search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
175 stars 218 forks source link

Sybil Attacker Report #171

Closed Iseeyou23 closed 2 years ago

Iseeyou23 commented 2 years ago

Related Addresses

0x2ba2505Db75D9Dd7F61FFC251762682C0BCdc922 0xB017BfBFdae894dFC4E41A966293b5b21fb82eF2 0x14b5d0339f3e666980187b6e42afbeb2d9e24a7e 0x4Bc74c9Acaadb65352f6CCeD9fD45b2Fc0731139 0xfb31E4105AE66F0870F64dA9248f354E39036e2a 0x74C3b2d22ED5990B9aB1f77BD3054D4fD4AfCF96 0xcE0b352177038599b1df4505F50ff731FF6421eb 0xf8df9716c5b83d02F09a34E9d62C9e22F62C616C 0xEC63913528365fc4B845df57171b63D71eC68442 0x6a4f7191a69f09636d51f2efb93640b86d288ce0 0x01d9f91c2579b3197b08c560afc660eb929936cc 0xCa253fE65D86E0a1848864184C170FaaC021F862 0xEC63913528365fc4B845df57171b63D71eC68442 0x5b295AA92ddD008D4042773E8DF91A9F848ebC58 0x9a1Ce61815C2e7cAFd55a8cA2F03Af7dA34B1b84 0x4f855cd9c9e47890ed7e394379e7ad5ce048ddd9 0xD4e46de7D58c58061ff72d6F69C18330186ea5De 0x7c67Ec08525672a4703c51125709DEe33C24A240 0x455Ca2eEEB67bd243993C58Afea5268F2af9de9A 0x13928f482a3483cd5ffade46a98797561230805a 0x2e01ac614b9e918f7886e99393154b340208d8b9 0x5b93f7cc6be95db6417701bc39c0e503451cfc98 0xf468c3d06e2261fa01ebf73a0bd1cda63e8e0d0f 0x6D1b8DC14B1718c61336550C400844353168ecD3 0xBbe8e353CeC9242B94054dd89C0ccd80c22F4279 cee0.sismo.eth 0x9BdFAeB9CB28DC05b09B37c0F14ECBc9A876CEe0 MAJOR WALLETS # Reasoning How did he try to syblin attack hop protocol > 1.Attacker tried to split his portfolio and create multiple LP tokens from multiple wallets to get huge amount of HOP token. 2.Attacker would use it to harm the system (around 150-300K tokens) . 3.Let me explain> First we have 0x2ba2505Db75D9Dd7F61FFC251762682C0BCdc922 , its the main hub of attackers . It deposited 621.49375ETH from Binance. Bridged 200ETH l2 through hop. Other 400 ETH he sent to 0xB017BfBFdae894dFC4E41A966293b5b21fb82eF2 ,after that he sent 150 ETH to hop for LP Tokens and other 250 to 0x14b5d0339f3e666980187b6e42afbeb2d9e24a7e . Now he created LPs for 200 ETH and sent 50 ETH to 0x4Bc74c9Acaadb65352f6CCeD9fD45b2Fc0731139 . Attacker deposited another 571ETH from binance to (0x4b...1139) , he created 122 ETH LP Hop LPs. Other 500 ETH he sent to 0xfb31E4105AE66F0870F64dA9248f354E39036e2a. Attacker then send 500ETH to 0x74C3b2d22ED5990B9aB1f77BD3054D4fD4AfCF96 . From this wallet he splitted the ETH on multiple wallets that are on the list above. List is made in order of transactions and LP creations. All wallets are connected and belong to the same entity. All addresses are interconnected and all evidence points out he is indeed a syblin attacker. Main hub of his attack is also a cee0.sismo.eth wallet. There is still more to see down the rabbit hole.Probably good that the team checks this guy fully. # Methodology How did i find the data> FOUND WITH WATCHING WHO ADDED MASSIVE LIQUIDITY AND REMOVED IT AT THE TIME OF FIRST AIRDROP ROUMOUR. WAS SEEING A PATTERN OF ADDING AND REMOVING AND FOLLOWED THE WALLETS AND TRANSACTIONS.Analizing metadata and researching contracts and user interactions. # Rewards Address 0x82742CC8A0dF025Ff7B6bbdd22429A351FA2DE7c
shanefontaine commented 2 years ago

Thank you for your report.

Unfortunately, none of these addresses are eligible. All eligible addresses are here.

Please note that, per the rules, only the Hop Bridge User token allocations are taken into consideration for the Sybil attacker submissions and not Hop LPs. Additionally, the submitted addresses may have existed on the list in the past, but someone might have submitted these addresses as a Sybil attacker before you did.