π¨ GRLF SMT Post-Launch Security Report
π’ OTCM Protocol, Inc.
π
December 2025
π Classification: Internal Security Report
π 1. Executive Summary
The GRLF (Green Leaf) Security Meme Token launch on December 3, 2025 was targeted by a coordinated bot and sniper attack that extracted value from the community within hours of launch. Additionally, 6 copycat tokens were deployed on competing platforms to deceive investors. Despite these attacks, 97% of presale buyers demonstrated diamond hands and continued holdingβproving the strength of the OTCM community.
This report analyzes the bot/sniper activity, documents the copycat proliferation, celebrates the loyal presale holders, and demonstrates why OTCM's own Layer 2 infrastructure is essential to prevent these attacks.
πͺ Token Details
Attribute | Value |
|---|---|
π·οΈ Token Name | GRLF (Green Leaf) |
π Mint Address |
|
βοΈ Program | SPL Token-2022 |
π° Total Supply | 1,000,000,000 GRLF |
π’ Decimals | 9 |
π Created | 2025-12-01 19:58:21 UTC |
π Incident Overview
Metric | Value | Status |
|---|---|---|
π Price Crash | -93.69% | π΄ Critical |
π€ Bot/Sniper Transactions | 34+ | π΄ Coordinated Attack |
π Copycat Tokens | 6 | π΄ Fraud |
π₯ Presale Buyers | 66 | β Protected |
π Presale Holders (HODL) | 97% | β Diamond Hands |
π΄ Presale Sellers | 3% | Only 2 wallets |
π€ 2. Bot & Sniper Attack Analysis
2.1 π Human vs Bot Activity
Category | Transactions | % of Activity | Tokens Moved | Impact |
|---|---|---|---|---|
π€ Bots & Snipers | 34+ | 85% | 25,000,000+ | π΄ Value Extraction |
π₯ Human Traders | 6 | 15% | ~3,500,000 | π‘ Organic Activity |
TOTAL POST-LAUNCH | 40+ | 100% | 28,500,000+ | β |
2.2 π― Bot/Sniper Breakdown
Bot Type | # Wallets | Strategy | Tokens Extracted |
|---|---|---|---|
β‘ Sniper Bots | 12 | Front-run LP creation, buy first | 15,000,000+ |
π Arbitrage Bots | 8 | MEV extraction, sandwich attacks | 5,000,000+ |
π Dump Bots | 10 | Coordinated selling cascade | 8,000,000+ |
π¬ Test Bots | 4 | Micro-transactions, probing | 500,000 |
TOTAL | 34 | β | 28,500,000+ |
2.3 π¨ Identified Bot Wallets
# | Wallet | Type | Tokens | SOL | Evidence |
|---|---|---|---|---|---|
1 |
| π€ Primary Bot | 8,000,000+ | 2.0+ | 200+ transactions |
2 |
| π Dump Bot | 8,198,390 | 1.99 | Massive single sell |
3 |
| π Dump Bot | 4,662,559 | 1.06 | Large coordinated sell |
4 |
| π Dump Bot | 2,551,754 | 0.65 | Cascade trigger |
5 |
| β‘ Sniper | 975,767 | 0.23 | Rapid sell after buy |
6 |
| π Dump Bot | 1,261,706 | 0.29 | Coordinated timing |
7 |
| β‘ Sniper | 558,087 | 0.13 | Sequential dump |
8 |
| π Arb Bot | 211,050 | 0.05 | Small extraction |
9 |
| π Arb Bot | 174,630 | 0.05 | Pattern trading |
10 |
| β‘ Sniper | 358,595 | 0.09 | Early seller |
11 |
| π¬ Test Bot | 729,219 | 0.20 | Round SOL (0.2000) |
12 |
| π¬ Test Bot | 18,301 | 0.005 | Micro test tx |
13 |
| π¬ Test Bot | 326 | 0.00008 | Dust transaction |
14 |
| β‘ Sniper | 3,899,383 | 1.07 | Large position |
2.4 π Bot Signature Patterns Detected
Pattern | Wallets | Evidence |
|---|---|---|
π° Round SOL Amounts | JMN43Z, pXrYnY, WEjrBU | 0.2000, 0.005000, 1.070 |
β±οΈ Coordinated Timing | tR6Ubk + YPDc5u | Both sold within seconds |
π Cascade Selling | tR6Ubk β seWs9L β YffM6E | Sequential dumps |
π¬ Micro-Transactions | 8LNEfE, pXrYnY | Test/probe transactions |
π Whale Dumps | tR6Ubk (8.1M), PriceTxn (4.6M) | Single large liquidations |
β‘ Speed Execution | hswtMtZr | 200+ tx in minutes |
2.5 π Bot vs Human Comparison
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β POST-LAUNCH ACTIVITY BREAKDOWN β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β π€ BOTS & SNIPERS: 85% β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β π₯ HUMAN TRADERS: 15% β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β πΈ Value extracted by bots: ~$XXX,XXX β
β π’ Community losses: -93.69% β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ 3. Copycat Token Analysis
3.1 π¨ 6 Fraudulent GRLF Tokens Identified
The GRLF launch was accompanied by 6 copycat tokens designed to deceive investors:
# | Token Name | Platform | Time After Launch | Status | Victim Risk |
|---|---|---|---|---|---|
1 | GRLF | Pump.fun | ~30 minutes | π΄ SCAM | High |
2 | GRLF | Raydium | ~1 hour | π΄ SCAM | High |
3 | GreenLeaf | Pump.fun | ~45 minutes | π΄ SCAM | Medium |
4 | $GRLF | Moonshot | ~2 hours | π΄ SCAM | Medium |
5 | GRFL (typo) | Pump.fun | ~1.5 hours | π΄ SCAM | Low |
6 | GreenLeafToken | Raydium | ~3 hours | π΄ SCAM | Medium |
3.2 π₯ Copycat Impact
Impact Area | Description |
|---|---|
πΈ Financial Loss | Community members purchased fake tokens |
π Confusion | Investors couldn't identify real GRLF |
π Diluted Volume | Trading activity split across fakes |
π‘οΈ Trust Erosion | OTCM security reputation questioned |
β οΈ Support Burden | Team flooded with "which is real?" questions |
3.3 π How Copycats Operated
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β COPYCAT ATTACK FLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β 1. OTCM announces GRLF launch β
β β β
β βΌ β
β 2. Scammers create fake "GRLF" on Pump.fun (30 min) β
β β β
β βΌ β
β 3. Fake tokens promoted in Telegram/Discord β
β β β
β βΌ β
β 4. Confused investors buy WRONG token β
β β β
β βΌ β
β 5. Scammers rugpull βββΊ Community loses funds β
β β
β β NO WAY TO VERIFY which GRLF is official β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ 4. Presale Holder Analysis β THE POSITIVE STORY
4.1 β Presale Statistics
Metric | Value |
|---|---|
π’ Total Presale Transactions | 77 |
β Successful Transactions | 60 |
π₯ Unique Presale Buyers | 66 |
πͺ Total Tokens Distributed | 199,997,351 GRLF |
π° Total SOL Raised | 23.9422 SOL |
β±οΈ Presale Duration | ~15 minutes |
4.2 π Diamond Hands: 97% HELD
Despite a -93.69% price crash, the OTCM community showed incredible loyalty:
Category | # Wallets | % of Presale | Behavior |
|---|---|---|---|
π HOLDING | 64 | 97.0% | Diamond hands through crash |
π΄ SOLD | 2 | 3.0% | Sold post-attack |
4.3 π΄ Only 2 Presale Buyers Sold
# | Wallet | Presale Time | Tokens Sold | % of Presale Supply |
|---|---|---|---|---|
1 |
| 19:58:26 | 558,087 | 0.28% |
2 |
| 19:51:13 | 174,630 | 0.09% |
TOTAL | β | β | 732,717 | 0.37% |
π Key Insight: Only 0.37% of presale tokens were sold β the community is STRONG.
4.4 π Community Loyalty Visualization
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PRESALE HOLDER BEHAVIOR β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β π HOLDING (97%): β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β 64 wallets held through -93.69% crash β
β β
β π΄ SOLD (3%): β
β ββ β
β Only 2 wallets sold (732,717 tokens / 0.37%) β
β β
β π THIS IS THE OTCM COMMUNITY β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ4.5 π― What This Proves
Finding | Implication |
|---|---|
β Community is LOYAL | Worth protecting with better infrastructure |
β Presale structure WORKS | Protected buyers from bot front-running |
β Crash was NOT community selling | 85% of sells were BOTS |
β Diamond hands are REAL | 97% held through -93.69% crash |
β OTCM believers exist | Foundation for future growth |
ποΈ 5. How OTCM Layer 2 Prevents These Attacks
5.1 π‘οΈ Layer 2 vs Current State
Attack Vector | Current State | OTCM Layer 2 | Prevention Method |
|---|---|---|---|
π€ Sniper Bots | β Front-run every launch | β BLOCKED | Commit-reveal hides buy intent |
β‘ MEV Extraction | β Sandwich attacks possible | β BLOCKED | Fair sequencing by time |
π Dump Cascades | β No circuit breakers | β BLOCKED | 30% threshold halts trading |
π Multi-Wallet Accumulation | β Unlimited wallets | β BLOCKED | 4.99% enforced per transaction |
π Copycat Tokens | β Anyone can copy name | β BLOCKED | Only verified issuers launch |
π° Priority Fee Attacks | β Highest fee wins | β BLOCKED | Time-based ordering |
5.2 π€ How Layer 2 Stops Bots & Snipers
Current State (External DEX):
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CURRENT: BOT ATTACK FLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β 1. Token launches βββΊ 2. Bots detect in mempool β
β β β β
β βΌ βΌ β
β 3. Bots submit higher fees βββΊ 4. Bots execute FIRST β
β β β β
β βΌ βΌ β
β 5. Community buys at inflated prices β
β β β
β βΌ β
β 6. Bots DUMP βββΊ 7. Community WRECKED (-93.69%) β
β β
β β SECURITY CONTROLS BYPASSED β
β β BOTS WIN EVERY TIME β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββOTCM Layer 2 State:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OTCM LAYER 2: PROTECTED LAUNCH β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β 1. Token launches βββΊ 2. COMMIT PHASE (intents hidden) β
β β β β
β βΌ βΌ β
β 3. All commits collected βββΊ 4. REVEAL PHASE (simultaneous) β
β β β β
β βΌ βΌ β
β 5. FAIR SEQUENCING (by time, not fee) β
β β β
β βΌ β
β 6. Everyone gets SAME PRICE βββΊ 7. Community PROTECTED β
β β
β β
BOTS CANNOT FRONT-RUN β
β β
WALLET LIMITS ENFORCED β
β β
CIRCUIT BREAKERS ACTIVE β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ5.3 π How Layer 2 Eliminates Copycats
Copycat Vector | Current Vulnerability | OTCM Layer 2 Solution |
|---|---|---|
π·οΈ Name Squatting | Anyone creates "GRLF" anywhere | Only KYC'd issuers can launch |
π Fake Contracts | No way to verify official token | On-chain issuer verification |
π£ Phishing | Users can't tell real from fake | Single source of truth (OTCM.fun) |
π’ Scam Promotion | Fakes promoted alongside real | Official InfoCards with QR codes |
β±οΈ Speed Advantage | Scammers deploy in minutes | Verified issuers only |
Copycat Prevention Flow:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OTCM LAYER 2: COPYCAT PREVENTION β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β β BLOCKED: Random wallet tries to create "GRLF" β
β ββββΊ NOT a verified issuer βββΊ REJECTED β
β β
β β
ALLOWED: Verified issuer creates GRLF β
β ββββΊ KYC/AML complete βββΊ Empire Stock Transfer verified β
β ββββΊ Series M shares issued βββΊ APPROVED β
β β
β RESULT: Only ONE official GRLF can exist on OTCM Layer 2 β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ5.4 π Attack Prevention Summary
Attack | GRLF Launch (Actual) | With OTCM Layer 2 |
|---|---|---|
π€ Bot Purchases | 85% of activity | 0% (commit-reveal blocks) |
β‘ Sniper Front-Running | β Happened | β Impossible |
π Price Crash | -93.69% | ~0% (circuit breakers) |
π Copycat Tokens | 6 created | 0 (verified issuers only) |
π Community Protected | β No | β Yes |
π‘οΈ Security Enforced | β Bypassed | β Every transaction |
5.5 π― The Layer 2 Difference
Metric | External DEX (Actual) | OTCM Layer 2 (Projected) |
|---|---|---|
π€ Bot Activity | 85% | <5% |
π₯ Human Activity | 15% | >95% |
π Copycats | 6 | 0 |
π Price Impact | -93.69% | Controlled |
π Community Experience | Wrecked | Protected |
π‘οΈ Security Status | Bypassed | Enforced |
π 6. Key Metrics Summary
6.1 π΄ The Bad News
Metric | Value | Cause |
|---|---|---|
π Price Crash | -93.69% | Bot dump cascade |
π€ Bot Dominance | 85% of activity | No anti-bot protection |
π Copycats | 6 fake tokens | No verification system |
πΈ Value Extracted | $XXX,XXX | MEV + arbitrage |
6.2 β The Good News
Metric | Value | Meaning |
|---|---|---|
π Presale Holders | 97% HELD | Community is LOYAL |
π΄ Presale Sellers | Only 2 wallets | 0.37% of supply |
π₯ Unique Believers | 64 diamond hands | Foundation for growth |
π‘οΈ Presale Protection | 100% effective | No bots in presale |
β 7. Recommendations
7.1 π¨ Immediate Actions
Priority | Action | Purpose |
|---|---|---|
π΄ CRITICAL | Accelerate Layer 2 development | Prevent future bot attacks |
π΄ CRITICAL | Deploy anti-bot detection | Identify patterns early |
π HIGH | Create copycat alert system | Warn community in real-time |
π HIGH | Publish official token registry | Single source of truth |
7.2 π Layer 2 Requirements
Feature | Anti-Bot Benefit | Anti-Copycat Benefit |
|---|---|---|
π Commit-Reveal | Hides buy intent | N/A |
β±οΈ Fair Sequencing | No priority fee attacks | N/A |
π« Wallet Limits | 4.99% enforced | N/A |
βΈοΈ Circuit Breakers | Stops dump cascades | N/A |
β Issuer Verification | N/A | Only KYC'd issuers launch |
π·οΈ Token Registry | N/A | Single official token |
π InfoCards | N/A | QR verification |
π 8. Conclusion
8.1 π The Full Picture
Category | Finding |
|---|---|
π€ Bot Attack | 85% of post-launch activity was bots |
π Copycats | 6 fake GRLF tokens created |
π Community | 97% of presale buyers HELD through -93.69% crash |
π‘οΈ Security | Controls bypassed on external DEX |
8.2 π The Silver Lining
π 97% of presale holders demonstrated diamond hands through a -93.69% crash. This community is worth protecting.
The GRLF incident proves:
- β The OTCM community is LOYAL
- β Presale protection WORKS
- β The problem is BOTS, not community
- β Layer 2 is ESSENTIAL
8.3 π― The Path Forward
OTCM Layer 2 will eliminate:
Attack | Status |
|---|---|
π€ Sniper Bots | β BLOCKED by commit-reveal |
β‘ MEV Extraction | β BLOCKED by fair sequencing |
π Dump Cascades | β BLOCKED by circuit breakers |
π Copycat Tokens | β BLOCKED by issuer verification |
π Whale Accumulation | β BLOCKED by wallet limits |
8.4 π‘οΈ Final Statement
The GRLF community deserves better. They held through a devastating crash caused by botsβnot by their own selling. They were confused by 6 copycat tokensβnot their own carelessness.
OTCM Protocol's commitment:
π‘ We will build the Layer 2 infrastructure that makes bot attacks impossible, copycat tokens non-existent, and community protection guaranteed.
The 97% who held are why we build. The Layer 2 is how we protect them.