.4%. The next is 0.4%. Every automated scanner says "distributed supply, looks healthy." You ape in. The chart goes vertical, then dies in a single 90-second candle. You exit at -70%. That's not bad luck. That's a multi-wallet scheme — the most sophisticated bundling pattern in the game right now, and the one most retail buyers can't see.

Why this scheme even exists

Bundling — where a deployer or insider buys a large chunk of supply at launch — used to be obvious. One wallet would hold 30%, another 15%, another 10%. RugCheck and similar scanners would flag the token red. Smart traders would skip. The scheme didn't work for long.

So sophisticated actors started splitting that same 30%–40% across hundreds of wallets. Now each individual wallet holds 0.2–0.5%, scanners see "distributed supply," retail thinks they're holding alongside a wide community of small believers, and the deployer can dump methodically without ever showing a single dominant holder.

The retail buyer is the exit liquidity. They just don't know it because the on-chain surface metrics lie.

The six tells

Multi-wallet schemes leave fingerprints. Once you know what to look for, you can verify any token in about 60 seconds. Here are the six patterns that show up almost every time, in rough order of how reliable each one is:

1. Synchronized buying at launch

Multiple wallets buying within the same block — or within a few seconds — at token launch. Real organic interest is messy. Different people see the token at different times, hesitate different amounts, decide differently. They don't buy in a coordinated 3-second window across 50 wallets.

On Solana, blocks are sub-second. If 30+ wallets executed buys in the first 2 blocks of a token's life, it's not 30 different excited humans — it's a script.

2. Common funding source

This is the one that catches almost every scheme. Real holders fund their wallets from CEXs (Coinbase, Binance, MEXC), other wallets they've been using for months, or other tokens they sold. Bundlers fund their wallets from a single source — either the deployer's main wallet directly, or a chain of intermediary wallets that all trace back to one.

How to check: open Solscan, click any holder wallet, look at "Funded by." If 30+ "different" holders received their initial SOL from the same wallet (or a series of mixers ending at the same source), you're not looking at a community. You're looking at one person and their burner army.

3. Suspicious uniformity

Real buyers buy weird amounts. Someone enters with 0.347 SOL because that's what they had left. Someone else does 1.2 SOL because that's their standard size. Another buys 0.05 SOL just to "see what happens." The distribution of buy sizes is naturally random.

Bundlers script their buys. So you'll see 50 wallets all buying exactly 0.5 SOL, or every wallet hitting a clean 1.0 SOL purchase. Uniformity isn't always bundling — but uniformity combined with #1 (synchronized buys) and #2 (common funding) is bundling 99% of the time.

4. Coordinated selling

This is the dump phase, and it's the most actionable signal because by the time you see it, the trade is dying. Watch the holder activity in the first few green candles after a token starts pumping. If a cluster of small wallets sells in the same 60–120-second window, those wallets are coordinated — same actor distributing through them.

DEX Screener's transaction tab shows this clearly. If you see 8 small sells from "different" wallets all hitting in a tight time band, exit. The deployer is taking profits and your bag is about to get heavier.

5. Fresh wallets with no history

Real holders have lives on-chain. They've traded other tokens. They've held SOL for months. They've moved between wallets. Their address has activity going back further than the token in question.

Burner wallets used in bundles are usually created hours before launch, fund themselves once, buy the token once, and have no other activity ever. If you click 10 different "holders" on Solscan and 8 of them were created the day of the launch and have done nothing else, it's the same actor.

6. Holder count vs. market cap mismatch

The macro version of all the patterns above. A healthy organic token at $1M market cap typically has 3,000–6,000 holders, distributed across a long tail of tiny wallets all funded from random sources, with varying activity histories.

A bundled $1M MC token might have only 200 "holders" — and the top 50 of those are all small, similar-sized wallets funded from the same source, all created the day of launch. The MC and the holder profile don't match. That mismatch is the bundle.

The 60-second verification

Here's the workflow that catches 90% of multi-wallet schemes in under a minute:

  1. Run the contract through Degen Desk Token Analysis. It auto-checks for synchronized buys, common funding patterns, and the holder/MC mismatch. Most cases are settled here.
  2. If Token Analysis flags suspicion, cross-check on Solscan. Open the top 20 holders. Click the first 5–10. Look at "Funded by." If multiple trace back to the same source, it's confirmed.
  3. If still unsure, check holder activity history. Wallets created the day of launch with nothing but this one token = burners. Real holders have on-chain history that predates the token.
  4. Look at the chart's first green candle. If a cluster of small wallets sold in the same 60-second window during the first run-up, the dump phase is already starting.

What to do when you spot one

Three answers depending on where you are:

The honest part: scanners can be fooled

Sophisticated bundlers know what scanners look for, and they engineer their schemes to evade detection. Mixing services, time-staggered funding (where intermediary wallets sit dormant for weeks before being used), and complex chains of ownership across multiple identities can defeat any single tool — including ours.

That's why the manual checks above still matter. Token Analysis catches 80–90% of schemes automatically because most bundlers are lazy. The ones that escape automated detection usually still have one tell visible in the holder distribution or activity history if you look. The default assumption on any low-cap launch should be "this is bundled until proven otherwise" — exceptions need real evidence, not hope.

Why we publish this

Multi-wallet schemes are predatory. They prey on retail buyers who don't know what to look for. The asymmetry between the bundler (who has perfect information about the token's supply) and the buyer (who has only the on-chain surface) is the entire reason these schemes work. Flatten that asymmetry and the scheme stops working.

Degen Desk's whole product premise is making this kind of analysis accessible to people who'd otherwise be exit liquidity. Token Analysis Pro automates 90% of these checks. The remaining 10% — the manual verification on Solscan, the chart-reading discipline, the willingness to skip a "hot" trade because something looks off — those are skills that come from understanding what bundlers actually do.

Now you do.

Run any token through Token Analysis

Paste any Solana CA. AI-synthesized risk verdict in 15 seconds — including auto-detection of multi-wallet patterns, common funding sources, and the holder/MC mismatch flagged here.

Open Token Analysis →

Nothing in this post is financial advice. The frameworks above are heuristics for identifying common manipulation patterns — they don't catch every scheme, and a "clean" verification doesn't guarantee a good trade. Sophisticated actors evolve faster than any single tool. Always combine on-chain analysis with chart structure, narrative quality, and your own risk management. Never invest more than you can afford to lose.