L1
Jito-bundle membership
When the front and back of a sandwich land in the same Jito bundle, the bracket is mechanical, not statistical. Confidence 1.00.
§ 01 / Methodology
Sandwich bots don't leave one fingerprint.
Neither does this scanner.
Each layer trades coverage for confidence. We surface every layer separately so you can read the verdict without trusting the math. L1 is mechanical: same Jito bundle, signer-bracket inverted, confidence 1.00. L4 is statistical: wide same-slot pattern, confirmed actor unknown, marked amber.
Reproducible offline via pnpm harness validate-mined. Every detection persists its layer, confidence, and loss method — no opaque scores.
L2
Same-pool nearest neighbors
Validator-direct attacks bypass Jito. We match same-pool, signer-shared, direction-reversed adjacency at ≥95% sell-through.
L3
Known-bot signers
Same-slot patterns from registered MEV signers in our bot registry. Confirmed actor, suspected attack, marked amber.
L4
Statistical fits
Wide non-bundled brackets gated by five false-positive guards: layer-aware loss thresholds, slippage realism, sell-through floor.
Your slippage isn't bad luck. It was engineered.
— Invisible theft, made visible
§ 02 / Sample scan
What a real verdict
actually looks like.
A wallet you've never heard of, scanned in fifteen seconds. Three confirmed brackets. $247.83 extracted. The attacker, validator, pool, layer, and confidence — all surfaced, all traceable on Solscan.
Fig. 01 · The lifecycle of a forensic scan · sample wallet · 30-day window
§ 03 / Run the scan
The only useful verdict
is the one tied to your wallet.
Paste a Solana address. The scan runs read-only against Helius and our detection pipeline; nothing is signed, nothing is broadcast, nothing leaves your wallet. The first detection lands in seconds.
Paste a wallet.
Read-only forensic scan. Output: attacker, validator, pool, confidence, USD extracted — per detection.
Read-only / no transaction signed