Infrastructure

Comprehensive Pump.Fun Wallet Blacklist - Protect Your Snipe Bot from Rug Pulls

November 25, 2025AllenHark Team

If you've been sniping new tokens on pump.fun, you've likely encountered the same frustrating pattern: a new token launches, you buy in block 0, and within minutes the liquidity disappears. The creator dumps, liquidity is pulled, and you're left holding worthless tokens.

This isn't random bad luck—it's a coordinated strategy by a relatively small group of wallets that repeatedly launch tokens with the sole intent of rugging traders.

The Rug Pull Problem on Pump.Fun

Pump.fun has become the go-to platform for launching meme coins on Solana, but this accessibility has a dark side. Rug pulls are not just common—they're systematic.

Our analysis of pump.fun launches reveals:

  • ~40% of new tokens are launched by wallets with suspicious launch patterns
  • The same wallets repeatedly launch tokens at high frequency
  • Average time to rug: 2-15 minutes after launch
  • High-frequency launchers: Some wallets launch 1+ tokens every 5 minutes (thousands per week)

Traditional on-chain analysis is too slow. By the time you've checked a creator's history, you've already bought the token. You need sub-microsecond wallet validation to skip known scammers before your buy transaction is even submitted.

The Solution: AllenHark Wallet Blacklist

We've compiled a comprehensive blacklist of 4,178+ Solana wallet addresses known for high-frequency token launches on pump.fun. This list is:

  • Actively maintained: Updated daily with newly identified high-frequency launchers
  • Battle-tested: Used in production by snipe bots processing 1000+ tokens/day
  • Performance-optimized: Sub-microsecond lookups using hash-based indexing
  • Open format: Simple JSONL format compatible with any language

Download the Blacklist

📥 Download Latest Blacklist

4,178+ entries | Updated daily | ~420KB

Download blacklist.jsonl

⚡ Download via API: GET https://allenhark.com/blacklist.jsonl | Real-time updates via ZMQ (request access on Discord)

Each entry includes:

{
  "addr": "3DadyvFvwkTTmAyyPnBTkuDu3CxUdDN3WxDNfwjC219L",
  "ts": 1763076072862,
  "hash": "5dc00e16480fa054"
}
  • addr: Solana wallet address
  • ts: Unix timestamp (milliseconds) when added to blacklist
  • hash: Optimized 8-byte hash for ultra-fast lookups

Ultra-Fast Rust Implementation

Speed matters when sniping. You can't afford to waste even microseconds checking blacklists. Our Rust implementation delivers sub-microsecond validation using:

Key Performance Features

  1. Hash-based lookups: O(1) constant-time checks using DashSet
  2. Lock-free reads: Concurrent address validation without mutex contention
  3. LRU caching: In-memory cache for frequently-checked addresses (cache hit = ~2-3ns)
  4. Optimized djb2 hash: Non-cryptographic hash tuned for speed (~5-10ns)

Performance Benchmarks (10,000 addresses)

OperationTimeThroughput
Cold lookup~10-15ns66-100M checks/sec
Hot lookup~2-3ns333-500M checks/sec
Load from disk~50ms200K addresses/sec
Add new address~50-100μs10-20K writes/sec

Integration Example

Here's how to integrate the blacklist into your pump.fun sniper:

use blacklist::Blacklist;

#[tokio::main]
async fn main() -> Result<()> {
    // Initialize blacklist (one-time at startup)
    let mut blacklist = Blacklist::new("./blacklist.jsonl");
    blacklist.load().await?;
    
    println!("✅ Loaded {} blacklisted wallets", blacklist.size());

    // Main snipe loop
    loop {
        // Monitor mempool for new pump.fun tokens
        let new_token = monitor_mempool().await?;
        let creator_wallet = new_token.creator;
        
        // Ultra-fast blacklist check (~10ns)
        if blacklist.has(&creator_wallet) {
            println!("⚠️  SKIP - Known rugger: {}", creator_wallet);
            continue; // Skip this token entirely
        }
        
        // Safe to proceed - creator not on blacklist
        println!("✅ Clean wallet - proceeding with snipe");
        execute_snipe(&new_token).await?;
    }
}

Full implementation available in our blacklist documentation.

Real-World Impact

Since deploying this blacklist, our traders have reported:

  • 60% reduction in rug pull losses
  • ~15% of tokens auto-skipped as blacklisted
  • Zero false positives (no legitimate projects blocked)
  • Sub-millisecond overhead added to snipe decision loop

One trader reported:

"Before using the blacklist, I was getting rugged 2-3 times per day. Now I might see one rug per week, and it's always from a newly created wallet that wasn't in the list yet."

How to Use This in Your Snipe Bot

Step 1: Download the Blacklist

Download blacklist.jsonl to your bot directory.

Step 2: Choose Your Integration

Option A - Rust (Recommended): Use our high-performance Rust implementation
Option B - TypeScript: Parse JSONL and use Set or Map for lookups
Option C - Python: Use pandas or simple JSON parsing

Step 3: Load at Startup

Load the blacklist once when your bot starts. Don't reload on every token check—that's too slow.

Step 4: Check Before Every Buy

if blacklist.has(&token_creator) {
    // Skip this token
    continue;
}

// Proceed with normal snipe logic

Step 5: Optionally Reload Periodically

If you want to pick up new blacklist entries without restarting:

// Reload every 6 hours
tokio::spawn(async move {
    loop {
        tokio::time::sleep(Duration::from_secs(6 * 3600)).await;
        if let Err(e) = blacklist.reload().await {
            eprintln!("Failed to reload blacklist: {}", e);
        }
    }
});

Advanced: Cross-Process Safety

If you're running multiple bot instances or want to add addresses from different processes, the Rust implementation includes file locking:

// Process A: Snipe bot checking addresses
let is_safe = blacklist.has(&wallet); // Read lock (shared)

// Process B: Admin adding new scammer
blacklist.add(&new_scammer).await?; // Write lock (exclusive)

The implementation uses fs2 for cross-process file locking, preventing race conditions and data corruption.

Contributing to the Blacklist

Found a wallet that's clearly rugging? You can add it to your local blacklist:

cargo run --bin add_blacklist -- --address <SCAMMER_WALLET>

We also accept submissions via our Discord server. If you can provide evidence of high-frequency launching patterns, we'll add the wallet to the public blacklist.

API Access (Coming Soon)

We're building an API for real-time blacklist updates:

  • WebSocket stream: Get notified immediately when new scammers are identified
  • REST API: Query wallet reputation scores
  • Bulk lookups: Check multiple addresses in one request

Join the waitlist at allenhark.com

Why This Works

The key insight is that rug pull behaviors cluster around specific wallets. Most scammers:

  1. Create a wallet
  2. Launch 5-20 tokens over 1-2 weeks
  3. Rug them all
  4. Abandon the wallet (or get blacklisted)

By maintaining a list of these known-bad wallets, you can avoid 60-70% of rug pulls without complex on-chain analysis.

The remaining 30-40% are either:

  • Brand new wallets (no history yet)
  • Occasional ruggers who only do it once
  • Sophisticated actors who rotate wallets frequently

For these, you still need other protections (contract analysis, liquidity locks, etc.). But the blacklist eliminates the repeat offenders, which are the majority.

Technical Details

Why Rust?

We chose Rust for the reference implementation because:

  • Zero-cost abstractions: No GC pauses during critical snipe windows
  • Memory safety: No crashes from race conditions or null pointers
  • Performance: Predictable sub-microsecond latency
  • Concurrency: Lock-free data structures (DashSet) for multi-threaded bots

Why Hash-Based Lookups?

Solana addresses are 32-44 character base58 strings. Direct string comparison or HashMap lookups would be slow. Instead, we:

  1. Hash each address to a fixed 16-character hex string (8 bytes)
  2. Store hashes in a DashSet (lock-free hash table)
  3. On lookup, hash the input and check set membership

This reduces lookup from O(n) string comparison to O(1) integer comparison.

File Format Rationale

We use JSONL (JSON Lines) instead of a single JSON array because:

  • Append-friendly: Adding new entries doesn't require rewriting the entire file
  • Streaming: Can process files larger than RAM
  • Line-atomic: Each line is a complete entry (no partial-write corruption)
  • Standard: Works with jq, grep, and other command-line tools

Conclusion

Rug pulls on pump.fun are a systemic problem, but they're also a solvable one. By maintaining a blacklist of known bad actors and integrating sub-microsecond wallet validation into your snipe bot, you can avoid the majority of rug pulls without sacrificing speed.

Download the blacklist and start protecting your trades today. For complete implementation details, see our blacklist documentation.

Blacklist last updated: November 25, 2025 (4,178 entries)
Average daily additions: ~30 new wallets
Historical rug pull detection rate: ~60-70%