FundTracer is a professional blockchain forensics and intelligence platform that allows you to analyze wallet addresses, detect Sybil patterns, compare multiple wallets, and trace funding sources across multiple blockchains.

What blockchains are supported?

We support Ethereum, Linea, Arbitrum, Base, Polygon, Optimism, and BSC. Pro and Max users get access to all chains.

Is FundTracer free to use?

Yes! We offer a free tier with 7 analyses every 4 hours. Upgrade to Pro for 25 analyses every 4 hours, or Max for unlimited access.

How do I get started?

Simply click Launch App and start analyzing wallet addresses. No registration required for basic usage. Create an account to access advanced features and save your analysis history.

Security

2026-01-308 min read

How to Detect Coordinated Wallet Activity

Technical deep-dive into methods used to detect coordinated wallet behavior and Sybil attacks.

## Understanding Coordinated Wallet Activity

Coordinated wallet activity occurs when multiple wallets act in concert, whether intentionally (like a trading bot) or maliciously (like a Sybil attack). Detecting this coordination is crucial for security, compliance, and research.

What is Coordinated Activity?

Coordinated activity means multiple wallets displaying synchronized behavior that suggests common control or coordination. This includes:

**Same-block transactions:** Multiple wallets transacting within the same block
**Shared funding sources:** Wallets funded from the same origin
**Similar patterns:** Identical transaction timing, amounts, or destinations
**Group behavior:** Acting together toward a common goal

Why Detect Coordinated Activity?

For Projects

**Prevent Sybil attacks:** Stop fake users from inflating metrics
**Fair airdrops:** Ensure tokens reach genuine users
**Governance integrity:** Protect against vote manipulation

For Investors

**Avoid pump schemes:** Identify coordinated price manipulation
**Due diligence:** Verify legitimate activity before investing
**Risk assessment:** Understand true market dynamics

For Compliance

**AML requirements:** Identify potential money laundering
**Investigation support:** Trace criminal fund flows
**Reporting obligations:** Document suspicious activity

Detection Methods

1. Temporal Analysis

**Same-Block Detection**

The most obvious indicator is multiple transactions in the same block:

Block 15,432,987: - Wallet A -> DEX (0.5 ETH) - Wallet B -> DEX (0.5 ETH) - Wallet C -> DEX (0.5 ETH) - Wallet D -> DEX (0.5 ETH)

This pattern strongly suggests coordination (likely automated).

**Timing Correlation**

Even without same-block activity, wallets with similar transaction timing are suspicious:

Consistent intervals between transactions
Same time of day patterns
Synchronized with external events

2. Funding Analysis

**Common Source Detection**

Wallets funded from the same source are likely related:

Wallet A: funded by 0x1111... Wallet B: funded by 0x1111... Wallet C: funded by 0x1111...

**Funding Pattern Matching**

Similar funding patterns indicate common control:

Same token received from same addresses
Similar funding amounts and timing
Cross-chain funding from same sources

3. Behavioral Clustering

**Transaction Similarity**

Wallets with identical transaction patterns:

Same tokens transferred
Same destination addresses
Similar amounts
Similar frequency

**Contract Interaction Patterns**

Similar DeFi interactions:

Same protocols used
Same transaction types
Similar swap patterns

4. Network Analysis

**Cluster Identification**

Using graph theory to identify connected wallets:

Central nodes connecting multiple wallets
Dense subgraph connections
Bridge wallets linking clusters

5. Machine Learning Approaches

Modern detection uses ML models trained on:

Known Sybil clusters
Labeled training data
Pattern recognition
Anomaly detection

Practical Detection Steps

Step 1: Gather Data

Collect transaction history for all wallets in question.

Step 2: Temporal Analysis

Look for: - Same-block transactions - Timing correlations - Periodic patterns

Step 3: Funding Analysis

Trace fund sources: - Common ancestors - Shared funding patterns - Cross-chain correlations

Step 4: Behavioral Comparison

Compare: - Token holdings - Contract interactions - Transaction types

Step 5: Cluster Formation

Identify groups using: - Graph analysis - Similarity scores - Machine learning

Using FundTracer for Detection

FundTracer provides built-in Sybil detection:

Features

**Cluster analysis:** Identifies related wallets
**Risk scoring:** Quantifies coordination likelihood
**Funding tree:** Visualizes fund flows
**Behavioral comparison:** Side-by-side analysis

How to Use

Enter wallet addresses on fundtracer.xyz
Select Sybil Detection mode
View cluster analysis and risk scores

Try our Sybil Detection documentation for detailed guide.

Red Flags Summary

| Indicator | Risk Level | |-----------|------------| | Same-block transactions | High | | Shared funding source | High | | Identical patterns | High | | Similar timing | Medium | | Common contracts | Medium | | Network connections | Medium |

Conclusion

Detecting coordinated wallet activity requires analyzing multiple dimensions: timing, funding sources, behavior patterns, and network connections. The key is combining multiple detection methods rather than relying on any single indicator.

FundTracers Sybil detection does this automatically, scoring wallets based on multiple factors and identifying clusters of related addresses.

For more on this topic, see our articles on What is Sybil Detection and How Airdrop Farmers Get Caught.