Overview
coldcases.fun is a real-time blockchain investigation and intelligence platform built on Solana. It aggregates on-chain data, exploit reports, community investigations, and token analytics into a single, unified dashboard.
Think of it as the intersection of a blockchain explorer, a threat intelligence feed, and a community tip line — designed for investigators, traders, and anyone who wants to understand what's really happening on-chain.
How It Works
The platform operates through three layers of data aggregation:
On-chain transaction data is pulled from Solana via Helius RPC. Token metadata, pricing, and volume data comes from Birdeye and DexScreener APIs. This data is cached and normalized in real time.
Raw data is correlated with known exploit patterns, flagged wallet addresses, and community investigation reports. The system tracks wallet connections, fund flows, and suspicious token activity.
Processed intelligence is displayed through the interactive canvas (home), the Scope live feed (WebSocket-powered), and the Explorer search interface. Everything updates in real time with no manual refresh needed.
Key Features
Interactive Investigation Canvas
Drag-and-drop node-based interface showing connected investigations, exploits, articles, and community intel. Animated connector paths visualize relationships between data points.
WebSocket Live Feed
Scope connects via WebSocket to stream new token pairs, price updates, and migration events in real time. No polling — instant updates as they happen on-chain.
Wallet Forensics
Look up any Solana wallet address to see balances, token holdings, and full transaction history. Cross-reference wallets against known exploit addresses and flagged accounts.
Community Tips
Anonymous tip submission system for reporting suspicious activity, potential rug pulls, and insider information. Tips are reviewed and integrated into active investigations.
Investigation Feed
The investigation feed is the centerpiece of the home canvas. It displays active and historical cases in an expandable accordion format, with each entry containing:
- Case ID — unique identifier for the investigation
- Date — when the case was opened or last updated
- Summary — brief description with linked wallet addresses and transaction hashes
- Source Links — references to original reports, Twitter threads, or on-chain evidence
Exploit Tracker
The exploit tracker monitors and catalogues security incidents across the Solana ecosystem. Each exploit entry includes:
- Protocol name and affected smart contracts
- Exploit type — reentrancy, flash loan, access control, rug pull, etc.
- Funds affected — estimated USD value of compromised assets
- Post-mortem links — analysis and remediation details
Scope (Live Tokens)
Scope is a real-time token monitoring dashboard that tracks the lifecycle of Solana tokens from creation to migration. It organizes tokens into three columns:
| Column | Description | Criteria |
|---|---|---|
New Pairs | Recently created token pairs | Bonding curve < 80%, market cap < $55K |
Graduating | Tokens approaching migration threshold | Bonding curve ≥ 80% |
Migrated | Tokens that have moved to AMM liquidity | Market cap ≥ $55K or AMM protocol detected |
Real-Time Updates
Scope connects to a WebSocket server that streams the following event types:
// WebSocket message types
type ScopeMessage =
| { type: "initial_tokens"; tokens: Record<Category, Token[]> }
| { type: "new_token"; token: Token }
| { type: "token_added"; token: Token; category: Category }
| { type: "token_removed"; pairAddress: string }
| { type: "price_update"; pairAddress: string; updates: Partial<Token> }
| { type: "sol_price_update"; solPrice: number }
| { type: "thumbnail_update"; pairAddress: string; thumbnail: string }Token Card Data
Each token card in the Scope feed displays:
- Token ticker and name with clickable link to Solscan
- Price change (5m) — green for positive, red for negative
- Market cap — converted from SOL using live price
- Volume — trading volume in USD
- Buy/sell ratio — visual bar showing transaction sentiment
- Bonding curve progress — percentage toward migration threshold
Solana Explorer
The built-in explorer provides full Solana blockchain search capabilities. Enter any wallet address or transaction signature to look up detailed information.
Network Dashboard
The explorer home displays real-time network analytics:
- TPS — current transactions per second with historical chart
- Block height and current slot number
- Epoch progress — visual progress bar with slot count
- SOL supply — circulating vs total with stake distribution
- Trending tokens — top 24h tokens by volume with price data
Account Lookup
Search for any Solana address to see:
- SOL balance with USD conversion
- SPL token holdings (mint, balance, decimals)
- Transaction history with type, source, timestamp, and fee
Transaction Details
Look up any transaction signature to view:
- Transaction type and human-readable description
- Source program and slot number
- Timestamp and fee (in SOL)
Wallet Forensics
Wallet forensics is the process of tracing fund flows between Solana addresses to identify patterns of suspicious activity. The platform supports:
Balance Analysis
View current SOL and token balances for any address. Compare holdings against known exploit proceeds to identify connected wallets.
Transaction History
Full transaction timeline with enhanced metadata from Helius — type classification, source program identification, and human-readable descriptions.
Cross-Reference
Flagged addresses from active investigations are highlighted when they appear in transaction histories. Connected wallets are mapped for deeper analysis.
Transaction Tracing
Transaction tracing follows the path of funds across multiple hops to build a complete picture of where assets originated and where they ended up.
The platform uses Helius Enhanced Transactions API to provide enriched transaction data including:
- Human-readable transaction descriptions
- Program source identification (Jupiter, Raydium, Orca, etc.)
- Token transfer details with USD value estimates
- Account balance changes per instruction
Token Analysis
Token analysis tools help evaluate the legitimacy and risk profile of Solana tokens. Key indicators monitored by the platform:
| Signal | What It Means | Risk Level |
|---|---|---|
| Sudden large sells after bonding graduation | Insider dumping post-migration | High |
| Concentrated token holdings (>50% in 1-3 wallets) | Potential rug pull risk | High |
| High buy/sell ratio with low unique wallets | Possible wash trading | Medium |
| Rapid bonding curve progression | Organic demand or coordinated buy | Neutral |
| Verified social links and active community | Legitimate project signals | Low |
Submit a Tip
The tip submission system allows anyone to report suspicious on-chain activity anonymously. Tips are reviewed by the community and integrated into active investigations when verified.
How to Submit
Find the tip button on the home page canvas, accessible from the navigation area.
Provide a title, category, and description. Include wallet addresses, transaction signatures, or any on-chain evidence you have.
Upload screenshots, documents, or other files that support your report. Accepted formats: PNG, JPG, PDF.
Tips are submitted without requiring any personal information. Your identity is never collected or stored.
$COLD Token
$COLD is the native token of the coldcases.fun ecosystem on Solana. It serves as the platform's utility and community token.
Architecture
coldcases.fun is built with a modern serverless stack optimized for real-time data delivery:
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | Next.js, React, TypeScript | Server-rendered UI with client-side interactivity |
| Styling | Tailwind CSS, Custom CSS | Responsive design with custom noir aesthetic |
| Data Layer | Upstash Redis (KV) | Caching for API responses and token data |
| RPC | Helius | Solana blockchain data, enhanced transactions |
| Market Data | Birdeye API | Token pricing, trending tokens, volume data |
| Real-Time | WebSocket (Multiplexer) | Live token updates for Scope feed |
Request Flow
Client Request
|
v
Next.js API Route (/api/solana, /api/scope, /api/tips)
|
+---> Upstash Redis Cache (check TTL)
| |
| +---> Cache HIT: return cached data
| |
| +---> Cache MISS:
| |
| v
| Helius RPC / Birdeye API
| |
| v
| Cache response (TTL: 30-120s)
| |
v v
Client <------------ JSON ResponseAPI Reference
The platform exposes internal API routes used by the frontend. These are not intended as a public API but are documented here for transparency.
GET /api/solana
Solana blockchain data endpoint. Supports multiple actions via query parameter.
actionstringrequiredOne of: bootstrap, account, tx. Determines which data to fetch.
addressstringSolana wallet address. Required when action=account.
sigstringTransaction signature. Required when action=tx.
# Fetch network overview + trending tokens
curl https://coldcases.fun/api/solana?action=bootstrap
# Look up a wallet address
curl https://coldcases.fun/api/solana?action=account&address=<WALLET_ADDRESS>
# Look up a transaction
curl https://coldcases.fun/api/solana?action=tx&sig=<TX_SIGNATURE>GET /api/scope
Returns a snapshot of the current Scope feed data including all tracked tokens organized by category (newPairs, finalStretch, migrated), SOL price, and token counts.
POST /api/tips
Submit an anonymous tip. Accepts multipart form data.
titlestringrequiredShort title for the tip.
categorystringrequiredCategory: rug-pull, exploit, insider, wash-trading, other.
descriptionstringrequiredDetailed description with wallet addresses, tx hashes, evidence.
contactstringOptional contact info (Telegram, Twitter, email).
fileFileOptional evidence file (PNG, JPG, PDF). Max 5MB.
Data Sources
coldcases.fun aggregates data from multiple sources to provide comprehensive blockchain intelligence:
| Source | Data Provided | Update Frequency |
|---|---|---|
| Helius RPC | Blocks, transactions, account data, enhanced tx metadata | Real-time (per request) |
| Birdeye API | Token prices, trending tokens (24h), volume, liquidity | ~45s polling |
| WebSocket Feed | New token pairs, price updates, migrations, thumbnails | Real-time (push) |
| Community Tips | Anonymous reports, evidence files, investigation leads | On submission |
| Curated Intel | ZachXBT reports, exploit post-mortems, case summaries | Manual curation |
Socials & Links