Security

Your keys. Your wallet. Your stop button.

Pump.fun Volume Bot is non-custodial by design. Your primary wallet never moves balance other than the initial 2% commission deposit. Sub-wallets are ephemeral and discarded after every session.

Non-custodial architecture

The bot never holds, manages or has signature authority over your primary wallet. The user pays a single 2% commission deposit, and from that deposit the bot derives a pool of ephemeral sub-wallets — small, single-purpose wallets generated specifically for the session.

  • Sub-wallet private keys are generated server-side per session, never derived from user-supplied seed material.
  • Keys are encrypted at rest using authenticated encryption with a session-scoped key.
  • Keys are never exposed in any API response, log line, error message or support reply.
  • After session end, all sub-wallet keys are cryptographically wiped. Residual SOL is aggregated and refunded.

The deposit address shown in Telegram is a session-scoped escrow that fans out to sub-wallets the moment funds confirm. The session-end refund returns the unused balance to the wallet that originally sent the deposit, automatically and in the same block as the stop command.

Anti-MEV trade routing

Every trade is routed through Jito private relays as a sealed bundle with a randomized priority tip. The bundle never enters the public Solana mempool, so:

  • Sandwich bots cannot see the trade and therefore cannot insert against it.
  • Front-running bots cannot race the trade for the same pool tick.
  • Slippage tax from MEV extraction is reduced to noise — typical loss measured in single-digit basis points.

Bundle tips are sampled from a configurable range so the on-chain tip pattern does not signature-fingerprint as a single bot. If a Jito relay degrades, alternate relays take over automatically; trades fail closed and are never silently downgraded to public-mempool routing.

On-chain footprint hygiene

The bot's wallet fleet uses several techniques to keep the on-chain trace from clustering:

  • Poisson-distributed trade timing — no regular cadence for forensics tools to lock onto.
  • Per-transaction key rotation — every trade signed by a different sub-wallet.
  • Block-gap enforcement — trades are spaced across blocks rather than packed.
  • Signature-noise injection — small trade-size and tip variance breaks pattern matching.
  • No address reuse across sessions — the wallet pool is single-use, ever.

The result: even with 10,000+ active sub-wallets, the on-chain graph reads as 10,000 different actors rather than one bot.

No KYC. No PII.

The bot is fully self-serve from a Telegram chat. To use it, you bring an SPL contract address and a Solana wallet — that is the entirety of the input. The bot does not collect, request or store:

  • Real names, addresses or government-ID information
  • Email addresses (other than the optional support inbox)
  • Payment cards or bank credentials
  • Personally identifying device fingerprints

The Telegram account itself is the user identity for billing and session continuity. Telegram itself stores its own metadata — see Telegram's privacy policy for what they retain.

Refund SLA

When you stop a session, the unused portion of the commission is refunded in the same block as the stop command. This is enforced by the refund coordinator that runs alongside the trade engine — refund instructions are pre-signed at session start, so the moment a stop is issued the refund transaction is broadcast atomically with the wallet aggregation.

Reporting a security issue

If you believe you have found a security issue affecting the bot or this site, please email [email protected] with details. We acknowledge serious reports within 24 hours.