A Solana token presale collapsed after a bot farm used over 1,000 wallets to grab nearly all tokens. Here’s how the attack unfolded
A Solana presale erupted into controversy after a bot-driven wallet swarm grabbed nearly the entire Wet token supply in a matter of seconds.
Organizers were forced to pause the launch, apologise to buyers, and set up a new plan to make sure real users are included.
The incident raised urgent worries about presale structures, wallet screening and the influence of automated networks in early token events.
Sniper Attack Seizes Nearly All Tokens
The Wet presale took place on Jupiter, a Solana-based aggregator that often hosts high-demand launches. Rather than a fair rush from regular buyers, the sale lasted only moments.
A swarm of new wallets appeared at the exact time of the launch, each funded in the same pattern. Organisers later confirmed that a single actor took hold of almost the entire supply by spreading funds across more than 1,000 wallets.
Some real dry shit happened today.
Humidifi started 6 months ago from nothing, straight from the trenches of DeFi 1.0.
In those 6 months, for SOL-USD, we started quoting tighter and doing more volume than Binance. We did not kiss any ass or bend the knee to anyone. We started…
— HumidiFi (@humidifi) December 5, 2025
HumidiFi, the team behind the presale acted fast once the issue became clear. The team halted the entire launch, announced a replacement token, and promised to reward verified buyers who tried to participate.
This being said, the attacker will receive nothing from the new distribution plan.
Bubblemaps Traces Over 1,000 Wallets to One Controller
Bubblemaps stepped into the chaos with a detailed breakdown of the wallets that joined the sale.
Their platform pointed out a massive group of wallets that shared matching patterns. Out of 1,530 wallets, about 1,100 showed nearly the same behavior.
These wallets appeared at the same time, held similar Solana amounts, had no past activity and received funding from a small group of source wallets.
good news: the $WET presale was very hyped and a lot of people wanted to get in.
bad news: just a few botters were able to use bundled txns to snipe a substantial amount of the supply in seconds.
good news: after discussing with the @humidifi team, we’re going to find a…
— Jupiter (🐱, 🐐) (@JupiterExchange) December 4, 2025
According to Bubblemaps, funds moved from exchange accounts to a cluster of wallets that then spread tokens to thousands of empty addresses. This created the illusion of wide participation, even though one actor controlled almost everything.
The team also said one wallet cluster slipped and exposed links to a Twitter user known as “Ramarxyz,” who later posted online asking for a refund.
This detail helped confirm that the sale had not been compromised by a random glitch but by a deliberate wallet-flooding scheme.
Related Reading: Upbit Hack: Upbit to Resume Crypto Transfers After $37M Solana Hack
Recent Sybil Attacks Show a Growing Pattern
This event was not isolated. Several token launches across November showed similar wallet flooding patterns.
One actor captured a large share of aPriori’s airdrop. Another cluster tied to Edel Finance grabbed a large portion of their own supply, even though the team denied wrongdoing and said the tokens moved to a vesting contract.
These events point toward a rise in automated strategies designed to game new releases.
For context, a Sybil attack happens when one person acts through many wallets. This kind of attack has become far easier thanks to faster chains and cheap transaction costs on the Solana network.
In all, this creates pressure on teams to use stronger defense systems before and diring airdrops.
HumidiFi’s upcoming sale will likely face strong attention as buyers watch for proof that the fixes worked.