search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
175 stars 218 forks source link

Sybil Attacker Report #486

Open gitNickV opened 2 years ago

gitNickV commented 2 years ago

Related Addresses

\x440b4a49248f25a9cf514ad8c1557cbf504ed5c4 \x06cc94293290b0ca235e8deab74d5fad7e6b8ce4 \x0fe88914b8caa4698c876e6ea40d405f68673534 \x1de39ff38945d3b37134cd783b7be3452779e1e0 \x21fcf7d45a0c636f62b8c16f98677bee5421cce9 \x25406e420b420cfc1d99940e7cd297b5740adfb9 \x3956e5160dfe0af59986ce4babeeff681fb53168 \x4dfa463069f490228e61d43690ad152662a66340 \x971506c632dfb1dc6e7a2d064f7d571569462f4b \x973b3e5130ae4f18f78bad053a3155e6b8034f43 \x9df72a7d52a60975444ca86d89755e335f7eed65 \xa2445ea0e997e9ecc714250718d600c294a188ea \xaa8304cce6b057af952938d0232f0477d05decb5 \xb029800f0b4c4e9a3514535ba487c7bb4ab6831a \xc5745e19401b3ecf016a6b3bd6553852547c41af \xc8131bc8075afb3e30162bb8ed2f9521f665f7be \xc99ac7e4ae5256f55a5fa911077e4a9b0a0f183a \xe1d9d246c607936c4ed2153cf9762bca82d900b0 \xeaebdb2c71ea29844919ff532f508030231fd48d \xef0a05f41cada3fa2110c50ad66c74a9242a119c \xe4706d646e97c8a36109ea81b13eb834f5b3bed1 \xad0dbd2735b2bdef14334f622147526bd97b2f4f \xe830a79facbcd2c89de0b5e5c5a67a7190ec53a1 \x7cd9ef2fd657a042bf7815d02f487a7ab40f30b0 \x3e40a3c03f0f3cd652428292df4c12625c18a59d \x4bdc264560136b1c4556fdb4f7a90376169b91d1 \x982e09ebd5bf6f4f9cce5d0c84514fb96d91c5f9 \x6b611d278233cb7ca76fd5c08579c3337c01e577 \x37d27c00ff4d9b7f5dddf877cc14e7f919a6490d \x7b17df087859f731a2097fe040a1af3b70df3c95 \x5fd2c02689d138547b7b1b9e7d9a309d5a03edcd \x299c06e5379924884f8d5cc9112e6c338178f884 \xe3f27deff96fe178e87559f36cbf868b9e75967d \x5bef93a613d78b3ff56c2439d3ae58a26b3353c1 \x6e2fc50bdde3e8b45ab47282986c5c45ffb08b7e \xbcbe9b878543b9d4098497c67f1e95bc44a0b34c \x55a9c5180dcafc98d99d3f3e4b248e9156b12ac1 \x85844112d2f9cfe2254188b4ee69edd942fad32d \x6f9c8dcf20cd691a1f1944d28b3f63131f67ccb1 \xd52c1d745c16d52904b32baf4a08b3356a5136a5 \x2b333ae41632c0266ae275e811bb5eeb3f21fd03 \x535a8757d22668ad76d3a3e73ba3d5f411174709 \x46bae1972c869527c8b8fa5b92fb747d7d51fd42 \x9d1b972e7cee2317e24719de943b2da0b9435454 \xaed07b5d8e841f792e1de379b53af2fb2132839d \x34b5f399cc5a1dd491666c9866941fb8e8d09746 \x38a48ddf98d3d6af7fd46a692265d72515534525 \x7492e719607e2b31c878c9bb30a575fc75d0d518 \x1008e41106813a1cc6b5f9c378e2cf1c47158e7d \x18dff00a8b2894ddbd7e0d74a5057fe2e76c250d \x036d78c5e87e0aa07bf61815d1effe10c9fd5275 \x32514465a9e274973436bc58549b581be49b5641 \x11fab9134c4169377b297bc2c0c82891bbbe3d34 \x303c36e5c473bf36bf643debeb61c68f780641aa \x8096da6ced12b75684054ef16e1bf7e376353c29 \x47c2ac06520722aaa3e32d99ec6a2352b48b1b8a \xf490f58567fabfc2aee47ffa3a87be29590df3b3 \xc08eaaf1204ea5e7c71e900c67c41068a01476f4 \x07ee3deefffc9e8b94b5603dee0f76dd98db1c26 \x0d15e3c5747c678ad9b6d660d7d6a2dec19f0e76

Reasoning

All those addresses are related to 0x440b4a49248f25a9cf514ad8c1557cbf504ed5c4

Methodology

First 19 addresses was initially filled by 0x440b4a49248f25a9cf514ad8c1557cbf504ed5c4. And all of them made kind of the same transactions in a same date (funding Optimism, Arbitrum and ZKSync - trying to sybil attack them all).

Next 5 wallets was funded by 6 different wallets from a batch of 19 mentioned before. And they have same list of transactions as previous (and made in a same date).

Another 35 are a bit tougher to recognize. I made a strong analysis of transfers from and to those wallets made (based on their transfers to or from 19+5 addresses founded before). Here is a result of this analysis:

Wallet # txs with group accs interacted with # wallets of group
0x4bdc264560136b1c4556fdb4f7a90376169b91d1 110 10
0x982e09ebd5bf6f4f9cce5d0c84514fb96d91c5f9 35 10
0x6b611d278233cb7ca76fd5c08579c3337c01e577 18 8
0x37d27c00ff4d9b7f5dddf877cc14e7f919a6490d 16 5
0x7b17df087859f731a2097fe040a1af3b70df3c95 16 5
0x5fd2c02689d138547b7b1b9e7d9a309d5a03edcd 11 6
0x299c06e5379924884f8d5cc9112e6c338178f884 5 1
0xe3f27deff96fe178e87559f36cbf868b9e75967d 7 3
0x5bef93a613d78b3ff56c2439d3ae58a26b3353c1 3 1
0x6e2fc50bdde3e8b45ab47282986c5c45ffb08b7e 3 1
0xbcbe9b878543b9d4098497c67f1e95bc44a0b34c 9 4
0x55a9c5180dcafc98d99d3f3e4b248e9156b12ac1 63 5
0x85844112d2f9cfe2254188b4ee69edd942fad32d 56 1
0x6f9c8dcf20cd691a1f1944d28b3f63131f67ccb1 3 2
0xd52c1d745c16d52904b32baf4a08b3356a5136a5 4 3
0x2b333ae41632c0266ae275e811bb5eeb3f21fd03 33 4
0x535a8757d22668ad76d3a3e73ba3d5f411174709 13 2
0x46bae1972c869527c8b8fa5b92fb747d7d51fd42 20 3
0x9d1b972e7cee2317e24719de943b2da0b9435454 5 2
0xaed07b5d8e841f792e1de379b53af2fb2132839d 2 1
0x34b5f399cc5a1dd491666c9866941fb8e8d09746 7 4
0x38a48ddf98d3d6af7fd46a692265d72515534525 15 6
0x7492e719607e2b31c878c9bb30a575fc75d0d518 4 4
0x1008e41106813a1cc6b5f9c378e2cf1c47158e7d 2 2
0x18dff00a8b2894ddbd7e0d74a5057fe2e76c250d 5 4
0x036d78c5e87e0aa07bf61815d1effe10c9fd5275 22 10
0x32514465a9e274973436bc58549b581be49b5641 24 6
0x11fab9134c4169377b297bc2c0c82891bbbe3d34 33 4
0x303c36e5c473bf36bf643debeb61c68f780641aa 22 5
0x8096da6ced12b75684054ef16e1bf7e376353c29 8 1
0x47c2ac06520722aaa3e32d99ec6a2352b48b1b8a 4 4
0xf490f58567fabfc2aee47ffa3a87be29590df3b3 14 3
0xc08eaaf1204ea5e7c71e900c67c41068a01476f4 96 3
0x07ee3deefffc9e8b94b5603dee0f76dd98db1c26 84 2
0x0d15e3c5747c678ad9b6d660d7d6a2dec19f0e76 9 2

A complete list of transactions those wallets made between each other is in attachment

Rewards Address

0x72153F1040BDfe6961bB73448f1AF265B2bFDf0b sybil-report-nftaura.csv

shanefontaine commented 2 years ago

@gitnickv

Thank you for the submission. Unfortunately, this submission does not meet one of the criteria for submissions:

Methodology that has a non-negligible chance of eliminating legitimate users will not be considered

There will need to be additional proof submitted in order to consider this a valid group that does not include any legitimate users. Please consider providing more information about the behavior of these addresses, such as identical types of transactions or similar timing of transactions. Please note that another user that submits an issue with a detailed, non-negligible chance of eliminating legitimate users, their submission will be considered before yours.

It looks like only 32 of the addresses you submitted are eligible, and 31 of those exist in the "bit tougher to recognize". Please consider posting some of the following data for all of those addresses, if possible: