Why you check bundles at all
A "bundled" launch is one where the token creator buys a large slice of their own supply at the moment of creation, using multiple wallets submitted in a single Jito bundle — so all the buys land in the exact same block. It makes the holder chart look organic while one person controls the float. When they sell, everyone who bought after them is the exit liquidity.
The scale of the problem is not in dispute: research from Solidus Labs found that roughly 98.6% of tokens launched on pump.fun showed rug-pull or pump-and-dump characteristics. Checking a launch before buying isn't paranoia — it's the baseline.
The tools, reviewed honestly
Trench Radar (trench.bot)
The de-facto standard. Paste a mint, get the percentage of supply bundled at launch, how many wallets did it, and how much they still hold. Fast, free, and the Telegram bot fits the way trench traders actually work.
Bubblemaps V2
The best-known holder visualization on any chain, now with "Magic Nodes" — automatic detection of hidden connections between holder wallets. Integrated into pump.fun and DexScreener, so you may already be using it without knowing.
pump.fun's built-in bubble map
pump.fun added holder bubble maps directly on token pages — a real improvement for casual browsing.
TrenchyBot, Soul Scanner & friends
A whole family of Telegram bots reports deployer supply, first-buyer stats and bundle percentages inline in your group chat.
The pattern they structurally cannot see
Every tool above answers the same question: "who bought in the creation block?" So the counter-move writes itself, and it's now documented practice in launch tooling:
Fund indirectly
Days before launch, the operator funds 5–15 fresh wallets — not from their main wallet, but through intermediaries, exchange withdrawals, or one-hop burner wallets.
Buy late on purpose
At launch, those wallets don't buy in the creation block. They buy seconds to minutes later, mixed in with real traders. No bundle. Clean bubble map. 0% on the bundle checker.
Exit on schedule
Once retail volume arrives, the wallets sell into it — sometimes together, sometimes staggered to stay under the radar of dump alerts.
This is not hypothetical. On-chain research into pump.fun launches documented deployers transferring SOL to "sniper wallets" that buy their own token at launch: over 15,000 SOL in realized profit extracted this way across 15,000+ launches, involving ~4,600 sniper wallets and ~10,400 deployers. The launches look organic on every same-block tool.
What actually catches it: the funding graph
The unbundled launch beats same-block detection, but it can't avoid leaving two other traces on-chain:
- The funding lineage. Those "independent" early buyers were seeded from somewhere. Walk each wallet's SOL inflows back through the chain and coordinated wallets collapse into a small set of shared sources — sometimes the deployer itself, one hop removed.
- The early-buyer record. The first buyers of a token are permanent history. Even after the snipers dump and vanish from the holder list, who bought first and who funded them is still sitting there in the ledger.
That second point matters more than it sounds: a holder-based scanner loses sight of snipers the moment they exit — which is exactly when the damage happens. A funding-graph scan of the first buyers, not just the current top holders, keeps the coordination visible after the fact, with the funding transactions as evidence anyone can verify on Solscan.
This is the layer Cabal-Hunter is built around — to be clear about the bias, it's our product. One scan runs the funding trace on top holders and the token's first buyers, plus same-block bundle detection, live coordinated-dump detection and the deployer's full launch history, and returns one verdict with an on-chain evidence transaction attached to every flag:
# one call, no API key, 250 free scans/month curl "https://api.cabal-hunter.com/api/scan-cabal?mintAddress=<MINT>" # the part no bundle checker returns: "clusters": [{ "type": "early_sniper", "wallet_count": 4, "bought_pct": 11.2, // taken at launch "combined_pct": 0.3, // still holding — they already exited "evidence_txs": ["5Kd9…"] // the funding transactions, verifiable on Solscan }]
The honest comparison
| Detection | Trench Radar | Bubblemaps | pump.fun map | Cabal-Hunter |
|---|---|---|---|---|
| Same-block bundle % | YES — best in class | partial | partial | YES |
| Holder connection graph | no | YES — best in class | basic | clusters, not visual graph |
| Funding-source tracing (multi-hop) | no | links between holders | no | YES, with evidence txs |
| First-buyer trace after snipers exit | shows launch snapshot | no | no | YES |
| Deployer launch history | no | no | no | YES |
| Live coordinated-dump detection | no | no | no | YES |
| One plain-English verdict | bundle % only | visual | visual | YES |
The stack we'd actually run
- Trench Radar for the instant same-block bundle % — it's free and the best at what it does.
- Cabal-Hunter for the funding graph, the first-buyer trace and the deployer's record — the coordination that same-block tools can't see.
- RugCheck for contract-level basics (authorities, LP state) — see our side-by-side of RugCheck, Bubblemaps and Cabal-Hunter.
Three tools, three different questions, ~20 seconds total. A launch that passes all three can still rug — nothing prevents a holder from simply selling — but you've eliminated the launch patterns responsible for most of the losses.