search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
177 stars 220 forks source link

Sybil Attacker Report #211

Closed edwalter3 closed 2 years ago

edwalter3 commented 2 years ago

Related Addresses

0xcb987b367e6fd61b08c33859abe253bb2886e3d8
0x742932ecfae782626594e23a49c09792f24b785e
0x560077ef33f402393fe66acd47952bfcd525c23c
0x49e12dbcf4b35967c8ef40959aa477fa3e50ba0b
0x223e08fc6168be83ea39543b8ed0f06a98574bc2
0xc2c714e78adb805f8d9bfd80964b2d7bdf616705
0xec484c2428fbf401a718395b25bada8ac07fd0aa
0xfc8b8353d633a7769490521a3a2d31954be8a51e
0x93f33456fbbccbb28e5638be1ffa9c62bb0ccdcb
0x867ca9b58f853e700ac97a629fc81edaff704a6a
0xe5be94af0675a17aa2ddae9557767110a4259efa
0x771ec8baa5930c40a4e7fa3330cd38ed52edd993
0xd83a1eac122e8ca7ef53b492eb2018f3518c6a5a
0x7a53692793a0066baee6d3de37539f782a4e17f0
0x3fd34a81ef5a2735e3653690b9c3e086c5aa2f99
0x5e9d8a48e2275d3fe6526564606f0bb89cad2070
0xa597fc0953f464bddd73593a6db510a7fe547ae6
0x56b4267701b39ea8f6e5110bea22cccd51675c23
0x21daf7f65c34290faad24431eb18980d7e13ab3b
0x80cb2fe5e974e9a10bfae0f62bf8b18cc706bb80
0xb5bb91f5eddd643d730039b65b3f50901d95ae77
0xd76ff09299b8fc9d70387432e5ae8262c8286b15

Reasoning

This is a sophisticated Sybil farming attempt as the addresses are not linked to each other on chain. However, these addresses exhibit the same behaviours across multiple chains.

On BSC the addresses received 0.0095 BNB from various Binance hot wallet addresses between 2021-12-14 03:50:48 and 2021-12-14 14:45:07.

At the same time the BNB withdrawals started, the attacker started withdrawing 0.0095 MATIC from MEXC for each address [2021-12-14 04:07:09]. Realising that the withdrawals came from the same address, the attacker stopped withdrawing from MEXC on the same day and started spacing the withdrawals (between 2021-12-14 04:07:09 and 2021-12-17 09:08:10].

The addresses then received USDC through various means, such as swapping MATIC or withdrawing USDC, for farming on various bridges such as Hop and xPollinate. The addresses also farmed potential non-bridge airdrops too. In this batch, the BNB deposited on BSC was used to pay for the fees to return the tokens that were bridged from MATIC. Note that on BSC that the BEP20 transactions generated was solely for the purpose of approving and sending the bridged tokens through Hop and xPollinate. This implies that all the addresses are all bridging the tokens for the purpose of farming the airdrop.

Methodology

All addresses first received their native tokens on the respective chains.

To speed up the indexing, the list of eligible addresses was shortened by filtering out addresses that received fewer than 200 tokens.

  1. A dataset was built by indexing the first transaction's metadata on every chain for each address.
  2. Then by sorting the transactions through the timestamp and value transferred, the batch became easily identifiable.
  3. Given the sophisticated method to minimise detection, it is not possible to link them on-chain.
  4. Thus, the addresses were then manually reviewed to ensure that their on-chain transactions are actual Sybil attempts.
  5. A snippet of the transactions is provided below.

The .csv and scripts for indexing can be provided on request.

bsc_firstHash------------------------------------------------------| bsc_firstTimestamp- | bsc_firstBlockNumber | bsc_from---------------------- | bsc_to------------------------------------ | bsc_value_norm | polygon_firstHash----------------------------------------- | polygon_firstTimestamp | polygon_firstBlockNumber | polygon_from -----------| polygon_to------------------ | polygon_value_norm
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0x37d174671b13dc8fe48ee4619ee645fa0b1de1f9e670a00ac2f24337dc3b78d0 | 2021-12-14 03:50:48 | 13457627 | 0x73f5ebe90f27b46ea12e5795d16c4b408b19cc6f | 0xe5be94af0675a17aa2ddae9557767110a4259efa | 0.0095 | 0xa8b3bb87631ee20313fd51629a8da2a648f5ac484d48112eb5564f6c2b784f62 | 2021-12-14 04:07:09 | 22499730 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xe5be94af0675a17aa2ddae9557767110a4259efa | 9.85
0x08a08c8f6f6a8257b20eaabca25d1b2d631d9e36a964e31ddd9ddad1d9941687 | 2021-12-14 06:25:39 | 13460657 | 0xbd612a3f30dca67bf60a39fd0d35e39b7ab80774 | 0xa597fc0953f464bddd73593a6db510a7fe547ae6 | 0.0095 | 0x555c02fe6ea0b802fa1567e86274b573fd61db4a5f0ccc7225653dbe5f0a55af | 2021-12-14 05:06:07 | 22501348 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xa597fc0953f464bddd73593a6db510a7fe547ae6 | 9.85
0x3e75db257735eb5a869e6d5c72621e6981f1931fb5ff5331b48fcdd02e56f635 | 2021-12-14 06:27:33 | 13460695 | 0xa180fe01b906a1be37be6c534a3300785b20d947 | 0x3fd34a81ef5a2735e3653690b9c3e086c5aa2f99 | 0.0095 | 0x7c7dbf7bed35376b10fd9141984213e3bfc5a85a1abe12ab8efe577d8440b758 | 2021-12-14 05:12:07 | 22501497 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x3fd34a81ef5a2735e3653690b9c3e086c5aa2f99 | 9.85
0x8ad7325b7f5c446cc6bd1d9d6c81b9b5a5e898fde4562e9b3f0d8640e755d9c0 | 2021-12-14 06:30:06 | 13460746 | 0x515b72ed8a97f42c568d6a143232775018f133c8 | 0xec484c2428fbf401a718395b25bada8ac07fd0aa | 0.0095 | 0x4aa7181130edd285705df814578c50e8e74d61b79517ce2e5d6ca7aa1f602cb4 | 2021-12-14 05:16:05 | 22501612 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xec484c2428fbf401a718395b25bada8ac07fd0aa | 9.85
0x6079dde2fdfe11fcc534e77efe578c91fd816dcfd2a55594bdf500cf254270dc | 2021-12-14 06:31:57 | 13460783 | 0xe2fc31f816a9b94326492132018c3aecc4a93ae1 | 0xb5bb91f5eddd643d730039b65b3f50901d95ae77 | 0.0095 | 0x24d27b19a24536de21efdc68cbf21d7d5fa0470f3c0614ec9b401611eab08e4e | 2021-12-14 05:17:05 | 22501640 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xb5bb91f5eddd643d730039b65b3f50901d95ae77 | 9.85
0xb2c6cdcccd74ad885bb4724f20bd9fd71fba61f86811aae9187cc5325b6af0ac | 2021-12-14 14:22:38 | 13470019 | 0xbd612a3f30dca67bf60a39fd0d35e39b7ab80774 | 0x56b4267701b39ea8f6e5110bea22cccd51675c23 | 0.0095 | 0x7d3cc5a61c97bc5106a49a65443cd3074934619c192bb39b2c26aac952915734 | 2021-12-14 14:07:07 | 22515970 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x56b4267701b39ea8f6e5110bea22cccd51675c23 | 9.85
0x952667fd97ac16324a4c8cd458a6a43628186c8077fb0dcf4c745b081fc045bc | 2021-12-14 14:25:44 | 13470081 | 0x515b72ed8a97f42c568d6a143232775018f133c8 | 0xfc8b8353d633a7769490521a3a2d31954be8a51e | 0.0095 | 0x745b1111330ec09c384c0a35bd016b769fd7d620cee0fa17bebde06dac297de9 | 2021-12-14 14:10:09 | 22516059 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xfc8b8353d633a7769490521a3a2d31954be8a51e | 9.85
0xf7866a43f31c23c2c5230955c785e6597e01321cf407dcc4c8e4cdbc16cd05bf | 2021-12-14 14:28:38 | 13470139 | 0x1fbe2acee135d991592f167ac371f3dd893a508b | 0x49e12dbcf4b35967c8ef40959aa477fa3e50ba0b | 0.0095 | 0x1383340ae9d3f82b83c2ded4dbc629ce6538474de67d72303e33887145b8647a | 2021-12-14 14:13:05 | 22516145 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x49e12dbcf4b35967c8ef40959aa477fa3e50ba0b | 9.85
0x99d008aa69374c6ab11815e4f1e2022e7bc192ee47ae15cb31d7c4f5d5dc2b42 | 2021-12-14 14:29:32 | 13470157 | 0x515b72ed8a97f42c568d6a143232775018f133c8 | 0x93f33456fbbccbb28e5638be1ffa9c62bb0ccdcb | 0.0095 | 0x4b92b3eb11f473caccc125570ab516478b7dad60a862927df955c7585896b282 | 2021-12-14 14:14:09 | 22516175 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x93f33456fbbccbb28e5638be1ffa9c62bb0ccdcb | 9.85
0xc26a504bc8c5f6b62e6225da77d2bcb6bbd0225cd4c08e6e1a9942dbd3fda6d2 | 2021-12-14 14:31:14 | 13470191 | 0x01c952174c24e1210d26961d456a77a39e1f0bb0 | 0xcb987b367e6fd61b08c33859abe253bb2886e3d8 | 0.0095 | 0x1d4215734a79819677a66ad5a5ec8b074fc0c63c5b8c79d1830460a3ba693d13 | 2021-12-14 14:15:17 | 22516209 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xcb987b367e6fd61b08c33859abe253bb2886e3d8 | 9.85
0x3242eca5b0f4096264bb86133a9174ac2357b71dcece83e2adab6b1a3ca65049 | 2021-12-14 14:32:42 | 13470220 | 0x3c783c21a0383057d128bae431894a5c19f9cf06 | 0x223e08fc6168be83ea39543b8ed0f06a98574bc2 | 0.0095 | 0x58f2caae389130d240e23f2ad58a25e04893b50ca68d2f2399f73e765ed37d2e | 2021-12-16 10:58:05 | 22589180 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x223e08fc6168be83ea39543b8ed0f06a98574bc2 | 9.85
0x9894ef806574796ff2183bb3a61986ccd99a988b47ecfe109ca3521b85c466b3 | 2021-12-14 14:34:09 | 13470249 | 0x01c952174c24e1210d26961d456a77a39e1f0bb0 | 0x742932ecfae782626594e23a49c09792f24b785e | 0.0095 | 0x050374d60cb3e1a7e160388b302f7e64c3033051f212783dfb228a976aab0531 | 2021-12-16 10:59:11 | 22589211 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x742932ecfae782626594e23a49c09792f24b785e | 9.85
0xdf2566f9b1f4362dae0dae05a6cfd88edfe7a28d35ca068be52e128d967c6ba6 | 2021-12-14 14:35:00 | 13470266 | 0xeb2d2f1b8c558a40207669291fda468e50c8a0bb | 0xd76ff09299b8fc9d70387432e5ae8262c8286b15 | 0.0095 | 0xc947fffb63f4a06bd9da7fc5ea7b3232483d9e5dbca11a0d578f12b029ce6932 | 2021-12-16 11:00:07 | 22589239 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xd76ff09299b8fc9d70387432e5ae8262c8286b15 | 9.85
0x41129d676fc3a6f878df287c16beb421c4b4abf63afb2c4ad6c1a3ff7ee7f9c5 | 2021-12-14 14:36:36 | 13470298 | 0x73f5ebe90f27b46ea12e5795d16c4b408b19cc6f | 0x771ec8baa5930c40a4e7fa3330cd38ed52edd993 | 0.0095 | 0xba35da26067c2b212ca6636871be4b6831d64b3d42e748b514a53e35789176be | 2021-12-16 11:01:07 | 22589267 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x771ec8baa5930c40a4e7fa3330cd38ed52edd993 | 9.85
0xd652b25e95624443bab52f4747b7d3ce815820bcef09a8295dcd151445340b24 | 2021-12-14 14:37:39 | 13470319 | 0x01c952174c24e1210d26961d456a77a39e1f0bb0 | 0x560077ef33f402393fe66acd47952bfcd525c23c | 0.0095 | 0x0a9debd1f00e829017ce90b5b262906b9e95bc4659cec78618b0c6d1d9299ba4 | 2021-12-16 11:02:09 | 22589298 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x560077ef33f402393fe66acd47952bfcd525c23c | 9.85
0x97de81b3827e72b50068d0823067497a6908d83cb7f82d364311551fb450e614 | 2021-12-14 14:38:37 | 13470338 | 0x3c783c21a0383057d128bae431894a5c19f9cf06 | 0xc2c714e78adb805f8d9bfd80964b2d7bdf616705 | 0.0095 | 0x9435b3bed253ce3a66171332c0bf9e7fc9dad144575bf632faa8322c810d7a7c | 2021-12-16 11:04:05 | 22589354 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xc2c714e78adb805f8d9bfd80964b2d7bdf616705 | 9.85
0x926506b1fd7e72230b417241776b701e6bb0e111d5e044a7b3cdd56977c2c5e8 | 2021-12-14 14:39:34 | 13470357 | 0x73f5ebe90f27b46ea12e5795d16c4b408b19cc6f | 0xd83a1eac122e8ca7ef53b492eb2018f3518c6a5a | 0.0095 | 0x3fd8f321e17ffd58eea5830f35f4f4d732087c9cb554fffd5462e8c4524eb48d | 2021-12-16 11:05:03 | 22589381 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0xd83a1eac122e8ca7ef53b492eb2018f3518c6a5a | 9.85
0x848e36aaf748335b23ed9c5b74263372d465f5037bb7755a1e0ab29e5791c746 | 2021-12-14 14:40:49 | 13470382 | 0xdccf3b77da55107280bd850ea519df3705d1a75a | 0x80cb2fe5e974e9a10bfae0f62bf8b18cc706bb80 | 0.0095 | 0xc7dd5fd99266f5983dff44097d955402f844ed0b853c2a9819b3ba2701f9295f | 2021-12-17 06:51:05 | 22622017 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x80cb2fe5e974e9a10bfae0f62bf8b18cc706bb80 | 9.85
0xa6515eda8ff9411067e7c76e73dc88a72994ca66ebe7b9a22c0e17dd3c78dcdf | 2021-12-14 14:42:16 | 13470411 | 0x73f5ebe90f27b46ea12e5795d16c4b408b19cc6f | 0x7a53692793a0066baee6d3de37539f782a4e17f0 | 0.0095 | 0x6ec9020a109e0b7765316c7406b5254efea9d4109901e4322fe29e577ccb2e45 | 2021-12-17 06:54:07 | 22622106 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x7a53692793a0066baee6d3de37539f782a4e17f0 | 9.85
0xbca9236aa9870a3d4afbbee62c40b53fc607a631765ac5509c955c0fc6b99c74 | 2021-12-14 14:43:13 | 13470430 | 0xa180fe01b906a1be37be6c534a3300785b20d947 | 0x5e9d8a48e2275d3fe6526564606f0bb89cad2070 | 0.0095 | 0xb6e06a3f8d5903fa62cb14096b86865ce6e9680820c39454fd9018d7ea9962e2 | 2021-12-17 08:12:06 | 22624312 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x5e9d8a48e2275d3fe6526564606f0bb89cad2070 | 9.85
0xd10dd8678544cbd357b339e539a1e583d8220c2f2728ad6df798db0e08b1dd0f | 2021-12-14 14:44:10 | 13470449 | 0xbd612a3f30dca67bf60a39fd0d35e39b7ab80774 | 0x21daf7f65c34290faad24431eb18980d7e13ab3b | 0.0095 | 0xca737d0957b38969fee070cb4d39e25e32f32766a167fc78b294ae3501d8a70f | 2021-12-17 08:13:10 | 22624342 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x21daf7f65c34290faad24431eb18980d7e13ab3b | 9.85
0xa5eed850cd4efdf545ebe3e8491fa61e29cff4241c017e673a044ec5495c0a47 | 2021-12-14 14:45:07 | 13470468 | 0x515b72ed8a97f42c568d6a143232775018f133c8 | 0x867ca9b58f853e700ac97a629fc81edaff704a6a | 0.0095 | 0xf5d78f5db6dd09dce24c801e8cfceaa4bdf3b2c93501c7762281ea6c4d380d7b | 2021-12-17 09:08:10 | 22625758 | 0x51e3d44172868acc60d68ca99591ce4230bc75e0 | 0x867ca9b58f853e700ac97a629fc81edaff704a6a | 9.85

Rewards Address

0x0BE6FC06A0A605D006C6317E5b0383F6Fb1394F1

shanefontaine commented 2 years ago

Thank you for your report @edwalter3. We have verified that the addresses in this report are Sybil attackers.

The report included 22 eligible addresses as Sybil attackers which means you are eligible for 2570.535070447479781303 HOP! When Hop DAO is live, we will make a proposal for this reward — subject to a 1 year lockup, as mentioned in the original Mirror post.

The qualified addresses are as follows:

0xcb987b367e6fd61b08c33859abe253bb2886e3d8
0x742932ecfae782626594e23a49c09792f24b785e
0x560077ef33f402393fe66acd47952bfcd525c23c
0x49e12dbcf4b35967c8ef40959aa477fa3e50ba0b
0x223e08fc6168be83ea39543b8ed0f06a98574bc2
0xc2c714e78adb805f8d9bfd80964b2d7bdf616705
0xec484c2428fbf401a718395b25bada8ac07fd0aa
0xfc8b8353d633a7769490521a3a2d31954be8a51e
0x93f33456fbbccbb28e5638be1ffa9c62bb0ccdcb
0x867ca9b58f853e700ac97a629fc81edaff704a6a
0xe5be94af0675a17aa2ddae9557767110a4259efa
0x771ec8baa5930c40a4e7fa3330cd38ed52edd993
0xd83a1eac122e8ca7ef53b492eb2018f3518c6a5a
0x7a53692793a0066baee6d3de37539f782a4e17f0
0x3fd34a81ef5a2735e3653690b9c3e086c5aa2f99
0x5e9d8a48e2275d3fe6526564606f0bb89cad2070
0xa597fc0953f464bddd73593a6db510a7fe547ae6
0x56b4267701b39ea8f6e5110bea22cccd51675c23
0x21daf7f65c34290faad24431eb18980d7e13ab3b
0x80cb2fe5e974e9a10bfae0f62bf8b18cc706bb80
0xb5bb91f5eddd643d730039b65b3f50901d95ae77
0xd76ff09299b8fc9d70387432e5ae8262c8286b15
shanefontaine commented 2 years ago

In addition to the data you provided, it looks like each address on that list sent their last Polygon transaction (as of the time of writing) between 2021-12-16 and 2021-12-21. Additionally, they all exhibit the same behavior on Hop protocol:

address ensName total mainnet arbitrum optimism polygon xdai totalVolume
0xe5be94af0675a17aa2ddae9557767110a4259efa   2 0 0 1 1 0 $2,427.83
0xa597fc0953f464bddd73593a6db510a7fe547ae6   2 0 0 1 1 0 $2,415.03
0x56b4267701b39ea8f6e5110bea22cccd51675c23   2 0 0 1 1 0 $1,393.49
0xcb987b367e6fd61b08c33859abe253bb2886e3d8   2 0 0 1 1 0 $1,384.67
0xec484c2428fbf401a718395b25bada8ac07fd0aa   2 0 0 1 1 0 $1,333.83
0x93f33456fbbccbb28e5638be1ffa9c62bb0ccdcb   2 0 0 1 1 0 $1,245.91
0x3fd34a81ef5a2735e3653690b9c3e086c5aa2f99   2 0 0 1 1 0 $1,234.89
0xb5bb91f5eddd643d730039b65b3f50901d95ae77   2 0 0 1 1 0 $1,220.39
0xc2c714e78adb805f8d9bfd80964b2d7bdf616705   2 0 0 1 1 0 $1,220.04
0x223e08fc6168be83ea39543b8ed0f06a98574bc2   2 0 0 1 1 0 $1,218.34
0xfc8b8353d633a7769490521a3a2d31954be8a51e   2 0 0 1 1 0 $1,193.67
0x742932ecfae782626594e23a49c09792f24b785e   2 0 0 1 1 0 $1,100.92
0x7a53692793a0066baee6d3de37539f782a4e17f0   2 0 0 1 1 0 $1,099.20
0xd76ff09299b8fc9d70387432e5ae8262c8286b15   2 0 0 1 1 0 $1,098.80
0x80cb2fe5e974e9a10bfae0f62bf8b18cc706bb80   2 0 0 1 1 0 $1,076.01
0xd83a1eac122e8ca7ef53b492eb2018f3518c6a5a   2 0 0 1 1 0 $1,075.79
0x771ec8baa5930c40a4e7fa3330cd38ed52edd993   2 0 0 1 1 0 $1,073.33
0x560077ef33f402393fe66acd47952bfcd525c23c   2 0 0 1 1 0 $1,069.62
0x49e12dbcf4b35967c8ef40959aa477fa3e50ba0b   2 0 0 1 1 0 $1,038.53
0x5e9d8a48e2275d3fe6526564606f0bb89cad2070   2 0 0 1 1 0 $1,026.60
0x867ca9b58f853e700ac97a629fc81edaff704a6a   2 0 0 1 1 0 $1,013.54
0x21daf7f65c34290faad24431eb18980d7e13ab3b   2 0 0 1 1 0 $1,004.62