search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
177 stars 220 forks source link

Sybil Attacker Report #305

Open Iseeyou23 opened 2 years ago

Iseeyou23 commented 2 years ago

Related Addresses

0x9E4977972cb8A95fDF2Cf9Bda269EBDB2DcaEa35 > 0x950a0be4d5e7c63017debfae67ada866b55e7335 > 0xbf24def75d022f0049463c4a7f5484b223678269 > 0x540cb04ebab67e05a620b97bb367ac5e4ed68f09 >0x6b30fdea7bda341d498356d4317e86074a1c2e2a > 0x2dDA83eA34157b05B24827a94E460d99cF9CCfb8 > 0x9446109c997e0ceb552be06bbd08fe8310b2fae9 > 0x71ff65395a8998409608f8003007c4144978169d > 0x43c200c1ea4e63ab15d1fc0439eab749c35cb1f0 > 0x451a2f23b2a18f11ace266c4fe3943aea0d92cac > 0x2c1a420cb6c631d1d38e738d8eafa8c9dc5d0b6d > 0xf64da7be3d8eef9e6eb2dc554253c82452e89735 > 0x97dc368deb05fe88b64d95ee15cf058852c347ac >0x5F4ef5C539a56291665FcCa4e6b7a6446AD11Cc1 >0x9446109c997e0CEB552bE06bBD08FE8310b2FAe9 >0xf8c3f0e81c024d7e4d4378d215bcb78af145991d >0xd58cd4d960c52dbb497f6d9032de5c69ee3958ef >0xe39e7f1d6b49476978775d59715a3cbdcc96e1be >0xbbd713f0de4acd0596a4a667663bfc4d1893f59c >0xd5FAE9a76DE0bF1063eEE5D4AE05Be77cB08E68A >0x79e684A001fDD917FE61bf0643d5800956C91A83 >0x71FF65395A8998409608F8003007C4144978169d >0x552CDa6990392D5345D2bCD6eD59Ae4acd24392c 0xd7b26011e6eb5857a6251da1f77e9f3d8aac4489 >0xa4b2c652b4052729ab35f6a6ffc0c22bad7bdba8 >0x5574d6f75a59945a3d2e056d048816e11ce12bf8 >0x085ed975a8b6b860de3c2b871da60a3f9f48a5b8 >0xc16b76c25b60e5970ace61c719ca263133ccc1b3 >0xbcd8fc34307cc53755b6082c41b6ba643fbc6f99 >0x32791bbc7ddc9d0e6bd914f3b7f73747132a3a5b >0x17ebee050c312567ad0038c0a703779401cb0fe0 >0xee3b8af0874416cd5b643ade0f34b3d51be1deb3 # Reasoning

These addresses are highly correlated on ethereum and Polygon (have direct transfer with one another). The all perform swapAndSend or transfer on ethereum or polygon around SEPTEMBER 10 2021/ JANUARY 2022

0x9E4977972cb8A95fDF2Cf9Bda269EBDB2DcaEa35 / wanling.eth> sent to 0x6b46357cec3290da8f5e304573f61b790ed1c592 (not eligible) tnxid.eth 0xfd419ec1e5784f7e4409d3f97241728c61a6bc7f9aa3eb1138131c066c480dff 0x950a0be4d5e7c63017debfae67ada866b55e7335 tnxid.eth 0xe2b54c837d7ef5cc365536ad74838ecd2f2eb13756d7d48946766ad8438729f3 0xbf24def75d022f0049463c4a7f5484b223678269 tnxid.eth 0xe3b910a1b6d581c0d8dfa3c616523dc414f3e56d62f1efa84af99fdbf94cf083 0x540cb04ebab67e05a620b97bb367ac5e4ed68f09 tnxid.eth 0x11f190519bea45ea83dbc8290b8f7848db0c5ec1ada7b6c55b373b6c8a680d05 0x6b30fdea7bda341d498356d4317e86074a1c2e2a tnxid.eth 0x15f6996ef1816f35dbf94e6ba68cb966ac72bef6cf8449250e956cbed3de2c18

0xd7b26011e6eb5857a6251da1f77e9f3d8aac4489 tnxid.eth 0xabfdabe79674c96160e233e730dc1aed6cd6fcc08b5c16944ededdd1b27df963 0xa4b2c652b4052729ab35f6a6ffc0c22bad7bdba8 tnxid.eth 0xa00ceeae606369106d839985aba2f9da78389b5941efb32944eb933078d42bd9 0x5574d6f75a59945a3d2e056d048816e11ce12bf8 tnxid.eth 0x06f6020d88764854d2b0a14d2da411343882b6b3593e557cf4a2f6c5ecdbe388 0x085ed975a8b6b860de3c2b871da60a3f9f48a5b8 tnxid eth. 0x1ce902c78ed2886538ae2de8b69094bf7399a0f6aac16c86d6178a49dca1d00a 0xc16b76c25b60e5970ace61c719ca263133ccc1b3 tnxid eth. 0x2ee2b1e6f0d7e9e93e4e8770761460a0de987ad7767cbb0e1bbc3e3ed472059a 0xbcd8fc34307cc53755b6082c41b6ba643fbc6f99 tnxideth. 0x2ed322e14e411d1851541516a8ef4484a0652cc7e16962f9bf40cf9356a371ff
0x32791bbc7ddc9d0e6bd914f3b7f73747132a3a5b tnxid.eth 0xb77726a016469fe7c2273dc518234f196eedd5bdf6f04d5b2db6044b004fc689 0x3cbd59d368c543307722596345882d3b1d99df55 (middleman,noaridrop) tnxid.eth 0x2168f843213cef580999714b27f3c32228e6127cb66f2d2028525ae0be655bc0 0x17ebee050c312567ad0038c0a703779401cb0fe0 tnxid.eth 0xe2fa0be15bbf604448ba3b3f2b3065f49ea03c1bcc7f976e46a74af3b627c051 0xee3b8af0874416cd5b643ade0f34b3d51be1deb3 tnxid eth. 0x067b50fb53eef6c731516e1950eb7c1e51ab3d953ee5d58641ae7a2df0fa6053

0x5F4ef5C539a56291665FcCa4e6b7a6446AD11Cc1 tnxid.eth 0xb02ac98e3f487a6f20a375d8547e23732f1484a504e9d73060e81a695f1f6836 (wanling.eth) 0x9446109c997e0CEB552bE06bBD08FE8310b2FAe9 tnxid eth. 0x34f68a5439ccb4aa71c818ba819c0af406da1bcffe1b6827ebf9e48fe65cba11 0xf8c3f0e81c024d7e4d4378d215bcb78af145991d tnxid eth. 0xb5228a1573e46ece2f185f8cb0325f38b4d8824e518d8a34fd936662d8d4b559 0xd58cd4d960c52dbb497f6d9032de5c69ee3958ef tnxid poly. 0x09371c58ba2a498515234fccbd240c35c062ff3391ad074b8806f1b7e03a12d8 0xe39e7f1d6b49476978775d59715a3cbdcc96e1be tnxid.poly 0x85d29c88a4ec4282da234250586543d374c5ae1b1840e76664d0902cf3f9a855 0xbbd713f0de4acd0596a4a667663bfc4d1893f59c tnxid eth. 0xb3aa43ebc96f0fcad9790310a8cc8a01d8633ca4a2d5b2b6ffe96887c274eeb2 0xd5FAE9a76DE0bF1063eEE5D4AE05Be77cB08E68A 0x79e684A001fDD917FE61bf0643d5800956C91A83 0x71FF65395A8998409608F8003007C4144978169d 0x552CDa6990392D5345D2bCD6eD59Ae4acd24392c

0x993f474ab9d61dae72e468a842aeb02d73e95e46(not eligible) tnxpoly. 0x9ba425ecc6344864ddb7b16c8a8243154c307c56d3a9f51b1ac3f02421441f0b sent next to 0x2dDA83eA34157b05B24827a94E460d99cF9CCfb8 tnxpoly. 0x17a6d51649ed1118476b11d4564aa71cca975cda316bd2539f2e62a980c43095 0x9446109c997e0ceb552be06bbd08fe8310b2fae9 tnxpoly. 0xc8feccf61270988588d67e01b3109ad0615666dbf608d2f8f7e69f62cff05942 0x71ff65395a8998409608f8003007c4144978169d tnxpoly. 0x166a894d684748075f75cbce3b73588490f88fb8831a8402f61e8aeae0a41323 0x43c200c1ea4e63ab15d1fc0439eab749c35cb1f0 tnxpoly. 0xa4f44a885dbb64f61e24794ccd39e4042ad671b078a1be2154445c11b86dda32 0x451a2f23b2a18f11ace266c4fe3943aea0d92cac tnxpoly. 0xefa173644d5cfaaf5601d89a7731346b581a9cd071b23f3ab94b0d4e6942ec44 0x2c1a420cb6c631d1d38e738d8eafa8c9dc5d0b6d tnxpoly. 0xd67149b62b7966a9876d883ab16fb24d227784c9aff69951d5d2befabfe216b5 0xf64da7be3d8eef9e6eb2dc554253c82452e89735 tnxpoly. 0xbd8e5b335d1117a5eea4ee1dadd46e48df881fd72306638c662fdbd6aeaac780 0x97dc368deb05fe88b64d95ee15cf058852c347ac tnxpoly. 0x0c5ff18cc862ce4ba43ac5e21fda1a9e74e92ecd961a33c390dead08e760f1c7

Methodology

All addresses are connected in the Polygon network and ethereum netwrok by the fact that MATIC and ETH was sended sequentially from one address to another. . You can check this sequentially in reasoning.

I can also note the same pattern of using the same contracts (Attacker used the similar amount of ETH AND MATIC

Interaction with the HOP protocol took place in the time interval between SEP10. /2021 JAN-28-2021 and occurred in the same way using 2-3 transactions in the Polygon network and also ethereum network. Bridge>swap>bridge>transfer was what using and it is clear sign of sybil attacker.

Rewards Address

0x82742CC8A0dF025Ff7B6bbdd22429A351FA2DE7c
Iseeyou23 commented 2 years ago

All the proof and reason is described above. If you made 3 wallets i can guess you made even more which i can prove with reasoning above.

Iseeyou23 commented 2 years ago

Because i was tracking LPs first. Now i started tracking bridged funds. Im not here to argue, let the team decide...

shanefontaine commented 2 years ago

@Iseeyou23

Thank you for the submission. Unfortunately, this submission does not meet one of the criteria for submissions:

Methodology that has a non-negligible chance of eliminating legitimate users will not be considered

There will need to be additional proof submitted in order to consider this a valid group that does not include any legitimate users. Please consider providing more information about the behavior of these addresses, such as identical types of transactions or similar timing of transactions. Please note that another user that submits an issue with a detailed, non-negligible chance of eliminating legitimate users, their submission will be considered before yours.

The chain of transactions like you posted is a great start! However, we have seen a number of OTC deals, NFT direct trades, and friends sending friends funds. The same-day Hop transactions, however, seem promising! The dates you posted (SEP10. /2021 JAN-28-2021) are not enough proof. If you can find more data, we would be happy to review it!

For some additional information (if it helps) here is the Hop protocol behavior of the eligible addresses on your list. Good luck!

address ensName total mainnet arbitrum optimism polygon xdai totalVolume
0xd7b26011e6eb5857a6251da1f77e9f3d8aac4489   58 6 9 13 18 12 $54,540.23
0xc16b76c25b60e5970ace61c719ca263133ccc1b3   28 3 4 10 4 7 $42,772.50
0x17ebee050c312567ad0038c0a703779401cb0fe0   49 6 12 9 12 10 $41,741.65
0x32791bbc7ddc9d0e6bd914f3b7f73747132a3a5b   54 5 11 13 13 12 $39,244.64
0xa4b2c652b4052729ab35f6a6ffc0c22bad7bdba8   38 4 6 10 7 11 $36,390.23
0xbcd8fc34307cc53755b6082c41b6ba643fbc6f99   29 2 10 8 4 5 $35,717.29
0x085ed975a8b6b860de3c2b871da60a3f9f48a5b8   28 0 7 6 7 8 $16,583.01
0x5574d6f75a59945a3d2e056d048816e11ce12bf8   29 3 3 6 11 6 $15,976.70
0xd5fae9a76de0bf1063eee5d4ae05be77cb08e68a   16 0 0 1 8 7 $6,169.94
0x9e4977972cb8a95fdf2cf9bda269ebdb2dcaea35   19 0 0 1 10 8 $4,004.59
0x5f4ef5c539a56291665fcca4e6b7a6446ad11cc1   12 1 0 2 2 7 $3,593.99
0x451a2f23b2a18f11ace266c4fe3943aea0d92cac   14 0 0 3 3 8 $3,392.78
0x71ff65395a8998409608f8003007c4144978169d   15 0 0 3 5 7 $3,309.58
0xee3b8af0874416cd5b643ade0f34b3d51be1deb3   5 3 0 0 2 0 $3,276.36
0xf64da7be3d8eef9e6eb2dc554253c82452e89735   15 0 0 1 9 5 $3,154.81
0x552cda6990392d5345d2bcd6ed59ae4acd24392c   11 0 0 1 6 4 $3,070.10
0x540cb04ebab67e05a620b97bb367ac5e4ed68f09   11 0 0 0 5 6 $2,739.35
0xbf24def75d022f0049463c4a7f5484b223678269   2 0 1 1 0 0 $2,650.39
0x2dda83ea34157b05b24827a94e460d99cf9ccfb8   11 0 0 1 6 4 $2,440.37
0xbbd713f0de4acd0596a4a667663bfc4d1893f59c   9 0 0 1 4 4 $2,250.46
0x9446109c997e0ceb552be06bbd08fe8310b2fae9   9 0 0 0 5 4 $2,071.45
0x6b30fdea7bda341d498356d4317e86074a1c2e2a   6 0 0 0 3 3 $1,753.05
0x79e684a001fdd917fe61bf0643d5800956c91a83   10 0 0 1 8 1 $1,656.59
0x2c1a420cb6c631d1d38e738d8eafa8c9dc5d0b6d   6 0 0 0 2 4 $1,512.16
0x950a0be4d5e7c63017debfae67ada866b55e7335   8 0 2 1 4 1 $1,409.54
0x43c200c1ea4e63ab15d1fc0439eab749c35cb1f0   6 0 0 0 2 4 $1,394.58
0x97dc368deb05fe88b64d95ee15cf058852c347ac   6 0 0 0 3 3 $1,342.25
0xe39e7f1d6b49476978775d59715a3cbdcc96e1be   5 0 0 0 3 2 $1,090.95
0xf8c3f0e81c024d7e4d4378d215bcb78af145991d   4 0 1 1 1 1 $1,051.31
Iseeyou23 commented 2 years ago

Will write up all the transactions and time that occured in couple of hours...