Related Addresses

0xf16f92e33b0b75a4d11fe901da6b8e9b948def29
0x1000bed19030e740c991ce91306fce23f140b075
0xfee2f1b80290ad329fdbf8a6c5259874c303fd93
0x1a70f952b5df5cb2e200969d92b9fbaeab2c2e06
0x1c313c5eefc59f729895fe4e7a1146692b572c42
0xba890a008dbf2911ea32d9c135c5867b10418ff7
0x26882c394be31ff5f65a8da37a96c3af6270e36c
0x28cf30a42f816855d4a2f6532be61fffa3b05ca3
0x2938ad270691c0b9d44a41cd217d49feb01eb3ad
0xe3e02123a4126de661af887eee222498c6442ffc
0x2d220b4783a291abb2db3618bc4d94c632e16206
0x6b3958a0d0c9c33056e4ca2f660addd1796bed45
0xd98232665bde9fe25304bc1500c49e6cbe704471
0xecf31cf2974cda9bf496fe26392660159b39a68e

Reasoning

Screen Shot 2022-05-21 at 1 48 30 PM

All 14 addresses belong to the same connected subgraph component. 10 of the 14 addresses form a strongly connected component, which means it's very highly likely they all are controlled by the same Sybil attacker if every address is reachable from every other address (though cycles formed by both to and from transactions).

For the remaining 4 addresses, they are each part of a batch of suspiciously similar Hop transactions on the same date according to the table below: 0x100 on 2021-11-28, 0x6b3 on 2021-11-28, 0x1c3 on 2021-12-25, and 0x28c on 2021-12-25.

Date	# Addresses
2021-12-25	6
2021-11-28	5
2022-01-28	4
2021-12-07	3
2022-02-18	2
2022-01-26	2
2022-01-18	2
2021-12-04	2

2021-12-25: All six addresses sent ~500 USDC or USDT from Polygon to Gnosis Chain within a few hours of each other.

2021-11-18: All five addresses sent either one ~600 USDC transaction or two ~1000 USDC transactions from Gnosis Chain to Polygon within a few hours of each other.

https://explorer.hop.exchange/?account=0x1000bed19030e740c991ce91306fce23f140b075 (2 x 1000 USDC)
https://explorer.hop.exchange/?account=0xba890a008dbf2911ea32d9c135c5867b10418ff7 (2 x 1000 USDC)
https://explorer.hop.exchange/?account=0x2938ad270691c0b9d44a41cd217d49feb01eb3ad (2 x 1000 USDC)
https://explorer.hop.exchange/?account=0x26882c394be31ff5f65a8da37a96c3af6270e36c (1 x 600 USDC)
https://explorer.hop.exchange/?account=0x6b3958a0d0c9c33056e4ca2f660addd1796bed45 (1 x 600 USDC)

Methodology

maxresdefault

I implemented the Union-Find algorithm, which is a famous graph algorithm that gets all of the connected subgraph components in O(1) time. The nodes in the graph are from the most up-to-date list of eligible airdrop addresses. The edges in the graph are from using Covalent's API to find transactions that connect between these addresses.

Finding the timestamps of Hop transactions per address is done using the Hop Explorer and reverse engineering their API so I can automate it. :)

Rewards Address

0x9bb82fbf10cF4959909BAB9bE07805bd1d28D04A

Thank you for your report @rchen8. We have verified that the addresses in this report are Sybil attackers.

The report included 14 eligible addresses as Sybil attackers which means you are eligible for 3081.505635441343423516 HOP! When Hop DAO is live, we will make a proposal for this reward — subject to a 1 year lockup, as mentioned in the original Mirror post.

Please note that the extremely similar behaviors on Hop protocol are what provide enough compelling evidence of the 4 addresses that are not strongly connected to the others. The connection itself would not be considered valid proof.

The qualified addresses are as follows:

0xf16f92e33b0b75a4d11fe901da6b8e9b948def29
0x1000bed19030e740c991ce91306fce23f140b075
0xfee2f1b80290ad329fdbf8a6c5259874c303fd93
0x1a70f952b5df5cb2e200969d92b9fbaeab2c2e06
0x1c313c5eefc59f729895fe4e7a1146692b572c42
0xba890a008dbf2911ea32d9c135c5867b10418ff7
0x26882c394be31ff5f65a8da37a96c3af6270e36c
0x28cf30a42f816855d4a2f6532be61fffa3b05ca3
0x2938ad270691c0b9d44a41cd217d49feb01eb3ad
0xe3e02123a4126de661af887eee222498c6442ffc
0x2d220b4783a291abb2db3618bc4d94c632e16206
0x6b3958a0d0c9c33056e4ca2f660addd1796bed45
0xd98232665bde9fe25304bc1500c49e6cbe704471
0xecf31cf2974cda9bf496fe26392660159b39a68e

hop-protocol / hop-airdrop

Sybil Attacker Report #533

Related Addresses

Reasoning

Methodology

Rewards Address