🏆 Built for the #NansenCLI Mac Mini Challenge (Week 3)
SolSentry is an autonomous blockchain security system for Solana using Artificial Life (ALife) principles. This tool integrates Nansen CLI into SolSentry's threat detection pipeline to investigate the $285M Drift Protocol hack (April 1, 2026).
A Python-based investigation pipeline that:
- Queries Nansen CLI for wallet balances, transactions, related wallets, PnL, and token screening
- Feeds data into SolSentry's risk engine which scores wallets based on behavioral signals
- Generates a threat intelligence report connecting the dots between attacker wallets
Nansen's profiler/related-wallets endpoint confirmed the primary drainer wallet (HkGz4K...) was first funded by the CVT Token Deployer (FnYXwy...) on March 24 — 8 days before the exploit executed. This matches the DPRK playbook of premeditated staging.
| Wallet | Chain | Role | Risk Score |
|---|---|---|---|
HkGz4K... |
Solana | Primary drainer ($270M+) | 🔴 CRITICAL |
0xFcC478... |
Ethereum | ETH consolidation via CCTP | 🟠 HIGH |
FnYXwy... |
Solana | CVT Token Deployer (fake token) | 🔴 CRITICAL |
# FREE endpoints (0 credits each)
nansen search "drift protocol"
nansen search "carbonvote token"
nansen profiler balance --address <wallet> --chain solana
nansen profiler transactions --address <wallet> --chain solana
nansen profiler historical-balances --address <wallet> --chain solana
nansen profiler balance --address <wallet> --chain ethereum
nansen profiler transactions --address <wallet> --chain ethereum
# Paid endpoints
nansen profiler related-wallets --address <wallet> --chain solana # 1 credit
nansen profiler pnl --address <wallet> --chain solana # 1 credit
nansen token screener --chain solana --timeframe 24h # 1 credit
nansen smart-money netflow --chain solana # 5 credits
nansen token holders --token <DRIFT> --chain solana --smart-money # 5 credits
- DUST_REMNANTS — Drainer wallet has multiple tokens but near-zero value (post-drain pattern)
- DISPERSION — Multiple unique senders feeding into consolidation wallet
- DEPLOYER_LINK — Direct funding relationship to CVT Token Deployer confirmed via Nansen
- ABANDONED_HOLDINGS — Attacker left dust positions with -46% unrealized loss (doesn't care)
SolSentry's ALife agents can consume Nansen CLI data to enrich risk scoring:
Scan Pipeline:
Token detected → Stage 1 (fast) → Stage 2 (deep):
→ Nansen profiler/balance (FREE) → holdings snapshot
→ Nansen profiler/related-wallets (1 credit) → deployer links
→ Nansen profiler/pnl (1 credit) → profit patterns
→ SolSentry risk engine → combined score
→ Alert via Telegram bot
The related-wallets endpoint is the most valuable for security — it reveals deployer/funder relationships that expose coordinated attacks before they execute.
# Install dependencies
npm install -g nansen-cli
nansen login --api-key YOUR_KEY
# Run Drift hack investigation
python solsentry_nansen_investigate.py --drift-hack
# Investigate any wallet
python solsentry_nansen_investigate.py <wallet_address> --chain solanaThe tool generates a JSON report (drift_hack_investigation_report.json) containing:
- Risk scores for each investigated wallet
- All Nansen API call logs with timestamps
- Behavioral signals detected by SolSentry's engine
- Key findings and attack chain reconstruction
- SolSentry — ALife-based Solana security system (Python 3)
- Nansen CLI — Onchain intelligence (npm)
- Risk Engine — Behavioral signal detection with multi-source enrichment
SolSentry uses Artificial Life principles — inspired by Conway's Game of Life, Tierra, and Avida — to evolve agents that detect scam tokens, rug pulls, and suspicious on-chain activity on Solana. Currently tracking 2,238+ wallets with 65% prediction accuracy across 3,400+ scans.
- 🤖 30 autonomous agents
- 📊 65 predictions resolved
- 🔍 3,400+ token scans
- 🇧🇷 PT-BR native alerts via Telegram
Author: Crash Diniz | Project: SolSentry
Built with: Nansen CLI + Python | #NansenCLI | @nansen_ai